Amid rising threats, including a recent attack on several U.S. power and natural gas suppliers, energy companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least a third less than financial institutions, according to Precision Analytics LLC and The CAP Group LLC, security consultants that work within the industry.
Meanwhile, Symantec Corp. says it’s tracking at least 140 groups of hackers actively targeting the energy industry, up from 87 in 2015. And Symantec is just one of several security firms working with the industry.
“It’s scary," said Brian Walker, a former head of Marathon Oil Corp.’s global IT and now an independent consultant. Executives making funding decisions “aren’t necessarily millennials who intuitively understand” how cyberthreats reach seemingly disconnected units, he said.
“It’s guys my age that are the problem," according to Walker, who said he’s in his early 50s. “We’ve been 30-years trained in a world that doesn’t work this way anymore.”
Last month, at least seven pipeline operators from Energy Transfer Partners LP to TransCanada Corp. said their third-party electronic communications systems were shut down, with five confirming the service disruptions were caused by hacking.
