For oil and gas producers and service companies holding vast amounts of information and data, it is imperative that they protect such valuable assets from loss.
Whether it's an accidental loss or theft, an information breach can strike a devastating blow to any company's operations. So companies are spending more money to reinforce the security of their information at a time when security breaches are increasing, a recent survey concludes.
"Eye of the storm" is a new report that includes key oil and gas industry insights based on findings from PricewaterhouseCoopers (PWC) 2012 Global State of Information Security Survey. The oil and gas practice of consulting firm PWC, along with CIO Magazine and CSO Magazine, this year conducted its latest online survey of company officers as well as directors of information technology and security.
The survey, which asked more than 40 questions on topics related to privacy and information security safeguards and their alignment with their business, received more than 9,600 responses, including 143 respondents from the oil and gas industry.
Of the respondents from the oil and gas industry, 50% were from companies with more than $1 billion in annual revenue, and 36% were in Asia, 13% in North America, 24% in South America, 20% in Europe, and the remainder in the Middle East and South Africa.
Almost half of the oil and gas respondents said their organization has an information security strategy in place and proactively executes it. The survey labels these 46% as front-runners, and another 28%—the strategists—responded that they are better at getting the security strategy right than they are at executing the plan.
Of the remaining respondents, 16% were tacticians, who said they are better at getting things done than they are at defining an effective strategy, and 9% are labeled as "firefighters" because they don't have an effective strategy in place regarding information security and are typically in a reactive mode.
Spending to fight threats
The survey revealed that 59% of respondents believe that information security spending in oil and gas will increase over the next 12 months; this is the highest percentage to say so over the past 5 years of the survey.
According to 52% of respondents, what the survey calls "advanced persistent threats," or APT, are driving the spending. However, very few reported having key capabilities in place to manage this new threat, such as virus protection, intrusion detection systems, and either signature-based or memory-based APT solutions.
The number of reported security threats has increased since previous surveys. Although 25% of oil and gas respondents reported no security incidents in the past year, the number of respondents that reported 50 or more incidents in the past year jumped to 14% in the most recent survey from just 4% of respondents reporting such a quantity in the 2010 survey.
Also in this year's survey, 40% of respondents reported 1-9 security incidents at their companies, and 12% reported that a total of 10-49 incidents had occurred over the past 12 months in their organizations.
Other key findings are that 47% of respondents said hackers are the source of most security incidents and that 38% of oil and gas executives said that the leading security risk to cloud computing is an uncertain ability to enforce provider security policies.
PWC said deficiencies in basic policy documentation expose enterprises to many different kinds of compromise. Despite advances in other areas, protocols governing critical processes are omitted from many oil and gas organizations' security policies, the survey found.
In fact, more than half of the oil and gas respondents reported this year that their organization does not have critical policies in place to address areas such as data protection, use of technology, security awareness training, and incident response, among many other important domains, the report said.
More Oil & Gas Journal Current Issue Articles
More Oil & Gas Journal Archives Issue Articles
View Oil and Gas Articles on PennEnergy.com