A recent report issued by the US Department for Homeland Security says that in 2014 the Industrial Control Systems Cyber Emergency Response Team responded to 245 incidents reported by asset owners and industry partners. The energy sector led all others again with 79 reported incidents.
Even when the attacks were discovered, Energy companies were not able to investigate how the attacks happened because of inadequate monitoring.
If the IT organizations within energy companies utilized a scenario-based data collection and analysis capability, then it would go a long way toward helping them to prioritize and quantify risk. In addition, a digital risk management program would help bridge the gap between operational and IT organizations to proactively monitor and reduce risks.