Forgot password?


What energy blackouts mean for cybersecurity

The UK is still in the midst of an energy crisis. Triggered by Russia’s invasion of Ukraine in 2022 and the ensuing sanctions implemented by European nations, energy prices have soared this winter. As overheads continue to be a key worry for organisations around the country, there is also the potential for energy blackouts – as cautioned by the National Grid 

In addition to disruption of day-to-day business operations, power outages also represent a critical issue for cybersecurity. Organisations therefore need to be identifying what they can do now to proactively protect themselves from the cyber risks of blackouts. 

Can a breach occur during a blackout? 

It’s crucial to recognise that organisations can still be hacked during an energy blackout. One reason why a power outage puts enterprises at higher risk of suffering a breach is the significant reliance on remote security and IT support. In the event of a localised or regional blackout, organisations could potentially be cut off from their cybersecurity workforce, leaving them at risk of exploitation from bad actors and with no team to monitor, detect and respond to attacks. 

Even if enterprises have sufficient in-house cybersecurity resources, servers and Software-as-a-Service (SaaS) platforms tend to be externally hosted outside of an organisation’s territory. This means that while a headquarters in the UK might lose power, its systems would be online and exposed.  

In both scenarios, cybercriminals are left in more advantageous positions to launch devastating cyberattacks with business-critical consequences. 

What can organisations do to protect themselves? 

The good news is that UK organisations can prepare for such eventualities and mitigate the chance of a blackout breach. To do so, they can follow the following steps: 

  1. Understand the risk 

The National Grid has warned blackouts are most likely to take place between 4pm and 7pm on especially cold days, as these are typically peak periods of energy usage. With this knowledge, hackers may well decide to infiltrate a network, use blind spots to lie dormant for days or even weeks, and then deploy malware once a blackout kicks in. But knowledge is power, and organisations can also identify these periods as a time they are most at risk. By knowing when a ‘blackout window’ is most likely, they can consider ramping up onsite security and IT support and investing in back-up generators and power banks in advance. 

  1. Plan ahead 

Having understood the cyber risk, organisations are well placed to plan ahead and ensure the foundations are covered. Considering 98% of breaches can be protected against with basic cyber hygiene, maintaining a base level of cybersecurity across the organisation and all staff is essential. Things like regular phishing training and simulations, multi-factor authentication, privileged access management, and even sending notifications to staff around potential blackout periods are good practice and contribute to fostering an enterprise-wide ‘security first’ mindset. 

Like with any new risk, it’s also vital to be evaluating worst case scenarios. Conducting test runs and training exercises for security staff of what would happen in the event of a blackout is vital in order to identify weaknesses and existing vulnerabilities. Organisations should also consider carrying out Disaster Recovery planning and updating Business Continuity Plans (BCPs), as these also help to flag risk factors and anomalies that can be remediated ahead of a power outage. 

  1. Outsource to the experts 

On top of what can be done in-house to mitigate against the cyber risk of an energy blackout, organisations should also consider working with trusted security partners to bolster their cybersecurity posture and gain complete peace of mind. Outsourced Security Operations Centres (SOCs), for example, offer round-the-clock threat monitoring for 24/7/365 cybersecurity protection. Crucially, any organisation working with an outsourced SOC benefits from the aggregate value of security professionals who have extensive experience and knowledge of the threat landscape. These teams will also no doubt be preparing for blackout risks by ensuring power banks and back-up generators are on hand. They will also be available to ease concerns and discuss incident response plans with in-house teams. 

Get in touch to learn more about how DigitalXRAID’s services can help you to mitigate energy blackout and other cyber threats. 

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert


Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]