Energy, Industrial Firms Must Up Their Cybersecurity Game, Experts Say

Dutch Prime Minister Dick Schoof joined several industry experts in calling upon the global energy and industrials complex to step up its cybersecurity efforts in the face of rising attacks on key infrastructure, at a major European industry event.

Speaking at the ONE Conference on Tuesday, an event being held in The Hague, Netherlands, as part of Cybersecurity Week 2025, Schoof said: “Security is a job that is never done. We cannot be complacent. It is fast becoming apparent that the military conflicts of the future will not be fought on the battlefield but in cyberspace in an increasingly digitized world.

“Take the Russia-Ukraine for instance. It has been an wake-up call. Cyber attacks around Europe, and not just the Netherlands, are rising since our explicit backing of Kiev. This is no coincidence and was widely discussed at the NATO summit that we hosted in June.”

The Dutch politician, who was a former security and justice minister, before taking over as prime minister in July 2024, said enhancing cybersecurity attests to building resilience in the world’s energy and industrials sector in a challenging world.

“Digital processes have become the nervous system of our society and industry. Therefore, cyber specialists are needed for to make both resilient. The concept of strategic autonomy in the modern world is predicated on digital security, not just natural resources. It is time to take action to manage cyber risk proactively and not reactively.”

The prime minister’s warning was echoed by several industry experts at the conference. What’s causing particular anxiety are the spate of attacks on Europe’s energy and utilities infrastructure.

For instance, a report published earlier this year by TrustWave noted that ransomware attacks targeting the energy and utilities sector increased by 80% in 2024 on an annualized basis.

The cybersecurity firm noted the majority of these breaches only managed to compromise IT environments, as opposed to the highly critical operational technology or “OT” infrastructure such as digital plant control systems.

However, officials say Dutch intelligence agencies believe the threat to OT is rapidly intensifying. Many of the attacks are driven by geopolitical strife as international tensions caused by the Russia-Ukraine war, Gaza and the U.S.-China rivalries are projected into cyberspace.

Rivals are attempting to demonstrate their cyber-military capabilities by penetrating critical infrastructure networks from power plants to pipelines.

No Room For Complacency

Adoption of cloud computing, the growing convergence of IT and OT networks in the industrials space, automation, big data, and the deployment of AI are throwing up yet more security challenges.

If any nodal point in the industrial IT environment is compromised and subsequently serves as a staging point for hackers to move laterally into OT networks, the consequences could be catastrophic for both physical environments as well as human life.

Matthijs van Amelsfort, CEO of the National Cyber Security Centre, Netherlands said: “What we are witnessing is that in light of the growing threats, the old way of regarding cybersecurity investments as an ‘IT spend’ is becoming a thing of the past.

“Energy sector has become quite good in risk-based thinking and recognizing the threats of the digital world. Furthermore, many of the contingency and service continuity plans I have seen from several parties do stand up to scrutiny.”

In recognition of the rising threats and to ensure there in no room for complacency when it comes to Dutch operators, van Amelsfort said the government is implementing The Netherlands’ Cybersecurity Act or “Cyberbeveiligingswet.”

The national law – which is in line with the European Union’s NIS2 Directive to strengthen digital resilience – places stringent requirements on strategic sectors to improve their network and information security.

The law also introduces security obligations and incident reporting requirements for a broader range of entities than the previous initiatives. It is expected to come into effect over the second quarter of 2026.

“There is still a lot to do, but I can safely say as a former law enforcement officer that whole industries are now regularly reexamining various aspects and protocols on cybersecurity. But this will be a case of constant vigilance and investment.”

On the latter point, investment toward industrial cybersecurity is growing at a steady pace. By some metrics, the sector is witnessing a compound annual growth rate of nearly 10%, with a multibillion dollar industry in the making to the end of the decade.

Focus is also incrementally turning toward addressing the skills gap. Research published on Wednesday by Security Delta at the ONE Conference identified several cybersecurity competence gaps in Europe.

Its study of ten European countries, which mapped existing training and education provisions against future labor market needs, noted that systems management, testing, and quality management and compliance rank among the most significant gaps.

Mark Ruijsendaal, programme director at Security Delta, noted that when organizations start implementing their newly formed risk management and cybersecurity strategies, their need for testing, system management and quality control will grow.

“Its why the main priority for new development of training is not necessarily on technical competences, but rather the strategic and business-oriented ones. More technical and quality-related competences are added to the list of gaps when you zoom into the proficiency levels.”

Whether its investment, systems resilience or re-skilling of the workforce, the wider industrial complex is an almighty and seemingly perpetual marathon on cybersecurity.