This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.


70% of Oil and Gas Companies Have Been Hacked - and the Threat is Growing

Judy Marks's picture

Judith F. “Judy” Marks is the CEO of Siemens USA, a global powerhouse focusing on the areas of electrification, automation and digitalization with 50,000 U.S. employees and approximately 60...

  • Member since 2018
  • 1 items added with 3,967 views
  • Feb 21, 2017


A survey from Siemens with the Ponemon Institute shows that most oil and gas companies were hacked last year, writes Judy Marks, CEO of Siemens USA. Data is being compromised and supplies are getting stolen, but most companies are still not taking adequate action. Marks explains how companies may protect themselves.

It’s common practice to think of challenges as opportunities in disguise. But for the oil and gas industry, opportunities are creating challenges.

Look no further than the emergence of digital oil and gas fields. By embracing software and digital solutions, firms can drive efficiency and uptime, improve safety, and reduce costs in a low-price market. That’s the opportunity.

Now, by engaging with the Ponemon Institute to survey more than 300 oil and gas companies, Siemens has learned more about the challenge:

If cybersecurity isn’t fully aligned with a digital strategy, oil and gas companies are extremely vulnerable to hackers trying to steal valuable information and supplies, disrupt operations, or otherwise inflict harm.

Some key findings

  • Most oil and gas companies have been hacked: In the past year, nearly 70 percent of oil and gas organizations have endured security compromises. These breaches have exposed confidential information and disrupted operational technology – or OT – operations.
  • The threat against OT is growing: Two-thirds of respondents said they believe attacks against industrial control systems have increased during the past few years.
  • More must be done to stop the threat: Only a third of respondents thought OT and information technology (IT) networks were fully aligned for cybersecurity. Little more than that – 35 percent – rated their readiness to address cyber threats as high. It is no surprise that nearly half of all OT attacks are not being detected.

What the oil and gas industry can do to protect itself

Siemens’ view is that the first priority for the oil and gas industry should be bulking up its defenses for OT attacks. Deploying state-of-the-art rugged network solutions and hardening assets are both necessary steps forward.

Another important tool is security analytics to detect anomalies in data. I hear this frequently from offshore operators. Digital enterprises, they tell me, are enabling them to collect and interpret operational data in real-time. This is informing smarter business decisions.

What frustrates them, though, is their inability to determine if data is being compromised. They suspect that supplies are getting siphoned off by criminal actors. But they also can’t capture the evidence – and prove it – with their current systems. Security analytics can deliver needed change.

Still, security is only part of the solution. No matter how secure an enterprise is, hackers will still try to break into it. It’s critical to develop comprehensive strategies to stand up operating models to manage risk.

If cybersecurity isn’t fully aligned with a digital strategy, oil and gas companies are extremely vulnerable to hackers

Successfully merging OT with IT is one priority. But so is having a plan for incident response that goes from the field, to the control room, to the enterprise network.

Lastly, every company needs to be focused on protecting their own operations. But there should also be more emphasis on working together to protect an industry.

The industry could benefit from more information sharing. It could benefit, in particular, from having a global playbook tailored to both small and medium-size firms that covers how to protect assets and implement incident response.

At Siemens, we’ve tailored our portfolio and solutions to the oil and gas industry’s commitment to embracing new technology. Cybersecurity is a strong part of our vision for the digital enterprise. And as a company working in 190 countries, we’re eager to share best practices we’ve developed through securing a global footprint.

This new report might be the latest evidence that the oil and gas industry’s cybersecurity challenge is very real. But the good news is that it’s already very solvable too.


No discussions yet. Start a discussion below.

Judy Marks's picture
Thank Judy for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »