Mideast oil and gas sector needs readiness boost as industrial cyber risk intensifies, study reveals 

The threat of an industrial cyber risk on energy companies is rising, the risk of a breach coming from circumstances outside of their control is growing and their own security measures require a boost. These are a few initial findings from a survey of oil and gas executives in the Middle East, conducted by Siemens and Ponemon Institute. Siemens will release the full study next February. This second collaboration between Siemens and the Ponemon Institute consisted of a survey of Middle East field personnel and executives responsible for securing or overseeing cyber risk.

A significant theme from the research is the view that cyber risk has become greater in companies’ operational technology (OT) than in their informational technology (IT) environment. In fact, industry research confirms that OT has become a growing target, now comprising 30 percent of all cyber attacks. In the Middle East region alone, 50 percent of all cyber attacks are directed against the oil and gas industry. These attacks have a major impact on productivity, uptime, efficiency and safety. 

Sixty percent of all cyber breaches in the region stem from malicious actors rather than human error, the study also reveals. Many of these are increasingly sophisticated state-sponsored cyber attacks that create an especially heightened risk profile. Another takeaway from the study showed that 19 percent of the region’s oil and gas companies rated themselves as relatively slow in implementing adequate cyber security measures, compared with 13 percent in the rest of the world. Similarly, only 17 percent saw themselves as leaders, compared to 22 percent among global counterparts. 

“Today’s accelerating digitalization, the convergence of IT and OT, more frequent and sophisticated cyber attacks, and an energy sector in the crosshairs, led Siemens and the Ponemon Institute to delve into the cyber readiness of the oil and gas industry,” said Leo Simonovich, Vice President and Global Head, Industrial Cyber at Siemens. 

“Attackers have identified this convergence of IT and OT as a key opportunity to penetrate an organization. As a result, an emerging trend of cyber attacks is designed to disrupt physical devices or processes used in operations. In a digital environment, industrial cyber is the new risk frontier.”

The Middle East-focused study is a follow-up to a similar report conducted by Ponemon Institute earlier this year, examining the U.S. oil and gas industry. That report revealed that nearly 70 per cent of U.S. oil and gas cyber managers said their operations had experienced at least one security compromise within the past year, resulting in the loss of confidential information and OT disruption.

Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for more than 165 years. The company is active in more than 200 countries, focusing on the areas of electrification, automation and digitalization. One of the world’s largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. The company is also a leading provider of medical imaging equipment – such as computed tomography and magnetic resonance imaging systems – and a leader in laboratory diagnostics as well as clinical IT. In fiscal 2016, which ended on September 30, 2016, Siemens generated revenue of €79.6 billion and net income of €5.6 billion. At the end of September 2016, the company had around 351,000 employees worldwide.

Further information is available on the Internet at www.siemens.com.