The rapid digitalisation of the oil and gas industry has made the industry increasingly vulnerable to cyberattacks, says GlobalData.

The leading data and analytics company notes that companies must now fortify their cybersecurity posture in line with their digitalisation strategy or risk financial and reputational harm.

GlobalData’s latest report, ‘Cybersecurity in Oil and Gas – Thematic Research’ reveals that the Colonial Pipeline attack in May 2021, which hammered home the sector’s vulnerability to cyber threats, spurred an increase in cybersecurity spending. Consequently, GlobalData estimates cybersecurity revenues for the energy industry will reach $10 billion by 2025.

Francesca Gregory, Thematic Analyst at GlobalData, said: “Demand for oil products fell 14% in Q2 2020, causing prices to plummet. To stay competitive in the face of mounting financial pressure, oil and gas companies invested heavily in digital technologies to streamline operations and cut costs, which is evidenced by an analysis of patent trends.”

Oil and gas companies increased total patent publications across artificial intelligence (AI), blockchain, cloud computing, the Internet of Things (IoT), robotics, and virtual and augmented reality by 46% between October 2019 and April 2021, according to GlobalData.

Gregory continued: “Oil and gas companies are realizing the benefits of integrating technologies into workflows, with the pandemic undoubtedly playing an instrumental role in boosting the momentum of the industry’s digitalization. However, the wider industry is largely underprepared to handle its risks. The digitalization wave creates new access points in industrial networks for hackers to exploit. As technology develops, from mobile apps to the cloud to IoT, the level of complexity needed for organizations to maintain a cyber-aware stance will rise.”

Despite the increase in cybersecurity spending, the industry is still not taking cybersecurity seriously enough. GlobalData’s recent report found that only 20% of the largest oil and gas companies by market cap had a chief information security officer (CISO) on the board. This suggests that, while companies have made room for cybersecurity in their budgets, cybersecurity is absent from companies’ central strategy.

Gregory added: “The industry’s current situation is precarious in the midst of the industry’s rapid digitalization, rising cyber risk, and the promise of maximum disruption and extortion from oil and gas companies.”