Understanding the cyber risks in oil & gas

By James Bright, Snr Underwriter, Brit Insurance
One side effect of the global spread of COVID-19, has been the rapid rise in the number of cyber-attacks on all industries - up 33% from 2019. Cybercri...

One side effect of the global spread of COVID-19, has been the rapid rise in the number of cyber-attacks on all industries - up 33% from 2019.

Cybercriminals - and hackers known as ‘bad actors’ - seek to exploit vulnerabilities in the IT infrastructure and security of companies. In addition to the COVID-19 upheaval, these opportunists are seeing that the oil and gas sector is also currently distracted by the crash in oil prices. This perfect storm of threats to the industry means that many management teams focussed on crisis management in other areas of their business.

Of more concern, is that many companies in the sector simply don’t have the ability to provide an effective response to a cyber crisis at the current time. With many countries still in lockdown, executing cyber-attack response plans and establishing crisis teams to work on the ground to restore critical systems and services is still not currently possible.

The industry has never been more dependent on technology to gain efficiencies and automate processes and systems. Hacks to oil and gas control systems can result in unauthorised amendments to software and therefore the processes they are controlling, with potentially devastating consequences.

The most common modes of cyber-attack facing oil and gas companies are via malware, ransomware and phishing. These attacks are often performed with social engineering campaigns leveraging malicious emails that force victims to install malware that steals financial data, personal information and can act as a back door into the systems of a company.

Unfortunately, complacency has set in. The highest-profile cyber incidents have largely involved the loss of consumer data, from financial services, retail or healthcare companies. This misleads many oil and gas companies into believing that cyber-attacks are only a threat to businesses which process or store large volumes of sensitive data. However, several significant hacks in recent years have demonstrated that the energy and petroleum sectors are among the most vulnerable – and that much more tangible assets than just data are at stake. 


Oil and gas systems and facilities have not been designed with digital security as a priority, but instead for efficiency, longevity and durability. Testing has shown that bad actors could be capable of causing physical damage remotely, ranging from power outages to major fires and destructive attacks on critical assets. This type of attack by bad actors could also extend to disabling national electricity grids, starting electrical fires, disabling safeguards and warning systems, causing explosions and loss of life on oil rigs. Such events could result in a whole range of losses, including capital asset damage, long-lasting business interruption and loss of earnings. In the cases of energy and critical national infrastructure, this risk could enter the realm of cyber terrorism and state-sponsored attacks.

While there have been some public reports of the impact that a cyber-attack can have on the physical processes in a plant or offshore rig, awareness is still limited – meaning many businesses still have exposures not adequately dealt with by their insurance policies. It is crucial, therefore, that management teams of these businesses engage with the insurance industry to better understand the risk they face – and that their policies provide cover for.  Many insurers provide companies with additional ‘value-add’ services to the industry including extensive risk management training tools and access to global cyber experts, including IT and forensic specialists, lawyers and crisis PR.

This article was contributed by James Bright, Senior Underwriter at Brit Insurance

For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.

Follow us on LinkedIn and Twitter.



Featured Articles

What's Apple’s Promise on Clean Energy and Water Investment?

Tech giant Apple is working to increase its sustainable output, supporting more than 18GW of clean energy use & billions of gallons in water savings

Data Centre Demand Putting Pressure on Energy Capabilities

Utilities in the US are predicting a tidal wave of demand for data centres thanks to the boom of AI, which, in turn, will dial up the need for electricity

Q&A with Hitachi Energy’s EVP & Head of North America

Anthony Allard, who heads up Hitachi Energy as Executive Vice President and Head of North America, shares why the grid is holding us back from clean energy

OMV Takes Strides in Energy Efficiency & Emissions Reduction


Q&A with RAIN Alliance President and CEO Aileen Ryan

Technology & AI

Who is Greg Joiner, the new Head of Shell Energy?

Oil & Gas