From Scott Carlberg

Larger utilities are likely to handle cyber threats more effectively than small utilities. That is reported in a new Moody’s Investor Services’ report, the same organization that analyzes  financial and other threats for companies.

Security plays a increasing role in assessing company financials, reports Moody’s. “Our survey of global electric utilities shows that large, privately owned regulated utilities have more robust cyber risk governance and management practices in place than state-owned or unregulated and not-for-profit peers. Smaller utilities, not-for-profits in particular, favor a risk transfer approach to cyber risk mitigation.”

Risk transfer means third-party entities, such as insurance firms. “Not-for-profit utilities are turning to cyber insurance to mitigate the risk, said Moody’s, and see more benefit from it due to their relative size.” (source)

Moody’s report – utilities and cyber security, scale/business model matter.

Moody’s survey also reveals that cybersecurity preparedness is stronger among vertically integrated utilities (those that own both generation and transmission assets) than at transmission networks.” This doesn’t mean that some small utilities are not doing well. It can just be more of a challenge in an increasingly complex world.

There were 115 utility companies across North America, Europe and the Asia Pacific region surveyed. Moody’s concluded investment-grade utilities are increasing cyber staffing and cyber budgets, “while speculative-grade utilities plan to keep both flat.”

Threating the grid with a cyberattack is the new normal, and the stakes are high. Said the Assistant Secretary for the Cybersecurity and Infrastructure Security Agency, “‘Owners and operators are on the frontline today of national security. It’s not the government. It is in the bulk power system.’ … If a country wanted to get into a physical war with the United States, it would first hit the bulk-power system. Our bulk-power system is what is standing up all other critical infrastructure. Utilities have to defend against this threat because they are all entry points into the grid. Utilities are currently targets of hostile nation-states, and we are arguably already in a cyber-war, both on an offensive and defensive basis.” That from TD World magazine.

Utilities face an increasingly complex world. Cyber security in particular puts utilities into a role much more formidable than providing power; they provide security for home and country. Big responsibility.