Business interruption due to storms, catastrophic events and cyber attack present the biggest threat to power and utilities (P&U) companies, according to a new report by an auditor. EY‘s Risk Pulse: Navigating the power and utilities sector in transformation, ranks the strategic, financial, operational and compliance risks across the sector.
Hurricane seasons, sweeping power outages and numerous distributed denial-of-service attacks are some of the disruptive forces that have shaken utility operations. As the frequency of catastrophic events accelerates, resilience and business continuity are being tested across the sector, with most, 80pc of respondents indicating that business interruption will become more or much more important in the future. The audit firm points to a need for companies to make effective response strategies.
Matt Chambers, EY Global Power and Utilities Risk and Cybersecurity Leader, says: “Utilities need to ask themselves whether their operating model is agile enough to react to unexpected events as they unfold, and whether they have the right resiliency to recover. This is further compounded by the rising importance of data privacy and protection, which demands that companies place greater emphasis on cybersecurity as an enterprise priority.”
The survey suggests that the top strategic risks are underpinned by the rise of digital and the customer response to the changing energy landscape. The rise of distributed energy resources (DERs) is respondents’ number one strategic risk and third highest overall risk, as greater DER integration places pressure on traditional sales and the customer relationship. With distributed generation and emerging technologies offering consumers more choice, changing customer demand and expectations is the number two strategic risk as non-traditional market entrants make inroads – placing further pressure on revenues. This trend is underscored by the evolution of digital technologies and the Internet of Things (IoT) – the third highest ranked strategic risk – as companies respond to the speed of change and associated security risk.
Chambers says: “Risk management will evolve in exciting new ways as enabling technologies, like robotic process automation, blockchain and data analytics are increasingly deployed to increase efficiencies, reduce costs and improve performance. Utilities will need to monitor the digital landscape and innovate in order to remain relevant and succeed in a future energy world.”
Regulatory or rate changes impacting cost recovery of assets ranks as the number one financial risk and second-highest overall risk, with 55pc, more than half, of respondents anticipating that this risk will become more or much more important in a new energy world. The survey suggests that regulatory frameworks still incentivize network expansion but do not necessarily provide the right financial incentives to encourage utilities to invest in innovation and digital technologies, including distributed generation.
Edgard Capdevielle, CEO, Nozomi Networks, said: “It is critical for the resilience of the power supply that power companies and utilities are able to identify cyberattacks efficiently. Significant strides forward have been made, but there’s always room for further improvement. If utilities invested in cybersecurity in the same way that they invest in storm preparation their ability to manage the risk would be significantly improved. The NERC CIP regulations, combined with increasing awareness of the likelihood of an attack, have motivated many progressive utilities to seek the most advanced technologies such as artificial intelligence and automated machine learning to jump start their visibility, situational awareness, and ultimately, their abilities to detect and mitigate cyber-attacks against their operations.”