IDC Energy Insights (Framingham, Mass., U.S.A.), a market research firm, announced on Tuesday a new report analysis of the security initiatives among North American utility companies. According to the report, of the 150 U.S. utility companies surveyed, 75% deemed security investments to be of the highest importance, while 38% depicted security to be one of the top IT initiatives this year.
According to IDC Energy Insights, as the smart grid progresses among North American utilities, so have security concerns. Senior management in the utility companies have acknowledged the need for a security methodology and as a result, the year 2010 and onward has seen commitments toward security as well as an increase in security budgets.
In 2011 utilities are spending their budgets updating the security appliances and software, especially focusing on client security (antivirus, anti spam, anti-malware) and intrusion prevention, according to IDC Energy Insights.
According to IDC Energy Insights, even with large investor-owned utilities (IOUs) and public cooperative utilities spending money and setting up practices to streamline security, they only embody 20% of the utilities in the United States.
Other findings in the report include:
- More than 60% of the survey respondents plan investments in new security solutions or maintaining or upgrading their existing solutions.
- 58% of respondents stated that investment in security software will comprise 25-49% of their budget.
- A majority of utility CIOs recognize that data protection will be a key issue. Some utilities are already collecting large amounts of data via their pilot programs.
- Many utility CIOs express concern about the lack of security standards for home area networks (HANs).
"There's great momentum in the industry towards ensuring security is addressed in smart grid projects; however, these efforts are led by 50% of the large utility companies," says Usman Sindhu, senior research analyst, IDC Energy Insights. "While investments are picking up, utility companies are still behind on developing a security-aware culture. CIOs and CISOs will play a key role; they should be ready to work with operations and engineering groups to ensure security and risk practices are implemented."