According to data collected by global specialty re/insurer Chaucer, successful cyber attacks against UK utility companies increased to 48 in 2023, representing a 586% increase over the seven cases seen in 2022.
The attacks have caused sensitive data belonging to 140,000 individuals to be compromised in the UK, which is a 714% increase from the 17,000 individuals affected by cyber breaches at utilities companies the year before.
Chaucer notes that the attacks have been largely restricted to the theft of data or ransomware attacks, but there is a growing concern that attacks designed to damage infrastructure could increase due to rising geopolitical tension.
Ben Marsh, Class Underwriter at Chaucer, comments, “Its suspected that the increase in cyber breaches is being driven in part by growing efforts from state-backed hackers targeting critical UK infrastructure.
“That comes on top of the threat from more conventional cyber criminals who also continue to target UK utility companies. Particularly as these companies hold extensive amounts of personal data including people’s financial details.”
Utility companies are an integral part of the UK’s critical infrastructure and are seen as being at increased risk of hacking attacks since the Ukraine war started.
The International Energy Agency has already warned against increasing cyberattacks on energy infrastructure in Europe. Last year, Ofcom, the telecoms and broadcast regulator, confirmed that it had faced an average of 30,000 attempted cyber intrusions per week.
Marsh continues, “Utility companies hold a wide array of personal information from bank details to home addresses. Once this information is obtained by hackers, they can exploit it themselves or sell it on to third parties on the dark web.
“Cyber breaches can leave companies with reputational and operational damage, the fear of which makes them more vulnerable to ransomware attacks after the breaches.”
In conclusion, Chaucer asks utility companies to stay vigilant and ensure their cyber security keeps pace with the standards of the day to ensure the safety of their own and their customers’ data.
