[BreachExchange] UK businesses concerned about cyber-risks linked to smart energy tech

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 8 19:09:58 EDT 2017


The latest PwC B2B Energy Survey found that 65 percent of UK businesses are
significantly concerned about the issue of cyber-risks and over half (51
percent) are worried that their client data isn't handled with enough
security by their energy supplier.

The research included responses from more than 500 UK businesses.

If their energy supplier fell victim to a cyber-breach, 57 percent of
businesses and almost 70 percent of industrials would switch their supplier.

“Against a backdrop of technology innovation, privacy regulation, and the
growing adoption of the Internet of Things, it's perhaps not surprising
that UK businesses are concerned about cyber-threats,” said Steve Jennings,
power and utilities leader at PwC.

“With cyber-criminals able to turn off the supply tap as well as monetise
data from energy firms' customers and employee digital records, the risk is
clear and cannot be ignored.”

Cyber-security and data privacy are increasingly becoming more recognised
as risks to systems. Additionally, the growth of smart, connected
propositions exposes new systems and controls to threats from external

There are a number of steps that smart energy suppliers can take to ensure
they are operating at a high level of cyber-security maturity and give
their customers the reassurance that their data and security supply is

Many suppliers are now combining data from smart meters and connected home
devices into a single data warehouse. While encryption is key to protecting
this data, suppliers continue to rely heavily on security mechanisms
provided by third parties, which bring uncertainty on the effectiveness of
these mechanisms. Suppliers should consider only partnering with trusted
third parties and allowing only a small number of these smart devices to
connect to their ecosystem says the report.

Other strategies suggested by PwC include:

Reviewing incident response capabilities and how data breaches are managed.

For cloud services, seek third-party assurance over the service provider to
ensure they effectively manage the risks to customer data.

Prioritise strategies for customer privacy by design and communicate how
they are managing customer data to the general public.

Push for a form of industry standard product assurance, which would allow
suppliers to label their devices as “approved” and reduce their exposure to
being left at fault if the customer adds “unapproved” devices to their

“With around a third of industrials and over a fifth of commercial
organisations planning to spend more than £1 million on smart energy
technology, the need for utilities – and smart technology suppliers in
general – to get their cyber-house in order is vital,” said Niko
Kalfigkopoulos, PwC cyber specialist. “Those organisations that react now
with effective and transparent strategies will be the winners in the long

“This will not only help them in defending their own internal systems, it
will also help improve the security of their connected home and smart
technology offerings.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170508/dbea4d34/attachment.html>

More information about the BreachExchange mailing list