Chaucer warns UK utilities over cybersecurity after breaches increase 586%
UK utility companies were hit by 48 successful cyberattacks in 2023, a 586% increase on the seven cases in 2022, according to specialty (re)insurance group Chaucer. Figures obtained by the insurer show that sensitive data belonging to 140,000 individuals was compromised in the UK as a result of data breaches at utility companies last year, a 714% increase from the 17,000 individuals affected the year before.
Chaucer noted that so far, these cyberattacks have been largely restricted to the theft of data or ransomware attacks. It added that there have been concerns that cyberattacks designed to damage infrastructure such as utilities could increase due to a rise in geopolitical tension.
Ben Marsh, class underwriter at Chaucer, said that utility companies, as part of the UK’s critical infrastructure, are seen as being at increased risk of hacking attacks since the Ukraine war started in 2022. He also noted that the International Energy Agency has previously warned about an increase in cyberattacks against energy infrastructure in Europe.
Chaucer said that Ofcom (the telecoms and broadcast regulator) confirmed that it had faced an average of 30,000 attempted cyber intrusions per week last year.
“It’s suspected that the increase in cyber breaches is being driven in part by growing efforts from state-backed hackers targeting critical UK infrastructure,” said Marsh. “That comes on top of the threat from more conventional cybercriminals, who also continue to target UK utility companies. Particularly as these companies hold extensive amounts of personal data including people’s financial details.”
He added: “Utility companies hold a wide array of personal information, from bank details to home addresses. Once this information is obtained by hackers, they can exploit it themselves or sell it on to third parties on the dark web. Cyber breaches can leave companies with reputational and operational damage, the fear of which makes them more vulnerable to ransomware attacks after the breaches.”
Chaucer said that utility companies need to ensure their cybersecurity keeps pace with the standards of the day to ensure the safety of their own and their customers’ data.