A security awareness and competency evaluation in the energy sector.

The energy sector is highly vulnerable to cyber-attacks due to its inherently complex ecosystem of both physical and cyber infrastructure spreading across the globe. Cyber-security breaches in this domain could have a significant impact not only on the global economy but also on citizens’ lives. This paper aims at evaluating the security awareness and competency of European Electrical Power and Energy Systems (EPES) organisations’ workforce during the COVID-19 pandemic and the Ukrainian war. A targeted assessment campaign has been designed and conducted from 11th February 2022 until 18th March 2022. During that period, 132 participants, out of the 266 invited employees, participated in the campaign. The collected results were analysed from different perspectives unveiling significant findings regarding information security readiness and resilience of individuals and, consequently, organisations in the European energy sector. Key findings are discussed in detail concluding with various cyber-security recommendations addressing both the emerged vulnerabilities and the need for security culture evolution.