Understanding the cyber risks in oil & gas

By James Bright, Snr Underwriter, Brit Insurance
One side effect of the global spread of COVID-19, has been the rapid rise in the number of cyber-attacks on all industries - up 33% from 2019. Cybercri...

One side effect of the global spread of COVID-19, has been the rapid rise in the number of cyber-attacks on all industries - up 33% from 2019.

Cybercriminals - and hackers known as ‘bad actors’ - seek to exploit vulnerabilities in the IT infrastructure and security of companies. In addition to the COVID-19 upheaval, these opportunists are seeing that the oil and gas sector is also currently distracted by the crash in oil prices. This perfect storm of threats to the industry means that many management teams focussed on crisis management in other areas of their business.

Of more concern, is that many companies in the sector simply don’t have the ability to provide an effective response to a cyber crisis at the current time. With many countries still in lockdown, executing cyber-attack response plans and establishing crisis teams to work on the ground to restore critical systems and services is still not currently possible.

The industry has never been more dependent on technology to gain efficiencies and automate processes and systems. Hacks to oil and gas control systems can result in unauthorised amendments to software and therefore the processes they are controlling, with potentially devastating consequences.

The most common modes of cyber-attack facing oil and gas companies are via malware, ransomware and phishing. These attacks are often performed with social engineering campaigns leveraging malicious emails that force victims to install malware that steals financial data, personal information and can act as a back door into the systems of a company.

Unfortunately, complacency has set in. The highest-profile cyber incidents have largely involved the loss of consumer data, from financial services, retail or healthcare companies. This misleads many oil and gas companies into believing that cyber-attacks are only a threat to businesses which process or store large volumes of sensitive data. However, several significant hacks in recent years have demonstrated that the energy and petroleum sectors are among the most vulnerable – and that much more tangible assets than just data are at stake. 


Oil and gas systems and facilities have not been designed with digital security as a priority, but instead for efficiency, longevity and durability. Testing has shown that bad actors could be capable of causing physical damage remotely, ranging from power outages to major fires and destructive attacks on critical assets. This type of attack by bad actors could also extend to disabling national electricity grids, starting electrical fires, disabling safeguards and warning systems, causing explosions and loss of life on oil rigs. Such events could result in a whole range of losses, including capital asset damage, long-lasting business interruption and loss of earnings. In the cases of energy and critical national infrastructure, this risk could enter the realm of cyber terrorism and state-sponsored attacks.

While there have been some public reports of the impact that a cyber-attack can have on the physical processes in a plant or offshore rig, awareness is still limited – meaning many businesses still have exposures not adequately dealt with by their insurance policies. It is crucial, therefore, that management teams of these businesses engage with the insurance industry to better understand the risk they face – and that their policies provide cover for.  Many insurers provide companies with additional ‘value-add’ services to the industry including extensive risk management training tools and access to global cyber experts, including IT and forensic specialists, lawyers and crisis PR.

This article was contributed by James Bright, Senior Underwriter at Brit Insurance

For more information on energy digital topics - please take a look at the latest edition of Energy Digital Magazine.

Follow us on LinkedIn and Twitter.



Featured Articles

Gas-led recession a 'near certainty' in Europe

Centre for Economics and Business Research estimates the risk of a recession in Europe this winter at approximately 40%

ABB scoops global energy automation technology award

ABB excels in innovating subsea systems and electrification services and providing underwater control solutions according to Frost & Sullivan

INEOS Köln awarded €770,000 for green hydrogen study

State funding will support feasibility study for the construction of 100MW water electrolysis plant for green hydrogen at the INEOS site in Köln

UK receives £2.7bn upfront funding to boost grid capacity


Poland and Germany best placed for gas-to-coal switch

Oil & Gas

Leclanché fire retardant additive cuts battery fire risk

Renewable Energy