OT Cyberattacks: Energy Sector Faces $329 Billion in Risks

A Dragos report reveals the scale of cyber vulnerabilities in global energy infrastructures. Potential losses reach historic highs.

Share:

Gain full professional access to energynews.pro from 4.90€/month.
Designed for decision-makers, with no long-term commitment.

Over 30,000 articles published since 2021.
150 new market analyses every week to decode global energy trends.

Monthly Digital PRO PASS

Immediate Access
4.90€/month*

No commitment – cancel anytime, activation in 2 minutes.

*Special launch offer: 1st month at the indicated price, then 14.90 €/month, no long-term commitment.

Annual Digital PRO Pass

Full Annual Access
99€/year*

To access all of energynews.pro without any limits

*Introductory annual price for year one, automatically renewed at 149.00 €/year from the second year.

The global energy sector faces an unprecedented cyber threat that could generate up to $329.5 billion in losses in an extreme scenario. This estimate comes from the 2025 OT Security Financial Risk Report published by Dragos Inc., the global leader in cybersecurity for operational technology (OT) environments. The study, conducted by Marsh McLennan’s Cyber Risk Intelligence Center, represents the first statistical analysis quantifying the financial risks of OT cyber incidents. Indirect losses, often overlooked in traditional models, affect up to 70% of OT-related breaches, with $172.4 billion attributed to business interruptions alone.

Critical vulnerabilities exploited at scale

Recent incidents confirm the severity of these financial projections. The ransomware attack against Halliburton in August 2024 generated $35 million in direct losses and forced the partial shutdown of systems at this $23 billion valued company. RansomHub, the group allegedly responsible for this cyberattack, demonstrated malicious actors’ ability to paralyze global oil giants. In January 2024, the FrostyGoop malware struck a Ukrainian municipal energy company, depriving more than 600 apartment buildings of heating for two days during sub-zero temperatures. This attack illustrates how Modbus TCP industrial control systems can be compromised with immediate physical consequences for civilian populations.

American water infrastructures have become prime targets for state-sponsored groups. The Cyber Army of Russia Reborn (CARR), linked to the Russian GRU military intelligence’s Sandworm group, caused a water tank overflow in Muleshoe, Texas in January 2024. The intrusion was facilitated by a password unchanged for ten years, revealing basic negligence in critical infrastructure security. The cities of Abernathy, Hale Center, and Lockney suffered similar attacks, demonstrating a coordinated campaign against American water distribution systems.

A geopolitical escalation with major economic consequences

Analysis of 2024 data reveals a qualitative transformation in OT cyber threats. While the number of attacks increased only marginally, from 72 in 2023 to 76 in 2024, the physical impact exploded with 1,015 disrupted sites versus 412 the previous year, a 146% increase. Nation-state attacks with physical consequences tripled, driven by Chinese, Russian, and Iranian campaigns. Three new malware strains specific to industrial control systems (ICS) were discovered in 2024, equaling half the total discovered during the previous fourteen years.

The Forescout report reveals that industrial automation protocols have become preferred attack vectors. Attacks on these protocols climbed from 71% to 79% between 2023 and 2024, with Modbus dominating at 40% of incidents, followed by Ethernet/IP at 28%. Threat actors increased their presence by 93% in the energy sector, 71% in manufacturing, and 55% in healthcare. This exponential progression is accompanied by increased sophistication in attack methods and unprecedented physical disruption capability.

Quantified security controls to reduce exposure

The Dragos report identifies three priority OT cybersecurity controls with their potential for financial risk reduction. Incident response planning enables average risk reduction up to 18.5%. Defensible architecture can reduce exposure by 17.09%, while ICS network visibility and monitoring offer protection up to 16.47%. These percentages, based on tens of thousands of simulations and a decade of breach data, provide executives with concrete metrics to justify OT cybersecurity investments.

Regulatory implications intensify with the European NIS2 and CER directives coming into force in late 2024, imposing cybersecurity measures on more than 400,000 companies. In the United States, the Transportation Security Administration (TSA) issued binding directives for the pipeline sector following the 2021 Colonial Pipeline attack that disrupted 45% of the East Coast’s fuel supply. Energy companies must now quantify their cyber risks to meet Securities and Exchange Commission (SEC) reporting requirements, notably the 8-K rule on cyber incident disclosure. This regulatory evolution transforms OT cybersecurity from a technical cost center into a financially measurable strategic imperative, redefining investment priorities for the global energy sector.

OMV terminated the contract of one of its executives after suspicions of spying for Russia, prompting the Austrian Ministry of Foreign Affairs to summon a Russian diplomat.
ABO-Group’s revenue reached €53.7mn ($57.2mn) in H1 2025, supported by targeted acquisitions and strong performance in France and the Netherlands.
Waaree Sustainable Finance has announced a strategic investment in Warehouse Now, a fast-growing on-demand warehousing company in India, reinforcing the group’s focus on structurally high-return sectors.
The US investment bank is restructuring its operations by merging its energy and utilities divisions to form a global power and energy unit.
Gibson Energy has received approval from the Toronto Stock Exchange to extend its normal course issuer bid, covering up to 7.5% of the public float over a one-year period starting 18 September.
Petróleos Mexicanos received offers surpassing the $9.9bn cap set for its debt repurchase programme, resulting in oversubscription during the initial phase of the operation.
The Peruvian power producer completed a cash tender offer for its 5.625% senior notes, reaching a participation rate of 68.39% at the close of the operation.
Chilean power producer Colbún has completed its cash tender offer for 3.950% notes due 2027, repurchasing more than half of the outstanding amount for a total of $266mn.
Iberdrola strengthens its presence in Brazil by acquiring PREVI’s stake in Neoenergia for BRL11.95bn, raising its ownership to 84%.
US-based Madison secures $800mn debt facility to finance energy infrastructure projects and address rising grid demand across the country.
The announced merger between Anglo American and Teck forms Anglo Teck, a new copper-focused leader structured for growth, with a no-premium share structure and a $4.5bn special dividend.
Voltalia launches a transformation programme targeting a return to profit from 2026, built on a refocus of activities, a new operating structure and self-financed growth of 300 to 400 MW per year.
Ineos Energy ends all projects in the UK, citing unstable taxation and soaring energy costs, and redirects its investments to the US, where the company has just allocated £3bn to new assets.
Eskom forecasts a load-shedding-free summer after covering 97% of winter demand, supported by 4000 MW added capacity and reduced operating expenses.
GE Vernova will cut 600 jobs in Europe, with the Belfort gas turbine site in France particularly affected, amid financial growth and strategic reorganisation.
Orazul Energy Perú has launched a public cash tender offer for all of its 5.625% notes maturing in 2027, for a total principal amount of $363.2mn.
SOLV Energy expands its nationwide services in the United States with the acquisitions of Spartan Infrastructure and SDI Services, consolidating its presence across all independent power markets.
Tokenised asset platform Plural secures $7.13mn to accelerate financing of distributed infrastructure including solar, storage, and data centres.
Santander Alternative Investments has invested in Corinex to accelerate the deployment of its smart grid solutions, aiming to address growing utility needs in Europe and the Americas.
Driven by grid modernisation and industrial automation, the global control transformer market could reach $1.48bn in 2030, with projections indicating steady growth in energy-intensive sectors.

Log in to read this article

You'll also have access to a selection of our best content.