AI & Cybersecurity: The state of cyber in UK and US energy sectors

Darktrace’s Annual Threat Report 2024 revealed that our Threat Research team is conducting industry-specific research. The first of this series looks into the energy sector within the US and UK, analysing Darktrace observed incidents from across the sector, hypotheses-driven threat hunts, open source intelligence and interviews, to identify which APTs and attack vectors are targeting energy organizations, how technology (including AI) has transformed the threat landscape, and how security teams and policy makers are adapting.

Key findings:

  • Technological advancement in the sector including IoT adoption, the drive towards net-zero, and IT/OT convergence, is increasing cyber risk.
  • Over-dependency on a few vendors and systems, movement towards cloud operations and unmanaged assets across the supply chain increase critical dependencies within the sector.
  • Phishing remains a prolific attack vector: From 2022–2024, 55% of the attacks Darktrace saw in the sector originated via email—1 in 5 phishing attempts specifically targeted VIP individuals.
  • Vulnerabilities are frequently exploited in the sector: This includes common vulnerabilities and exposures (CVEs), devices without MFA, and internet-exposed IT and OT assets.
  • Geopolitical tensions are driving attacks: The report includes new evidence and data showing energy infrastructure in EMEA is facing heightened threat activity, particularly from nation-state actors.
  • Increase in OT focused attacks: Darktrace observed an incident on a Canadian energy provider who was targeted via an OT-specific compromise in the SCADA environment.

This paper studies the implications of these changes in discussion with stakeholders, and provides actionable next steps that industry and government can engage with to improve cyber resiliency across the sector. 

With US and UK Critical National Infrastructure under increasing threat, from financially motivated threat actors looking for a quick payout to nation-state actors looking to gather intelligence or position themselves for future attacks, this research paints a clear picture of how the attack surface is shifting—and why security strategies need to evolve to keep up.

More Videos
Video
Webinar: Securing Multi-Cloud Environments
Video
Catching Dropbox Phishing Email Scams
Video
Microsoft AI Showcase with Mike Beck
Video
Microsoft’s Ann Johnson on Cyber Defense

White Paper

Webinar

AI & Cybersecurity: The state of cyber in UK and US energy sectors

AI & Cybersecurity: The state of cyber in UK and US energy sectors

Darktrace’s Annual Threat Report 2024 revealed that our Threat Research team is conducting industry-specific research. The first of this series looks into the energy sector within the US and UK, analysing Darktrace observed incidents from across the sector, hypotheses-driven threat hunts, open source intelligence and interviews, to identify which APTs and attack vectors are targeting energy organizations, how technology (including AI) has transformed the threat landscape, and how security teams and policy makers are adapting.

Key findings:

  • Technological advancement in the sector including IoT adoption, the drive towards net-zero, and IT/OT convergence, is increasing cyber risk.
  • Over-dependency on a few vendors and systems, movement towards cloud operations and unmanaged assets across the supply chain increase critical dependencies within the sector.
  • Phishing remains a prolific attack vector: From 2022–2024, 55% of the attacks Darktrace saw in the sector originated via email—1 in 5 phishing attempts specifically targeted VIP individuals.
  • Vulnerabilities are frequently exploited in the sector: This includes common vulnerabilities and exposures (CVEs), devices without MFA, and internet-exposed IT and OT assets.
  • Geopolitical tensions are driving attacks: The report includes new evidence and data showing energy infrastructure in EMEA is facing heightened threat activity, particularly from nation-state actors.
  • Increase in OT focused attacks: Darktrace observed an incident on a Canadian energy provider who was targeted via an OT-specific compromise in the SCADA environment.

This paper studies the implications of these changes in discussion with stakeholders, and provides actionable next steps that industry and government can engage with to improve cyber resiliency across the sector. 

With US and UK Critical National Infrastructure under increasing threat, from financially motivated threat actors looking for a quick payout to nation-state actors looking to gather intelligence or position themselves for future attacks, this research paints a clear picture of how the attack surface is shifting—and why security strategies need to evolve to keep up.

Download now
No Details required

Darktrace is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

By clicking submit below, you consent to allow Darktrace to store and process the personal information submitted above to provide you the content requested.

Thanks, your request has been received
A member of our team will be in touch with you shortly.
Oops! Something went wrong while submitting the form.
The information provided in this document is intended for general informational purposes only and should not be construed as legal advice. For specific advice related to compliance with NIS2 or other legal matters, please consult with your legal, professional or regulatory advisors. Darktrace makes no warranties or representations regarding the accuracy, reliability, or completeness of the information provided and accepts no responsibility for any errors or omissions. This document may contain links to external websites or resources for additional information. Darktrace does not endorse or assume responsibility for the content, privacy practices, or any other aspect of these external sites.

Gartner, Magic Quadrant for Email Security Platforms, Max Taggett, Nikul Patel, Franz Hinner, Deepak Mishra, 16 December 2024Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

This white paper includes

This resource includes

This case study includes

This data sheet includes

10,000
Companies trust Darktrace
Share this resource