Many utility executives from around the world believe cyberattacks could cause disruptions to electric distribution grids in the next five years, according to a report published on Wednesday by professional services company Accenture.
Accenture conducted a survey of more than 100 utility executives from over 20 countries in Europe, North America, Asia Pacific and other regions. The respondents were decision-makers in processes related to smart grids.
The study shows that nearly two-thirds of respondents are concerned that there is at least a moderate risk of a cyberattack causing disruptions to electricity supply in the next five years.
Accenture found that 57% of respondents are concerned that a cyberattack would result in interruption to electricity supply, while 53% are worried about its impact on employee and/or customer safety.
Roughly half of respondents are concerned about theft of sensitive customer or employee data, and theft of company data and intellectual property. Ransomware and destruction of physical assets are also among the top concerns.
“A typical distribution grid has neither the size of a transmission network nor the same risks of cascading failure,” Accenture said in its report. “However, distribution grids have the same vulnerabilities and, as a potentially softer target, could be increasingly subject to attack. Breaches by a wide range of potential attackers could have devastating impacts along the entire electricity value chain, from generation through to consumers. A successful attack could erode public trust in the utility and raise questions about the security of all devices along the value chain.”
Related: Learn More at SecurityWeek’s 2017 ICS Cyber Security Conference
On a global scale, cyberattacks conducted by state-sponsored actors, including their own government, are considered the biggest risk to distribution networks. This is also the greatest concern in North America, but cybercriminals are seen as the biggest threat in Europe and the Asia Pacific region.
The study also shows that utility executives are concerned, at least to some extent, about the risks posed by the Internet of Things (IoT) devices found in consumers’ homes.
Despite concerns, more than 40% of respondents said their organizations did not fully integrate cybersecurity into their risk management processes.
Nearly one-third of respondents believe improved threat identification and sharing across the industry would have the greatest impact on their cybersecurity capabilities. Others believe the biggest impact would come from clearer understanding of OT implications for cybersecurity (20%), training and risk awareness (15%), a holistic security program (12%), a risk management framework incorporating cybersecurity (11%), and clear cybersecurity governance and roles (10%).
Related: Injection Attacks Common in Energy and Utilities Sector
Related: Energy Management Systems Expose Devices to Attacks
Related: Iranian Hackers Target Aerospace, Energy Companies
Related: U.S. Energy Department Invests $20 Million in Cybersecurity

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
