As Brexit uncertainties persist and populism continues to surge across the bloc, EU companies are encountering new political and regulatory challenges. Many headlines focus on the issues of trade and immigration, which are no doubt key questions for the future operating environment in the EU and the United Kingdom. However, changes in the digital environment—both technological and regulatory—will arguably pose an even bigger challenge to companies throughout Europe and around the world. The European energy sector is particularly susceptible to these digital risks given its sheer size, importance, and reach. Electric-utility executives therefore must devote time and resources toward improving their digital risk management practices.
We have descended into a period of digital disorder. The global technological landscape is currently being reconstructed, subjecting the once-free and unfettered transfer of data across borders to new and greater digital walls. Terms such as the “splinternet” and a “digital cold war” are becoming ubiquitous, forcing companies everywhere to shift strategies on everything from procurement to customer engagement. Cyberattacks, privacy breaches, and the spread of disinformation are just a few manifestations of this environment. Also contributing to the disorder are governments becoming more active regulators of the digital environment and intensifying technological competition between countries.
As my colleagues and I argue in Competing in the Age of Digital Disorder, companies must adapt to the current digital disorder while also preparing for the future digital order, which will be characterized by a more stable environment. These preparations must take place across strategy, customer experience, operations, risk management and compliance, and employees and culture—our SCORE framework. Of particular relevance to electric-utility executives is the risk management and compliance portion of the SCORE framework, especially as smart meters are rolled out and new energy-related cybersecurity and data protection regulations emerge. Electric-utility executives should take four key steps to develop or improve their risk mitigation strategies in the age of digital disorder:
- Improve cybersecurity strategy
By 2020, it is expected that almost 72% of European consumers will have a smart meter for electricity. And with the proliferation of smart grids come cybersecurity risks that electricity grid managers should not take lightly, especially considering that almost half of executives told us in our latest Views from the C-Suite survey that cybersecurity is one of their top operational risks. Exploratory cyberattacks carried out by Russia against energy networks in the Baltic countries and the United States in recent years exemplify the threat posed to electric utilities in particular. To improve power companies’ cybersecurity strategies and preparedness, executives must ensure that their workforce is stacked with properly trained employees. Focusing on personnel hiring and cybersecurity education should therefore be a priority of electric-utility executives moving forward as an integral component of their risk management strategy.
- Be aware of new responsibilities and liabilities
Electric utility businesses in the EU must also be prepared for new regulations that further govern security measures in the energy field, as well as customer data rights and clean energy development. The Clean Energy for All European Package is one such regulation that will place new responsibilities on electric-utility businesses moving into 2020 and beyond. For instance, the package includes an electricity risk preparedness section that mandates that EU member states develop national risk preparedness plans, including initiatives to properly prevent and address crises such as extreme weather conditions, fuel shortages, and cyber-attacks, to name a few. Ensuring that preparedness plans are properly implemented and compliant will thus be key for electric-utility executives in the EU.
- Manage digital risk exposure
As more business is conducted online and data is digitized, all companies face some degree of digital risk exposure. In the case of power outages or cyber-attacks, electric-utility companies must develop contingency plans to deal with client complaints and backlash, especially in the current turbo-charged information environment of escalating social activism and fake news. More broadly, by conducting internal audits and assessing how their organizations and employees are using digital technologies—from the cloud to IoT devices—executives can strengthen risk management practices where needed.
- Monitor emerging data privacy and localization regulations
The EU’s implementation of the General Data Protection Regulation (GDPR) in 2018 launched the bloc into a role of global technology regulator. The EU will continue to lead other regions in the creation of further data privacy initiatives in the coming years, some of which could have a significant impact on energy companies. For instance, the proposed ePrivacy Regulation is likely to take effect within the next year and could pose challenges to new business models in—and investments into—the clean energy sector. Collecting consumer data from equipment installed in people’s homes is a key operational aspect of innovative companies in the electric-utility field—and one that could potentially be compromised with the implementation of the new regulation and stronger protection of consumer data in general. European utility providers should ensure that they frequently monitor data protection-related initiatives coming from EU authorities. These efforts can be supported through centralization of compliance teams and more frequent compliance audits.
The big picture
Digital innovations and the regulations that govern them continue to develop at a rapid pace. European energy companies cannot be passive observers of the ongoing digital revolution. Rather, they need to actively mitigate the risks of the digital disorder period while also preparing for the future digital order. Electric utility executives should therefore firm up their risk mitigation strategies to prepare for and counter the more deleterious aspects of the new digital environment. By promoting personnel cybersecurity training, internal audits, and centralization of compliance efforts, electric-utility companies will be well positioned to manage risks in the age of digital disorder.