The biggest risk to cybersecurity are employees, according to a majority of global power and utility executives.
That was the findings of a new survey from EY, which reveals 84% of leaders and IT executives and managers questioned said careless employee actions are a threat.
Around 12% of the 1,735 people questioned believe their boards comprise a member directly responsible for cybersecurity.
The rise of digital and the internet of things (IoT) are said to be creating significant challenges as 79% said poor user awareness and behaviour around mobile devices are major risks for their organisations.
A majority of them (89%) said their cybersecurity function does not fully meet their organisation’s needs despite 58% of them having experienced a “recent significant” cybersecurity incident.
A total of 39% of the executives need at least a 25% budget increase to achieve their desired level of risk tolerance, however only 13% expect the increase in funding.
More than half (58%) rated security awareness and training as a high priority.
Matt Chambers, EY Global Power & Utilities, Risk and Cybersecurity Leader said believes too many organisations only consider investing in cybersecurity “after there is a large breach or if it’s mandated rather than committing budget upfront”.
He added: “Cybersecurity efforts must evolve with advancing technology. The proliferation of digital devices and the convergence of operational technology and information technology environments are creating new efficiencies and business improvements but are also increasing the attack surface of power and utility companies.
“Now, with attackers casting their sights on bigger targets, critical infrastructure is more at risk than ever before.”