Cybersecurity in Energy: Protecting a Cleaner Future

Cybersecurity, as the World Economic Forum (WEF) has emphasised, is often viewed as a defensive measure. And for organisations that are successful in adopting cyber-resilience, the benefits are substantial: they can mitigate risks all while enhancing trust, reputation, and stakeholder confidence. 

A cleaner and more sustainable future is the clear goal of energy transition. However, as the sector undergoes massive transformation — in an effort to hit net-zero emissions by 2050 — it’s also inevitable for this market to be smarter. Because with innovation comes vulnerability. 

Cybersecurity, as the World Economic Forum (WEF) has emphasised, is often viewed as a defensive measure. And for organisations that are successful in adopting cyber-resilience, the benefits are substantial: they can mitigate risks all while enhancing trust, reputation, and stakeholder confidence. In fact, cyber-resilient entities are found to deliver 50% more value to their shareholders. 

In the energy context, cybersecurity goes beyond simply protecting assets and infrastructure. In a transition driven by many digitalisation efforts, cybersecurity has become fundamental to enabling the safe deployment and management of clean and smart energy solutions. Ignoring cybersecurity carries enormous costs. Companies that have experienced cyber incidents and lost stakeholder trust have seen market value declines of up to $2 billion — not only due to direct losses but also because future business prospects are at risk.

Cybersecurity issues in energy

According to a report by KPMG, there are three key cybersecurity considerations for the energy (and natural resources) sector. 

First is navigating blurring global boundaries. Today’s energy landscape isn’t confined to just one geographical location. In fact, energy entities often operate across several jurisdictions — and each of these follows distinct regulatory frameworks and faces its own cybersecurity challenges. To help address this, multinational businesses can take the lead, sharing best practices and developing frameworks that smaller companies can adopt. Additionally, partnerships between private and public sectors can enhance threat intelligence and align response strategies.

The same sentiment is echoed by Deloitte. According to Mike Kosonog, partner at Deloitte Risk & Financial Advisory, “Public-private relationships are a good way to share cyberthreat intelligence and mitigation strategies.”

Meanwhile, another key cybersecurity issue is the modernisation of supply chain security. The supply chain is a critical, yet vulnerable, component of the energy sector. With reliance on both legacy and new technologies, managing third-party risks is becoming increasingly complex. For instance, weak links in the supply chain, due to insufficient vendor due diligence, can ripple across organisations. The integration of legacy technology with modern IT systems poses a huge challenge, as this technology often lacks robust security measures.

The key here lies in managing risks at all levels of the supply chain with a more robust framework. This also entails regular audits and tailored oversight for each vendor tapped.

Aligning cybersecurity with organisational resilience is another major consideration. Today, cybersecurity resilience is no longer optional but essential for maintaining trust, operational continuity, and long-term success in the energy sector. Addressing this means enhancing collaboration — both within organisations (e.g., IT and accounting) and externally (e.g., public-private partnerships) — in addition to nurturing cyber talents and adopting more sophisticated features, like a zero-trust architecture (which ensures robust protection by verifying every user and endpoint in the network).

How the Middle East Keeps Pace

The Middle East, as a region, plays a vital role in the global energy landscape: It’s home to some of the world’s leading oil and gas producers. With malicious actors targeting operational systems and infrastructure in energy, intensifying the region’s cybersecurity efforts is a must.

According to IBM, the average cost of cyberattacks on organisations in the region stands at $8.75 million — a figure that’s nearly double the global average. Research also shows that Advanced Persistent Threat (APT) groups frequently target the region's energy sector, with attacks often designed for reconnaissance, sabotage, and data theft. Notably, 69% of APT groups studied have targeted energy infrastructure. This all the more highlights the importance of developing and implementing cybersecurity strategies.

So, what’s being done to counter these attacks and prevent risks?

In the region, the cybersecurity market is growing, with research forecasting it to grow from $14.8 billion in 2023 to over $24 billion by 2028. Governments are at the helm of this development. For example, the United Arab Emirates (UAE) has launched a five-year cybersecurity budget plan (2022–2026), incorporating new protection standards for government institutions. 

In the 2024 edition of the CyberEnergy Leadership Forum, held in October, the Emirates Nuclear Energy Corporation (ENEC) underscored how vital cyber-resilience is today. 

“With over 430 nuclear operating units globally ensuring facilities are safe and secure is more critical than ever. We must enhance our cyber strategies to maximise technology's benefits while ensuring the highest safety protocols across the nuclear sector and further across all energy infrastructure to ensure we keep life running around the clock,” His Excellency Mohamed Al Hammadi, Managing Director and Chief Executive Officer of ENEC, said.

“Working with government and private stakeholders is essential to address cyber challenges and ensure the safe operation of nuclear plants such as Barakah, which is now supplying 25% of the UAE’s electricity, 24/7,” he added.

In the same event, Cyber Security Council (CSC) Chairman H.E. Dr. Mohamed Hamad Al-Kuwaiti noted what their organisation is doing to address cyber threats, including those that involve the energy sector.

He stated that the CSC is developing a comprehensive cybersecurity framework to enhance collaboration between government, private entities, and civil society. This includes building national expertise through training, adopting advanced technologies, raising public awareness, and fostering a culture of cybersecurity. 

Meanwhile, in Saudi Arabia, the CyberIC Program, led by the National Cybersecurity Authority (NCA), aims to bolster national cybersecurity infrastructure and support startups in this field. The program emphasises collaboration with private entities to strengthen digital defenses.

In May last year, the NCA also launched the National Program for Research, Development, and Innovation (RDI) in cybersecurity. It seeks to drive the growth of impactful cyber research and develop innovative solutions to address current and emerging cybersecurity challenges. It also aims to leverage national and international partnerships to strengthen the cybersecurity ecosystem.

Ensuring Security is Crucial

While the energy sector is advancing efforts to attain a more sustainable tomorrow, there remains several challenges. And cybersecurity is one those. 

In the Middle East and elsewhere in the world, cybersecurity forms part of the backbone of the energy transformation. The goal is to protect vital infrastructure, build trust, and ensure long-term resilience. Energy has long been the lifeline of economic stability in the region. And even though economic diversification efforts are underway, ensuring this sector’s security is crucial. With efforts seen in the UAE and Saudi Arabia, the region shows that it knows how to secure critical infrastructure amid rapid digital transformation.

Be part of Middle East Energy 2025, the leading energy exhibition in the Middle East & Africa, as it celebrates 49 years of innovation. Taking place from April 7 – 9 at the Dubai World Trade Centre, this event will showcase the latest advancements in energy technology. Register now!