The study conducted by the Ponemon Institute and sponsored by Siemens, polled opinion of 377 executives in the US who are responsible for securing or overseeing cyber risk in the operational technology (OT) environment-including upstream, midstream and downstream applications.
The study, titled as the Ponemon Institute – The State of Cybersecurity in the Oil & Gas Industry: United States saw only 35% of 377 respondents rating the cyber readiness of their company’s operational technology (OT) to be high.
Ponemon Institute chairman and founder Dr. Larry Ponemon said: “Cyber attacks in the oil and gas industry can have potentially devastating consequences for the economy and national security.
“We hope the findings of this research create a sense of urgency to make the appropriate investments in people, process and technologies to improve the industry's cyber readiness.”
Ponemon’s study focused on how the oil and gas firms were handling cyber security risks.
The survey found that 59% of cybersecurity risk managers believed that the operational technology faced a bigger threat than IT.
About 61% of those polled said that they faced difficulty in addressing cyber security risks across the oil and gas value chain while about 41% claimed that they continually monitor OT infrastructure. ;
Among those who were surveyed, 65% said that the negligent or careless insider is the top threat while 15% believed that the malicious or criminal insiders are the threats.
About 61% said that their organization’s industrial control systems protection and security is inadequate.
Siemens USA CEO Judy Marks said: “The fact that nearly 70 percent of oil and gas companies were hacked in the past year must serve as a call to action.
“As oil and gas producers use digitalization to become safer and more efficient, there is a clear need to bulk up defenses for operational technology, which is even more vulnerable to attacks than the IT environment.
Most of the participants in the Ponemon survey also indicated that their firms were either in the early or middle stage of maturity in terms of their cyber readiness.