Cyber resilience is a challenge for all organisations, but, due to its vital role as a societal backbone, it is of particular importance for the electricity ecosystem.

The power grid is an increasingly popular target for cyber threat actors: including hacktivists with the aim of causing civil unrest or state-sponsored groups performing espionage activities. Moreover, electricity organizations operate in an interconnected and interdependent environment where the consequences of a cyber attack on one can cascade to numerous others. Combatting this growing risk requires leaders to shift their thinking on cyber resilience in two fundamental ways:

1. Understand that cyber risk is a business and ecosystem-wide risk – not an IT risk – and integrate cyber risk management into all business decisions
2. Understand that managing cyber risk in such an interconnected environment requires that leaders think beyond the cyber resilience of their own “houses”, towards the cyber resilience of the broader “neighbourhood” of suppliers, customers, competitors, peers, and regulators among others.

This report developed by the World Economic Forum in collaboration with electricity industry partners and Boston Consulting Group offers principles to help board members meet the unique challenges of managing cyber risk in the electricity ecosystem.