Francesca Gregory joined GlobalData as an associate analyst in the Thematic Intelligence team in September 2021, before specialising as an energy transition analyst in February 2023. Francesca studied geography at the University of Oxford and has an interest in renewable energy, carbon capture and storage (CCS), and the applications of technology to the energy sector.  

 Lara Virrey: What are the biggest cybersecurity challenges facing oil & gas companies today?  

Francesca Gregory: In recent years, the term ‘digital oilfield’ has come to the fore in the industry. The term is a broad concept that encapsulates how applying digital technologies within oil and gas processes and workflows can maximise productivity, reduce costs, and minimise risks.  

Technologies such as AI, blockchain, cloud computing, IoT, robotics, VR, and AR can offer tangible benefits to oil and gas companies. As a result, companies have heavily invested in these technologies in recent years to streamline their operations and gain an edge over their competitors. However, integrating these technologies into oil and gas operations also comes with significant risks.   

The digitalisation wave in the oil and gas industry is creating new access points in industrial networks for hackers to exploit.  

As technology develops, from mobile to the cloud to IoT, the level of complexity needed for organisations to maintain a cyber-aware stance also increases. In addition, the oil and gas industry will become increasingly vulnerable as it adopts wearable technology, integrating additional devices into its operations.  

Lara Virrey: How can oil & gas companies best defend themselves against cyber threats?  

Francesca Gregory: In its March 2022 Cybersecurity Skills Gap report, Fortinet revealed that 80% of organisations suffered one or more breaches that could be attributed to a lack of cybersecurity skills and/or awareness. The study illustrates how humans remain the weakest link in the cybersecurity chain. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Offshore Technology.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The oil and gas industry is no exception regarding the cybersecurity skills shortage. The industry already suffers from an aging workforce, and cybersecurity skills in particular are in short supply. As digitalisation continues, strong cybersecurity hiring activity and the further roll out of mandatory cybersecurity best practice training can be expected as the industry tries to better protect itself from cyber threats.   

Cybersecurity will also become increasingly integral to oil and gas companies’ digital strategy. Major operators within the sector will continue to seek cloud partnerships with third party tech players, such as Microsoft and Amazon, to protect their digital assets.  

Lara Virrey: How has the nature of cybersecurity threats to the oil & gas industry changed in the past two to three years?  

Francesca Gregory: The Covid-19 pandemic changed the operating environment of oil and gas companies and catalysed internal change within the industry. More generally, the pandemic saw an increase in cyberattacks as attackers exploited the unprecedented nature of the situation to target cyber-naïve, remote-working employees. In this new landscape, no industry is safe, and the relationship between oil and gas assets and national energy security makes the sector especially vulnerable.  

In addition, to stay competitive amid the pandemic’s disruption to oil product demand, companies operating in the sector invested in technologies that would streamline production and cut costs. As a result, the wider industry experienced a rapid acceleration in its digitalisation. 

In particular, there was an uptick in demand for technologies that facilitated remote collaboration between field technicians and equipment experts, circumventing travel restrictions. However, this rapid digitalisation significantly increased the attack surface for hackers, and the industry is still playing catch up on the threat posed. At the same time, the cyberattack risk remains high, and the need for robust cybersecurity is now acute.  

Lara Virrey: Is the pace of innovation in security technologies keeping up with evolving threats?  

Francesca Gregory: To put it bluntly, no it’s not keeping up, and there is a risk that emerging technologies such as generative AI will increase the risk to all sectors, including oil and gas. That’s because generative AI tools have the potential to change the way cyber threats are developed and executed. They can generate human-like text and speech, and models can be used to automate the creation of phishing emails, social engineering attacks, and other types of malicious content.  

Sometimes the way a phishing message is phrased raises alarm bells because of the grammar, or something just doesn’t look right. But a generative AI model trained on a large dataset of phishing emails could be used to automatically generate new, highly convincing phishing emails that are more difficult to detect. The potential for increasingly convincing phishing emails leaves sectors with workforces that have low cybersecurity awareness highly exposed.  

Lara Virrey: Are oil & gas companies doing enough to protect themselves against cyber threats?  

Francesca Gregory: The Colonial Pipeline attack in May 2021 was a wake-up call that highlighted the vulnerability of the oil and gas industry to cyber threats. As a result, cybersecurity revenues within the energy sector are expected to strongly increase, reaching $9.3bn by 2026 after experiencing a CAGR of 13.9% between 2021 and 2026.  

However, although cybersecurity spending is increasing and this technology is becoming a central tenet to companies’ digital strategies, the absence of a chief information security officer (CISO) on the board of 80% of the top ten most valuable oil and gas companies suggests that cybersecurity is still not being taken seriously enough.