Establishing a framework for threat modeling and critical asset identification are key prerequisites prior to deploying more advanced cybersecurity risk quantification tools.
Frequency of board engagement is another important consideration. In a recent EY roundtable with CISOs of the largest European power and utilities companies, views ranged widely, from once a month to once a year. Clearly there is no right answer here; this depends on the culture of the organization and the maturity of the cybersecurity function. What is important though, is not just to report backwards-looking data and metrics (e.g. on incidents and performance) but focus more on the future and the role of cybersecurity in supporting the business strategy. With customer trust intrinsic to the strength of the brand the link between cybersecurity and business value is now easier to articulate than ever before.
Increase sector-wide collaboration
Another key theme that strongly came out during the recent EY power and utilities CISO roundtable was the consensus from all participants on the need to increase collaboration between sector peers.
In the race to protect the energy supply chain and upskill a cybersecurity workforce to stay ahead of cyber criminals, CISOs should re-think the value of wider sector engagement.
Organizations face similar cybersecurity challenges so there is much to gain and little to lose by sharing cybersecurity approaches. Collaboration provides CISOs with greater awareness of the threat landscape and shared strategies can tighten the protective layers around an increasingly interconnected and borderless energy value chain.
In a nutshell
The power and utilities sector is transforming faster than ever right now. Consumers expect more control over their energy usage and access to data at their fingertips. As new entrants with innovative platforms and technology DNA are disrupting the traditional market, agility and speed-to-market are replacing existing release cycles, for new-energy products and services.
With the dawn of a new-energy system, there is a great opportunity for the CISO to become the agent of transformation.
This can be achieved by upskilling the cybersecurity function in competencies that are directly aligned to the digital initiatives of the business, engaging meaningfully with the board using future-looking reporting and increasing collaboration among industry peers.