The government's push to "mainline AI into the veins" of the nation marks a transformative era. However, the very foundation of this progress - the energy grid - has become a lucrative target for malicious actors. AI-driven technologies promise greater efficiency and resilience, yet their dependence on the UK’s energy sector puts a bigger target on the country’s critical infrastructure. As the UK advances toward making its mark as a global AI leader, its energy sector faces a critical challenge of the rising threat of cyberattacks.
With national security and technological leadership at stake, energy providers must urgently fortify their defenses to safeguard the UK's AI ambitions from disruption.
Vice President of Consulting and Professional Services for EMEA at Trustwave.
The growing cyber threat against legacy systems
According to Trustwave’s latest report, the average cost of a data breach in the energy sector stands at a staggering $5.29 million, significantly exceeding the cross-industry average of $4.8 million. The financial toll is just the tip of the iceberg; a successful cyber-attack against the UK’s energy sector could lead to far more severe consequences such as operational disruptions, national security risks, and a loss of public trust. Given the centrality of the energy sector to AI-powered progress, any interference could derail the UK's momentum towards technological leadership.
One of the more significant challenges is the sector's reliance on ageing infrastructure and legacy systems. Thames Water highlighted in 2024 that some IT systems date back to the 1980s, leaving them highly vulnerable. Outdated systems also hinder compatibility with modern security solutions, essential for protecting against cyber threats without disrupting operations.
Moreover, the sector is integrating its physical infrastructure with digital systems like Supervisory Control and Data Acquisition (SCADA) and IoT. While this enhances efficiency, increasing digital transformation also expands the risk of cyberattacks. This integration exposes vulnerabilities and complicates securing both operational technology (OT) and IT infrastructures. Securing OT systems requires specialized cybersecurity approaches due to their proprietary nature and direct impact on physical infrastructure. Balancing security with operational reliability is crucial, as using traditional IT security methods could leave energy organizations on the back foot.
Finally, energy companies face significant challenges in overhauling aging infrastructure due to costs and operational risks. Connecting legacy systems to modern networks or IoT devices could pose further security risks without appropriate and proactive cyber hygiene measures. Protecting these systems while transitioning to more secure technologies demands strategic planning, investment, and collaboration between IT and OT teams.
Ransomware on the horizon
When it comes to cybersecurity, IT or OT infrastructure is unfortunately not the only concern that the energy and utility sector needs to be aware of. Especially since the UK’s ambition for AI leadership has further raised the critical importance of the energy and utilities sector in the UK, it has become that much more of a lucrative target for cybercriminals and nation-state hackers to disrupt essential services and cause further financial, economic and community damage.
There has been a significant increase in ransomware attacks targeting the energy and utilities sector, with an 80% year-over-year increase globally. The number of attacks was notably higher in the second half of 2023 and the first half of 2024. This increase in the number of ransomware attacks can be linked to the rise in Ransomware-as-a Service (RaaS) groups, which has enabled less-skilled attackers to carry out highly-sophisticated ransomware campaigns. Additionally, as ransomware groups refine their tactics, they become more effective at exploiting weak links within the sector, increasing the chances of widespread disruption and financial loss.
A pressing concern is the sector's supply chain weaknesses. Ransomware groups frequently target suppliers and service providers, who often have privileged access to critical systems but lack the same level of security controls as energy companies themselves. A single compromised supplier can serve as an entry point, allowing attackers to infiltrate multiple clients and escalate their impact across the industry.
Compounding this challenge is a fundamental lack of visibility within energy organizations. Many struggle to maintain an accurate inventory of their assets, track their access levels, and understand interconnections between systems. This opacity leads to security blind spots, making it easier for ransomware groups to exploit overlooked vulnerabilities and move laterally within networks undetected.
Remote services further expand the attack surface, providing cybercriminals with a pathway into critical systems. Attackers frequently exploit remote access tools such as SMB/Windows Admin Shares and Remote Desktop Protocol (RDP) to gain persistence within a network. Without stringent access controls and monitoring, these services can serve as a gateway for ransomware deployment and data exfiltration.
Building cyber resilience in the energy sector
Addressing the challenge of legacy systems in the energy and utilities sector, many of which were not designed to withstand modern cyber threats, requires energy companies to implement virtual patching for unpatched systems, strict access controls, and network segmentation to isolate vulnerable assets. A phased approach to infrastructure modernization, coupled with secure OT-IT integration is an additional critical requirement as this allows energy companies to upgrade systems while maintaining operational stability.
Zero-trust security frameworks need to be established as these require continuous verification of all users and devices. Such a framework further reduces risks associated with interconnected IT and OT environments. Furthermore, investing in specialized OT cybersecurity measures, including intrusion detection systems (IDS) tailored to industrial environments, ensures that security efforts do not disrupt critical operations.
Operational stability and resilience is, of course, especially critical for energy and utilities providers given the profound impact to businesses and communities that an operational halt could have. For instance, our research report found that an attack on one such facility that houses 400 million cubic meters of gas, could leave London (8.87 million people) without gas for over two weeks (14.6 days).
Energy and utility providers must begin to prioritize bolstering resilience through the use of proactive threat intelligence, dark web monitoring, and incident response planning to prepare for and respond to emerging threats. Strengthening supply chain security, enforcing multi-factor authentication (MFA), and ensuring regulatory compliance are supplementary steps in a robust defense against cyber adversaries.
The path forward
Ultimately, as the UK pushes forward with its AI ambitions, the energy sector must remain vigilant against the escalating cyber threats that could hinder this progress. AI’s transformative potential hinges on a stable and secure energy infrastructure—without it, the nation's leadership in AI and digital innovation is cut off at its knees.
By prioritizing modernized security frameworks, proactive threat intelligence, and comprehensive incident response planning, the UK can safeguard its critical infrastructure from cybercriminals seeking to exploit its digital evolution. A secure energy sector is not just an operational necessity; it is the backbone of the country’s AI-driven future. Only through decisive action and strategic investment in cybersecurity can the UK ensure that its pursuit of technological leadership remains uninterrupted.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
