The Canadian energy industry is a critical sector for the country's economy and infrastructure. However, it's also a prime target for cyber attacks because it relies operational technology (OT) systems and the vast amount of sensitive data it collects.
Getting your Trinity Audio player ready...

Author: Mauricio Quintero

null

The Canadian energy sector faces a complex and ever-evolving cyber security threat landscape. Cyber attacks can come from a variety of sources, including state-sponsored actors, criminal organizations and hacktivists. These attackers are constantly developing new methods to infiltrate energy company networks, steal data, and disrupt operations.

Alarming ransomware statistics

According to a recent report by Corvus Insurance, a leading cyber underwriter, ransomware attacks reached record highs in 2023.1 The report found that there were a staggering 4,496 total leak site victims observed in 2023, a 68% increase from 2022. This highlights the significant rise in ransomware attacks across all industries, and the energy sector is not immune.

The most common types of cyberattacks include :

  • Ransomware remains a significant threat. Ransomware attacks encrypt a victim's files, making them inaccessible until the victim pays a ransom. These attacks can disrupt operations and can lead to data breaches if the victim company doesn't pay the ransom.
  • Malware is malicious software that can be used to steal data, disrupt operations or damage equipment. Malware can be delivered through a variety of methods, such as phishing emails, malicious websites and infected USB drives.
  • Zero-day exploits are vulnerabilities in software that are unknown to the software vendor. These exploits can be dangerous because there's no patch available to fix them.
  • Social engineering attacks target employees in an attempt to trick them into giving up sensitive information or clicking on malicious links.

The Suncor cyber incident

In June 2023, Suncor Energy, one of Canada's largest energy companies, was the victim of a cyber attack that disrupted its payment systems at Petro-Canada gas stations across the country.2 The attack forced Suncor to take its payment systems offline for several days, causing long lines at gas stations and frustration for customers.

While Suncor didn't disclose the nature of the attack, cyber security experts believe it was likely a ransomware attack. This incident highlights the potential impact of cyber attacks on the energy sector and the importance of having a robust cyber security strategy in place.

The importance of cybersecurity

A cyber attack on an energy company can have a devastating impact. It can disrupt operations, damage equipment and lead to data breaches. In the worst-case scenario, a cyber attack could even lead to a physical safety incident.

Energy companies need to take a proactive approach to cyber security in order to mitigate these risks, including :

  • Conducting regular security assessments to identify and address vulnerabilities in their networks
  • Implementing security controls such as firewalls, intrusion detection systems and data encryption
  • Educating employees about cyber security best practices
  • Having a plan for responding to a cyber attack

Gallagher Management Liability Practice

The Gallagher Management Liability Practice offers a comprehensive suite of cyber security solutions to help energy companies mitigate their cyber risks. Our team of experienced professionals can help you develop a cyber security strategy, implement security controls and respond to cyber attacks.

We offer a variety of services including :

  • Penetration testing: We can simulate a cyber attack to identify vulnerabilities in your network.
  • Vulnerability scanning: We can scan your network for known vulnerabilities.
  • Security awareness training: We can help you educate your employees about cyber security best practices.
  • Incident response planning: We can help you develop a plan for responding to a cyber attack.

By partnering with our Gallagher Management Liability Practice, you can help ensure that your energy company is protected from cyberattacks.

The Canadian energy industry is a critical sector that is under increasing threat from cyber attacks. By understanding the evolving threat landscape, including the rise of ransomware attacks, and taking steps to mitigate their cyber risks, energy companies can help protect their operations, data, and customers.

Author Information

Sources

1"Q4 Ransomware Report: 2023 Ends as a Record-Breaking Year." Corvus Insurance, 2 Apr 2024.

2Stephenson, Amanda. "Suncor Energy Cyberattack Likely to Cost Company Millions of Dollars, Expert Says," Financial Post, updated 27 Jun 2023.

Disclaimer

Arthur J. Gallagher Canada Limited ("Gallagher") provides insurance, risk management and consultation services for our clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance/risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general informational purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers control. Insurance brokerage and related services to be provided by Arthur J. Gallagher Canada Limited and its affiliates and/or subsidiaries.