Cybersecurity has never been more critical to oil and gas

May 2022 marked the one-year anniversary of the Colonial Pipeline attack. The event in 2021 was nothing short of a wake-up call for the oil and gas industry, which has in recent years embraced the benefits of digital technologies while being relatively naïve about its associated risks. However, a year later and oil and gas companies remain highly vulnerable to cyber-threats as digitalisation continues to take place at breakneck speed.

The pandemic played an instrumental role in bolstering the momentum of the oil and gas industry’s digitalisation. GlobalData’s supply and demand database reveals that in Q2 2020, demand for oil products fell 14% compared to pre-pandemic levels. This drop in demand caused prices to plummet, putting oil and gas companies under financial pressure.

Increasing digitalisation brings risks as well as rewards

To stay competitive amid the pandemic’s disruption to oil product demand, companies operating in the sector invested in technologies that would streamline production and cut costs. As a result, the wider industry experienced a rapid acceleration in its digitalisation. This is evidenced by GlobalData’s Patent Analytics database. Total patent publications by oil and gas companies across artificial intelligence (AI), blockchain, Cloud computing, Internet of Things (IoT), robotics, virtual reality (VR) and augmented reality (AR) increased by 46% between October 2019 and April 2021, indicating a significant phase shift within the industry.

However, integrating these technologies into oil and gas operations also comes with significant risks. The digitalisation wave in the oil and gas industry is creating new access points in industrial networks for hackers to exploit. As technology develops – from mobile to the Cloud to IoT – the level of complexity needed for organisations to maintain a cyber-aware stance rises rapidly. In addition, as critical national infrastructure, oil and gas companies are key targets for cybercriminals, offering opportunities for both maximum disruption and extortion. For example, in July 2021, a data breach saw hackers demand $50m from the world’s most valuable oil company, Saudi Aramco

In response to these threats, leading oil and gas companies are seeking to fortify their cybersecurity position by investing heavily. As a result, GlobalData predicts cybersecurity spending within energy will reach almost $10bn by 2025. It is clear that robust cybersecurity is no longer just a case of best practice but is instead critical to the safe and reliable operation of companies within the oil and gas industry.

A geopolitically motivated cyberattack is just a matter of time

The increasingly complex geopolitical situation is likely to make this challenge that much more insurmountable. As it currently stands, the majority of oil and gas companies are woefully unprepared for the increased cybersecurity risk brought about by digitalisation within an increasingly unstable world.

The fear surrounding a geopolitically motivated cyberattack is palpable. On March 21, 2022, President Biden said intelligence indicated that Russia was exploring a cyberattack against the US. He urged critical infrastructure owners and operators to ‘accelerate efforts to lock their digital doors’. The capacity for severe disruption, combined with the convergence of operational technology (OT) and IT and inadequately protected oil and gas infrastructure, will be a lethal combination.

Ultimately, although the current climate is dominated by uncertainty, one thing remains clear: companies that fail to weather this perfect cybersecurity storm will suffer severe financial and reputational harm.