87% of Utilities Have Experienced at Least One Data Breach in Last Three Years

by | Feb 5, 2024 | Utilities

Reading Time: 3 minutes

Utility companies present as vulnerable targets to data breaches because they control essential basic societal needs – not to mention they own customer data ranging from payment methods to personal information.

Hackers like energy and utility companies because “all the entry points are tied to regional grids or supervisory control and data acquisition networks.”

Research from Skybox Security found that 87% of utilities have experienced at least one security breach in the past 36 months. One example worth highlighting is the attack on a U.S.-based utility that resulted in a loss of 90% of its internal systems and wiped out 25 years of historical data.

Despite 87% of utility companies facing a breach, the same study found that 71% of utility organizations are highly confident that they will not experience a breach next year.

In theory, utility companies understand the need to protect themselves from hackers. However, many organizations are still trying to figure out how to incorporate managed detection and response into their existing IT infrastructure.

What hackers steal from utility companies

The Verizon “2022 Data Breach Investigations Report” found that in 2021, customer data amounted to 58% of all data stolen from energy and utility firms, followed by credential information.

In the last three years, U.S. businesses that specialize in manufacturing and utilities have experienced 562 data breaches, which compromised nearly 91 million records, according to Comparitech.

“Based on the average cost per breached record (as reported by IBM each year), we estimate these breaches may have cost these businesses more than $14.7 billion,” the pro-consumer researchers report. “In 2022 alone, 136 data breaches are estimated to have cost more than $6 billion.”

Earlier this year in Massachusetts, Eversource, National Grid, and Unitil all communicated with customers that their data may have been breached.

According to The Boston Globe, Eversource said the “stolen data includes names, addresses, contact information, and utility account and usage information, but not more sensitive data like Social Security numbers, credit card numbers, or bank account numbers. The utility is urging customers to monitor their accounts for unusual activity.”

Sometimes, the hackers go after what the utilities supply, such as electricity or water. In 2021, hackers jeopardized the water supply of Oldsmar, Florida, gaining access to a water treatment facility by using dormant remote access software. The hackers briefly changed the levels of lye in the drinking water—which could have poisoned the drinking water of thousands of Florida residents.

How utility companies can protect themselves from data breaches

The data tells a straightforward story — if your utility company has yet to suffer a data breach, it soon might.

“By 2025, 60% of organizations will be actively using remote threat disruption and containment capabilities delivered directly by Managed Detection and Response Services providers,” according to Gartner.

To protect customer data and what utilities supply, companies must employ third-party vendors or implement internal cybersecurity systems to protect customer data and the company’s fundamental operating functions.

Meredith Galante

You may also like