Consumer trust in energy companies is low, with high prices leaving many having to choose between heating their homes and eating this winter. Take the U.K. as an example. Just 16 percent of people view the sector positively.
Even with the energy price cap likely falling in July 2023, companies have a long road to winning back consumer opinions. The last thing these companies’ reputations can afford right now is a cyberattack.
Service disruption and data losses carry the potential for severe ramifications (as per the Colonial Pipeline attack, which stopped energy supply for millions). The problem is, there has been a 46 percent increase in attacks on the utilities sector in the past year. This is even before the war in Ukraine is factored in.
Mark Clark, VP Sales EMEA North, at cybersecurity company Onapsis has been looking at these issues in detail.
The reputational risk of cyberattacks
The reputation of the form – the brand – is very important, as Clark finds: “While a successful breach might not be enough to take down an energy company, it’s worth noting that data from the US Securities and Exchange Commission shows that half of small businesses that experience a cyberattack go under within six months.”
Singly out the utilities sector,. Clark observes: “Energy companies might not fall that quickly but in an inflationary environment where people are already frustrated, the damage could be significant. That’s especially true when you factor in that consumers increasingly have other options available to them. The first few months of 2023 provided a powerful example of this, with the number of U.K. homes buying and installing solar panels reaching seven-year highs.”
Further on this topic, Clark uncovers: “Trust and reputation also impact the customer’s choice to stay with a particular provider. In an industry with constant competition, where brand reputation is vital, declining trust means increasing numbers of customers are moving to alternative energy providers, and competition is fierce.”
In this context, the last thing energy providers can afford is for customers to be questioning whether or not they can trust suppliers with their data, and what could lurk in their digital environments. In short, they cannot afford the ramifications of a cyber-attack. Should the attack result in a power outage, particularly a long one, then trust levels will only fall further, to the point where they really could bring down a company.
Building up the right levels of protection
Turning his attention to the state, Clark assesses: “It is vital, therefore, that utility companies adopt a proactive approach to cybersecurity, protecting the entire value chain. But how should they go about doing so?”
There are various pastoral attempts at wellbeing that a firm can develop, as Clark points out: “In addition to bolstering their own cybersecurity teams and focusing on things like employee education initiatives, energy companies need to ensure that they partner with the right security providers.”
Clark considers the roe of the IT firm: “Ideally, they should look for a provider that is not only capable of detecting and shutting down threats but which can actively identify them and alert their customers before they become a problem. Additionally, a good cybersecurity provider will have a strong track record of protecting business-critical applications in the energy sector.”
In terms of mobbing forwards, Clark recommends: “Finally, with cyberattacks now a matter of “when, not if”, it’s important for energy companies to find a cybersecurity provider that can help them put proactive breach response plans in place. Such a response will include everything from communicating with customers and deploying backups to the rapid rollout of prioritised patches to vulnerabilities. Get the response plan right and a company gives itself the opportunity to not only regain consumer trust but even strengthen the relationship.”