The latest PwC B2B Energy Survey found that 65 percent of UK businesses are significantly concerned about the issue of cyber-risks and over half (51 percent) are worried that their client data isn't handled with enough security by their energy supplier.
The research included responses from more than 500 UK businesses.
If their energy supplier fell victim to a cyber-breach, 57 percent of businesses and almost 70 percent of industrials would switch their supplier.
“Against a backdrop of technology innovation, privacy regulation, and the growing adoption of the Internet of Things, it's perhaps not surprising that UK businesses are concerned about cyber-threats,” said Steve Jennings, power and utilities leader at PwC.
“With cyber-criminals able to turn off the supply tap as well as monetise data from energy firms' customers and employee digital records, the risk is clear and cannot be ignored.”
Cyber-security and data privacy are increasingly becoming more recognised as risks to systems. Additionally, the growth of smart, connected propositions exposes new systems and controls to threats from external attackers.
There are a number of steps that smart energy suppliers can take to ensure they are operating at a high level of cyber-security maturity and give their customers the reassurance that their data and security supply is protected.
Many suppliers are now combining data from smart meters and connected home devices into a single data warehouse. While encryption is key to protecting this data, suppliers continue to rely heavily on security mechanisms provided by third parties, which bring uncertainty on the effectiveness of these mechanisms. Suppliers should consider only partnering with trusted third parties and allowing only a small number of these smart devices to connect to their ecosystem says the report.
Other strategies suggested by PwC include:
Reviewing incident response capabilities and how data breaches are managed.
For cloud services, seek third-party assurance over the service provider to ensure they effectively manage the risks to customer data.
Prioritise strategies for customer privacy by design and communicate how they are managing customer data to the general public.
Push for a form of industry standard product assurance, which would allow suppliers to label their devices as “approved” and reduce their exposure to being left at fault if the customer adds “unapproved” devices to their network.
“With around a third of industrials and over a fifth of commercial organisations planning to spend more than £1 million on smart energy technology, the need for utilities – and smart technology suppliers in general – to get their cyber-house in order is vital,” said Niko Kalfigkopoulos, PwC cyber specialist. “Those organisations that react now with effective and transparent strategies will be the winners in the long run.
“This will not only help them in defending their own internal systems, it will also help improve the security of their connected home and smart technology offerings.”