The future of the oil and gas industry will be shaped by a range of disruptive themes, with cybersecurity being one of the themes that will have a significant impact on oil and gas companies. A detailed analysis of the theme, insights into the leading companies, and their thematic and valuation scorecards are included in GlobalData’s thematic research report,Cybersecurity in Oil and Gas – Thematic Research. Buy the report here.
The oil and gas industry is increasingly adopting cybersecurity as it struggles to cope with cyber threats. Cyber threats have always presented a risk to oil and gas companies. The Colonial Pipeline attack in May 2021 was a wake-up call that highlighted the vulnerability of the oil and gas industry to cyber threats. Several factors, such as COVID-19 and the industry’s digitalisation, have heightened the sector’s vulnerability. For example, the former caused a rapid increase in cyberattacks as cybercriminals exploited the disruption caused by widespread lockdowns.
As critical national infrastructure, oil and gas companies are key targets for cybercriminals. Cyberattacks on oil and gas companies promise maximum disruption and extortion opportunities. As a result, leading oil and gas companies are fortifying their cybersecurity posture by investing heavily in this theme. Robust cybersecurity is no longer just a case of best practice but is critical to the safe and reliable operation of companies within the oil and gas industry. Companies that maintain cybersecurity as a central tenet of their digital strategy stand to gain the most—however, companies failing to sufficiently invest in cybersecurity face financial and reputational harm.
However, not all companies are equal when it comes to their capabilities and investments in the key themes that matter most to their industry. Understanding how companies are positioned and ranked in the most important themes can be a key leading indicator of their future earnings potential and relative competitive position.
Equinor is a Norwegian multinational energy company that has deployed cybersecurity across its oil and gas supply chain. Equinor maintains cybersecurity defences and complies with ISO 27002. Despite an increase in ransomware during the pandemic, the company has succeeded in preventing any major breaches.
The company has its own computer security incident response team and dedicated cybersecurity teams within its organisation. Equinor invested heavily in increasing its cybersecurity posture in 2019, spending $554m on safety and automation deals. This suggests the company is maintaining a firm focus on cybersecurity as it undergoes digitalisation.
OMV has made a substantial effort to improve its cybersecurity to protect its assets, information, and reputation. The company’s IT and OT directive is compliant with ISO 27000 recommendations. OMV also continuously monitors threats through vulnerability scans of its assets, implements multifactor authentication across its organisation, and runs internal and external penetration tests across its critical applications and systems. OMV has also worked to increase the cybersecurity awareness of its workforce. Through a consulting project with Capgemini, the company increased the cybersecurity awareness of 27,000 employees. Cybersecurity is also a key facet of the company’s sustainability framework and is reported annually.
ExxonMobil has agreed to a collaboration deal with Microsoft for data management in the Permian Basin and also adopted strict workplace protocols to prevent cyberattacks and data privacy issues. For example, the company does not allow the use of USB drives and personal email accounts on company systems to avoid unintended data security breaches. It also periodically organises awareness programmes for its employees and contractors to keep them updated on the latest digital threats.
To further understand the key themes and technologies disrupting the oil and gas industry, access GlobalData’s latest thematic research report on Cybersecurity in Oil and Gas.
- Reliance Industries
- Qatar Petroleum
- Kuwait Petroleum
- Saudi Aramco
Frequently asked questions
1. Why are Oil & Gas companies investing in cybersecurity?
Oil & Gas companies are investing in cybersecurity to protect themselves from cyber threats and attacks. As critical national infrastructure, they are key targets for cyber criminals, and cyberattacks on these companies promise maximum disruption and extortion opportunities. Robust cybersecurity is critical to the safe and reliable operation of companies within the Oil & Gas industry, and increasing digitalization brings risks as well as rewards.
2. How do cyberattacks impact the Oil & Gas industry?
Cyberattacks on Oil & Gas companies can cause significant financial and reputational harm, disrupt operations, and compromise safety. They can also lead to the loss of sensitive data, intellectual property, and trade secrets. As a result, leading Oil & Gas companies are fortifying their cybersecurity posture by investing heavily in this theme.
3. Which Oil & Gas companies are leaders in cybersecurity adoption?
OMV, ExxonMobil, and Equinor are leaders in cybersecurity adoption within the Oil & Gas industry.
4. Who are the leading vendors of cybersecurity to the Oil & Gas industry?
Siemens Energy, RigNet, Fortinet, Forescout, Mission Secure, Sectrio, Kognitiv Spark, XONA, Darktrace, and EY are some of the leading vendors of cybersecurity to the Oil & Gas industry.
5. How does increased investment in cybersecurity benefit Oil & Gas companies?
Increased investment in cybersecurity benefits Oil & Gas companies by protecting them from cyber threats and attacks, ensuring the safe and reliable operation of their businesses, and safeguarding their reputation and financial stability. It also helps them comply with regulatory requirements and gain a competitive edge in the market.
6. What are the challenges with adoption of cybersecurity in Oil & Gas?
The challenges with adoption of cybersecurity in Oil & Gas include a shortage of cybersecurity skills and awareness, the complexity of supply chains, the prevalence of aging infrastructure, and the need to integrate new technologies securely.
7. What is the projected market size of cybersecurity in Oil & Gas?
The ever-increasing threat of cyberattacks will drive an increase in cybersecurity spending. The energy industry will be an important driver of increasing cybersecurity revenues globally. GlobalData forecasts that cybersecurity revenues in energy will have grown at a CAGR of 9.1% between 2020 and 2025. The energy industry currently contributes just over 5% to global cybersecurity revenues, which will remain largely the same until 2025, when the energy industry is forecast to be the sixth-largest contributor to overall cybersecurity revenues.
8. Who are the leading specialist cybersecurity vendors in Oil & Gas?
Siemens Energy, RigNet, Fortinet, Forescout, Mission Secure, Sectrio, Kognitiv Spark, XONA, Darktrace, and EY are some of the leading specialist cybersecurity vendors in Oil & Gas.
9. What are the components of the cybersecurity value chain?
The cybersecurity value chain for Oil & Gas is broken down into tech vendors within cybersecurity more broadly, tech vendors specializing in Oil & Gas, and the industry's leading adopters of cybersecurity. The key players in each layer of the cybersecurity value chain include leading cybersecurity technology vendors offering products and services across a range of industries, technology vendors offering specialized solutions to Oil & Gas, and leading adopters of cybersecurity in the Oil & Gas industry.