The world’s power plants and transmission lines are more networked to each other and controlled via the Internet than ever before. And in that, Wall Street sees a business opportunity.
Investors including banks and venture capital firms more than doubled their financing last year to private companies focused on developing cyber-security solutions for power-grid operators, utilities and other industrial businesses, a Bloomberg New Energy Finance analysis shows. The $1.7 billion of funding since 2010 is a bet that the industry’s rush into the Internet-of-things era will raise the risk of cyber-attacks on grids and demand for services that fight them.
BNEF clients can see the full report, “Industrial Cybersecurity: An Urgent Need”, on the Terminal or on web.
“Utilities and industrials in general have been connecting real assets like power plants to the Internet,” Claire Curry, an analyst at Bloomberg New Energy Finance, said by phone. “They get a lot more data and efficiencies that way. But they’re also realizing the consequences for hacking. Lots of startups are springing up, saying, ‘We can protect you.”’
Fundraising by cyber-security companies focused on the industrial sector rose to almost $700 million last year from just $5 million in 2010, according to the BNEF analysis of financing data from CB Insights. By one cyber-security firm’s count, at least one threat to industrial operations occurs somewhere in the world every day. The U.S. Energy Department warned in a report last year that the electricity system “faces imminent danger” from cyber-attacks, and hackers were said to have breached at least a dozen U.S. power plants.
The surge in financing “underscores the demand for these services,” Curry said. “They’re picking up on the fact that a number of the power companies now, especially grid operators, are getting nervous.”
The biggest challenge for grid operators and utilities, she said, may be coming up with monitoring software that better alerts them to security threats. In its report, BNEF recommends that utilities identify vulnerabilities, deploy safeguards and constant supervision; and be ready for damage control after a cyber-attack.