Skip to Content

Utilities to boost cyber readiness as digital push and IoT adoption continue


To protect their technology, assets and customers, utilities will need to raise their bets on additional layers of security to handle growing number of connected products and services they are launching

                <p>Fiercely competitive UK energy sector stands on the verge of a turmoil facing the perfect storm of headwinds that also bring threats to both cyber and physical worlds.</p>

Even though the UK utilities sector hasn’t suffered a major cyber-attack yet, the players should learn from their peers in other sectors and countries. British Airways’ is looking at a potential £500 million group-action lawsuit after personal and payment data of 380,000 customers was stolen recently. The outcome of cyber-attacks could also be physical, like it was in Ukraine a few years back, when it suffered a major blackout after cyber-attacks.

Last year, the UK government announced that it will impose penalties of up to £17 million for the companies that fails to protect their infrastructure. In such a set-up, having a proper strategy, security architecture and systems in-place will be the key to resilience against these threats.


Image Source: 

Apart from cyber security, the UK utilities are also under tremendous pressure as the customer churn continues to grow. Some players have seen more than a million customers walk away to competition. Also, gone are the days when suppliers were able to simply hike up prices. From January 2019, the energy watchdog Ofgem has laid the groundwork for a price cap on energy bills.

To release this pressure, utilities are betting on digital transformation in a push to streamline their operations and boost customer experience with new services and business models. As a result, major shifts are happening in the market across services offerings, technology capabilities and security perspective.

New services

Energy players are making a major push to expand outside increasingly commoditized energy business, and make a footprint beyond the meter. To get there they are launching new value-added services, which include smart homes, repair, insurance, vehicle charging plans, even broadband or smart grid services. According to market research firm PAC, 82% of European utilities plan to invest in connected home value propositions in the next three years.

These will play a key role in standing out against the competition. Being able to provide real-time insights into energy consumption while at the same time being able to offer personalized add-on services will be the key to wining customers’ hearts.

Technology landscape shift

The enabler of new services is modern technologies such as IoT, RPA and AI, and utilities have traditionally been laggards in their adoption. Thus, to ignite the momentum they will have to become more agile and fuse the best of breed solutions together.

This will likely mean adoption of applications delivered in the cloud, on-premise and at the edge in case of IoT solutions. Having appropriate platforms in-place and analytics capabilities to convert the growing amount of customer and asset data into actionable insights will be the main success factor.

On the other hand, being able to automate repeatable and manual tasks with technology solutions based on RPA will release the pressure from the back-office processes.


Threat paradigm shift

Another major shift currently underway is that new connected assets such as smart meters, smart home hubs or EV charging points, and new services are mostly based on the IoT solutions. Despite obvious pros such a paradigm also brings major cons, as now maintaining security becomes much more complex. Customer data becomes more personal and the number of potential entry points into the enterprise that can be compromised also rise (e.g. Enel has more than 40 million smart meters globally).

By hacking connected devices threats can grow beyond compromising only customer data to compromising both asset operations and data. Even customers can hack the meters themselves and underreport their bills while energy theft is already £500m-a-year big problem according to the UK government.

Image Source:

Another important piece of the puzzle is secure management of partner relationships. Npower recently reported that it is investigating major breach of personal details of 5,000 customers with its fulfilment partner.

To protect their technology, assets and customers, utilities will need to raise their bets on additional layers of security to handle growing number of connected products and services they are launching. According to PAC, IoT security investments in the UK energy and resources sector is expected to more than double from £100m in 2019 to £210m in 2022.

Moving forward

Security has definitely become a boardroom topic, but in order to keep the hackers away utilities will need more than just CISOs in-place. They need enterprise-wide strategy that embraces cyber security awareness from edges to the core of an enterprise, and addresses technology readiness, innovation and education.

French giant Engie launched its Security Operations Centre few years back amid growing threats from the digital world, while EDF in the UK hosted a competition to attract the cyber specialists that can predict cyber-attacks.

Educating employees, customers and partners are the most important drivers of cyber security. Some of the European utility giants are already making their moves in this direction. Innogy is setting up a centre to train its workforce and simulate cyber-attacks, while Iberdrola has set up an online training for its customers to educate them and reduce the cyber risks.

To learn more about how the UK utilities can use IoT, AI and RPA to improve operational efficiency and develop new business models with the appropriate cyber security strategy in-place, connect with us.


 Dr. Milos Milojevic

I am a technology strategy consultant specialised in the Internet of Things (IoT), Digital Transformation and Artificial Intelligence (AI). I help senior executives to understand the latest technologies and their ecosystems, identify viable use cases behind them, develop new services and business models, and predict impact of technology on the future business growth.

Sandeep Kumar

 Sandeep Kumar

Sandeep is one of our Future of Technology practice leaders for Capgemini Invent in the UK.He is an expert on disruptive technologies, develop of digital services and cybersecurity