Find an article
Connect with us

Register For Latest Posts and Risk Lounge Weekly

Offshore Energy Top 10 cyber risks
Monday 07 December 2015
Author: Russell Group
Tags: Offshore energy risks, Offshore energy exposures, cyber risks, cyber exposures, cyber insurance, offshore energy insurance, cyber security

“Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems,” says Petter Myrvang, head of the Security and Information Risk Section, DNV GL - Oil & Gas. 

DNV GL listed the top ten cyber security vulnerabilities as follows: 

  1. Lack of cyber security awareness and training among employees
  2. Remote work during operations and maintenance
  3. Using standard IT products with known vulnerabilities in the production environment
  4. A limited cyber security culture among vendors, suppliers and contractors
  5. Insufficient separation of data networks
  6. The use of mobile devices and storage units including smartphones
  7. Data networks between on- and offshore facilities
  8. Insufficient physical security of data rooms, cabinets, etc.
  9. Vulnerable software
  10. Outdated and ageing control systems in facilities.

“As all oil and gas process plants are now connected to the Internet in some way, protecting vital digital infrastructure against cyber-attacks also ensures safe operations and optimal production regularity,” says Trond Winther, head of the Operations Department, DNV GL – Oil & Gas.  

As DNV GL outlines, due to the use of digital technologies and increased dependence on cyber structures, the oil and gas industry is exposed to new sets of exposures and threats. From an underwriting point of view, such exposures can be analysed using the latest actuarial and risk modelling techniques.

For example, Russell Group’s ALPS Energy product is used to model aggregate exposure and pricing at the asset level, and analyse realistic and probabilistic scenarios while ALPS Enterprise captures a corporate’s exposure to technology vendors and compares with its own in-built vendor listing to assess a corporate’s risk profile to probable security threats and cyber events.

If you would like to learn more about how Russell Group can assist with your offshore energy requirements, contact or