by Alan Conkle, Matt Wilson and Dave Sands, PwC US
How are your customers changing, and what will they demand in the future? Those are two of the most important questions a customer-centric company must ask itself at a time when technology-led disruption, shifting global demographics and a new type of young, urban and aspirational customer is shaping the plans of business leaders like never before. This shift in customer dynamics and across-the-board employment of technology for better customer communication and meeting rising service expectations is transforming the power and utilities industry, ushering in the entry of the digital utility.
Reported cybersecurity breaches are up 25 percent in the past 12 months, a trend that’s sure to continue in the coming years as more data and ideas are digitized and shared across global networks and on personal mobile devices, according to PwC’s 2015 “Global State of Information Security Survey (GSISS). Protecting your customers from such unwelcome attacks is critical to preserving the integrity of your business and trust with your customers. As the GSISS report shows, cybersecurity is no longer the blind spot it was for many organizations. Budgets to combat digital vandals, spies and thieves have swelled, and confidence in corporate capability in this area is climbing. But while many organizations have raised security standards, their adversaries continue to outpace them.
Customers are always on. Businesses must be, too. Research, customer analytics, data insight and context, and predictive modeling can be used to understand customers better and get more out of data. In accordance, little doubt remains on the value of customer data and its strategic importance to utility operations. Advances in mobile devices, data analytics and cloud computing with smart grids and smart metering further provide opportunities for utility companies to get closer to their customers, play an enhanced energy partner role and capitalize on data opportunities.
As these opportunities are realized, a corresponding increase in the collection, use and disclosure of customer data likely will occur, increasing the risk that customer data will fall into the wrong hands or be used inconsistently with customers’ expectations. Protecting customer data from cyberthreats and the like is paramount. A customer data breach can have far-reaching economic, regulatory and reputational impacts on an organization. To protect customers and their data, utilities should have clarity on what information they collect, how they use it, and where they store and transmit it. Based on this profile, appropriate security measures should be implemented to mitigate risk to an acceptable level. Embedding these safeguards requires assessing current customer practices and developing a governance process to evaluate and monitor compliance associated with security and privacy risks that might be introduced by new technology or customer process enhancements. Each of these areas can be new territory for a utility, requiring enhanced capabilities and skill sets, as well as ongoing education within the company on data protection.
Consider this: Power and utilities respondents to PwC’s 2015 GSISS reported the average number of detected cybersecurity incidents increased six-fold over the prior year. Recognizing that some of the increase in detected incidents could be attributed to better detection capabilities, this is still a staggering result for the industry. Survey results also show a decrease in the number of respondents’ reporting that key security safeguards have been implemented effectively.
Efforts to improve safeguards typically are organized into data protection programs designed to be scalable and grow with the organization’s business strategy. Think of a data protection program as a critical business process with a balance of people, process and technology to support it. The program requires a strategic approach and executive engagement, similar to any critical initiative undertaken by the business. The 2015 GSSIS survey found that approximately half of the responding utilities had implemented the strategic processes required to maintain an effective security and data protection program, indicating there is still much work to be done as an industry.
Investing in the Future
The headlines read daily about consumer retail and financial services breaches that result in huge financial losses and brand damage. Compared with these industries, customer data within the power and utilities industry has received less attention during the past few years, perhaps creating a false sense of comfort despite increasing cyberthreats. Against this backdrop, the 2015 GSISS also tells us that security spending has stalled at 4 percent or less of the total information technology budget for the past five years, although other industries have responded with stronger preventive and detective measures. The power and utilities industry soon could find itself behind and a bigger target for cybercriminals with a focus on exploiting customer data and inflicting reputational damage. To enable the utility of the future, customers and regulators will require a high degree of trust when it comes to customer data. Strategically improving data protection programs for sensitive information assets remains imperative in supporting enterprise objectives. Investments today lay the groundwork for managing the risks of tomorrow.
Alan Conkle is Power and Utilities Risk Assurance Leader at PwC US.
Matt Wilson and Dave Sands are Power and Utilities Risk Assurance directors at PwC US.
PowerGrid International Articles Archives
View Power Generation Articles on PennEnergy.com