The number of successful cyber attacks against UK utility companies has risen to 48 in 2023, a 586% increase on the seven cases in 2022, says global specialty (re)insurance group Chaucer.
So far these cyber attacks have been largely restricted to the theft of data or ransomware attacks. There have been concerns that cyber attacks designed to damage infrastructure such as utilities could increase due to a rise in geopolitical tension.
Figures obtained by Chaucer show that sensitive data belonging to 140,000 individuals was compromised in the UK as a result of data breaches at utility companies last year. This represents a 714% increase from the 17,000 individuals affected by cyber breaches at utilities companies the year before.
Ben Marsh, Class Underwriter at Chaucer, explains that utility companies, as part of the UK’s critical infrastructure, are seen as being at increased risk of hacking attacks since the Ukraine war started in 2022. The International Energy Agency has previously warned about an increase in cyberattacks against energy infrastructure in Europe.
Last year Ofcom (the telecoms and broadcast regulator) confirmed that they had faced an average of 30,000 attempted cyber intrusions per week.
Ben Marsh adds “Its suspected that the increase in cyber breaches is being driven in part by growing efforts from state backed hackers targeting critical UK infrastructure.”
“That comes on top of the threat from more conventional cyber criminals who also continue to target UK utility companies. Particularly as these companies hold extensive amounts of personal data including people’s financial details.”
“Utility companies hold a wide array of personal information from bank details to home addresses. Once this information is obtained by hackers, they can exploit it themselves or sell it on to third parties on the dark web.”
“Cyber breaches can leave companies with reputational and operational damage, the fear of which makes them more vulnerable to ransomware attacks after the breaches.”
Chaucer adds that “utility companies’ need to ensure their cyber security keeps pace with the standards of the day to ensure the safety of their own and their customers’ data.”
|
