This spotlight delivers an overview of the latest cyber risks impacting the sector, including recent incidents and emerging exposures. We also highlight our specialised insurance solutions designed to address the unique cyber vulnerabilities faced by power and utilities, renewables, sustainable fuels, oil and gas and mining companies. Use our insights to enhance your organisation’s cyber risk management approach.
What cyber incidents have we seen from the natural resources industry?
The increased frequency of these incidents reflects the heightened cyber risk landscape in the natural resources sector. Understanding the scope and ramifications of such incidents will inform your organisation’s ability to effectively develop risk management and transfer strategies.
On July 19, cyber security company CrowdStrike released a flawed software update to Falcon Sensor, their vulnerability scanner that detects system intrusions and hacking attempts. The update disrupted 8.5 million computers worldwide that used the Windows operating system. The U.S. Department of Energy, utility regulators in Texas and Ohio, and a number of utilities were among those impacted. The Public Utilities Commission of Texas posted on social media that its website was adversely affected by the outage and the Public Utilities Commission of Ohio said the event impacted their docketing information system and call centre. The US Department of Energy’s website was down for a couple of hours, whilst New York State Electric & Gas confirmed its customer electricity outage information was unavailable due to the outage.
Australian gold mining company announces a ransomware attack impacting IT systems. External forensic experts have investigated the incident and attack believed to be contained. No material impact on operations is expected.
A global leader in energy technology (renewable and conventional power products and services) was targeted in a cyber attack involving the Clop ransomware group, which exploited the MOVEit Transfer software vulnerability. While the company reported that no critical data was stolen, the breach underscored the vulnerability of their IT systems, potentially risking operational integrity and financial stability.
A German wind turbine manufacturer, experienced a cyber-attack that led to the disruption of their IT systems. The attack forced the company to take several wind turbines offline temporarily to secure its network, highlighting the vulnerability of wind energy systems to cyber threats and the potential for significant operational and financial impacts.
Hacking group Predatory Sparrow are believed to be behind a cyber-attack on an Iranian steel plant causing a serious fire.
The database of an Indonesian oil and natural gas company was compromised by unauthorised third parties and shared online (Canopius Energy & Utilities: Threat Intelligence Report Q1 2024)
A campaign targeted spearphishing emails to various bodies, including energy and utilities companies (Canopius Energy & Utilities: Threat Intelligence Report Q1 2024)