Black & Veatch’s 2025 Electric Report finds utilities prioritizing cybersecurity training over tools to tackle digital grid threats - Industrial Cyber

Attacks and Vulnerabilities Control device security Critical infrastructure Industrial Cyber Attacks Malware, Phishing & Ransomware News Reports Utilities: Energy & Power, Water, Waste Black & Veatch’s 2025 Electric Report finds utilities prioritizing cybersecurity training over tools to tackle digital grid threats November 04, 2025 Black & Veatch’s 2025 Electric Report finds that grid digitalization is exposing utilities to growing cyber risks as the number of connected devices increases to the millions. However, the shift toward digitalization and advanced grid technologies demands new skill sets such as data analytics, cybersecurity, and automation expertise that are not traditionally part of utility training programs. About 40% of survey respondents said they are prioritizing cybersecurity training over new technology investments, acknowledging that software alone, without the right expertise, can create a false sense of security. This was followed by the incident response plan at 32% and monitoring and response at 29%.  In the 31-page report titled ‘Black & Veatch 2025 Electric Report,’ the Overland Park, Kansas-headquartered company highlighted that while monitoring and response (29%) rank among the top three cybersecurity risk mitigation priorities, 34% of respondents don’t know if they’ve bridged the gap between physical and cyber systems, exactly where attackers slip through. Now in its 19th year, the Black & Veatch 2025 Electric Report shows the power sector shifting focus from emissions reduction to meeting surging electricity demand, driven largely by rapid data center growth. Based on insights from 500 U.S. energy leaders, the report highlights the decisions and strategies shaping the nation’s electric future. The report added that respondents are focused on identifying and managing attacks. “Only 19% of respondents now rank compliance assessments as a priority, demonstrating that utilities are moving past assessments and are ready to take action. Cyber is about visibility and control. Utilities want to invest in developing both. Running a modern grid requires staff who understand both operational systems and cyber risk. Many utilities are doing just that, but it can be a challenge.”  Furthermore, operations teams that once focused solely on hardware and uptime are now being asked to scan logs, document evidence of compliance, and assess threats. “But when equipment fails or maintenance windows tighten, operations take priority and security slips. That’s when systems are most exposed.”  The 2025 Electric Report found that utilities bringing in outside cybersecurity experts face a common challenge, with too few on-site staff who understand both grid operations and the cybersecurity risk landscape. “Consultants understand threats and regulations, but often aren’t authorized to act. If no one locally understands the systems and protocols, the ability to deter, detect, respond, and recover may fail.” “This isn’t just a technology challenge. It’s an organizational one,” according to the report. “Until cybersecurity, operations and communications speak the same language — and until information technology (IT) and operational technology (OT) systems are truly integrated — risks remain embedded, invisible and potentially catastrophic. Converging IT and OT isn’t optional; it’s a critical element to building a resilient, secure enterprise.” “Strategic planning must integrate structural climate risks and navigate complex, often fractured regulatory landscapes,” Charlie Sanchez, president for infrastructure advisory at Black & Veatch, wrote in the report. “Together, we have an opportunity to lead by establishing cohesive, forward-looking frameworks that align federal, state, and regional priorities — embedding resilience not only in physical infrastructure but also in cybersecurity, where organizational alignment is as vital as technological defense.”  Sanchez added that reflecting on this year’s Electric Report further solidifies that the path forward calls for bold, coordinated leadership. “Success will not come from incremental improvements, but from building adaptive, intelligent systems — grounded in proactive planning, disciplined governance and agile asset management — capable of thriving in a dynamic energy landscape.” Identifying that U.S. utilities are at a pivotal juncture, Kristie Deiuliis, Black & Veatch’s managing director of strategy, planning, and optimization, wrote that “Balancing competitive forces, they must be able to serve the forecasted load growth while at the same time maintaining reliability standards, addressing pressing interconnection needs from distributed generation assets and prioritizing physical and cybersecurity.”   The 2025 Electric Report also found an uptick in both cyber assessments and pilot projects. However, when asked about capital allocations for grid modernization programs, 27% of respondents were unable to specify an amount. New technologies and suppliers are being integrated together in new configurations that advance functionality while introducing cyber vulnerabilities never observed before.  Although the value of networking across devices increases productivity, helps with costs, ensures predictability, and benefits the quality of service, no one planned for the multiplying number of devices in the market to talk to each other. Integration thus becomes a daily grind. Supervisory Control and Data Acquisition (SCADA) must coordinate with the Distributed Energy Resource Management System (DERMS).  “OT cybersecurity needs to mesh with communications infrastructure,” the report identified. “Data systems must normalize information from legacy platforms and new edge sensors in real time. It all breaks down fast when organizational charts don’t match the architecture. Cybersecurity is a case in point. One team owns threat detection. Another owns grid controls. A third handles automation. Each group is working hard, but not always in perfect harmony. That’s how gaps are created and vulnerabilities are formed.” Joe Zhou, vice president and senior managing director at Black & Veatch, noted that utilities that actively embrace orchestration are better positioned to integrate DERMs, manage volatility, and optimize grid performance. “But orchestration isn’t a single platform or product. It’s a capability — one that spans ADMS, DERMS, OT cybersecurity, and data infrastructure. It requires breaking down silos between engineering, operations, and IT and rethinking how decisions are made and executed.” Another interesting data point from the 2025 Electric Report was that while 37% of respondents expect OT system recovery within a day, only half base their cybersecurity investments on formal risk assessments, suggesting confidence may exceed actual preparedness.   The 2025 Electric Report recognized that utilities continue to grapple with the strategic choice of whether to build cybersecurity with in-house resources or rely on outside expertise. Many are choosing to do both, indicating a new hybrid model that ensures in-house expertise and continuous learning with outside counsel.  “The 2025 data show a near-even split: 40% of respondents have used external experts for OT systems; 33% haven’t,” the report detailed. “It’s not just about budget. It’s also about complexity and organizational capacity. Smaller utilities with limited infrastructure can often manage with external support. But as companies and systems grow — leading to more plants, more interconnections, and more digital control — the risks quickly outpace what internal experts may be able to take on.”  At some point, the report added that utilities need more expertise, as well as consultants who understand their architecture and can act fast. A utility may have advanced systems, but cannot recruit, train, and retain skilled cyber staff to adequately protect those systems. That’s why even large utilities must rely on outsourcing. And without structured planning, those decisions can be risky. Only half of utilities base cybersecurity investment on formal risk analysis. The report also identified that 18% of respondents still cite compliance as a top concern. “And while meeting regulatory requirements is essential, it should be seen as a floor, not a ceiling. Compliance frameworks define minimum standards. But in OT environments, where failures can trigger physical consequences, mere compliance doesn’t always mean secure and safe. This is especially true in systems with legacy infrastructure or limited visibility. Defensive strategies need to hold up under pressure, not just check boxes,” it added.  “The goal is to move beyond compliance to true resilience — embedding cybersecurity throughout the asset’s lifecycle, promoting a cyber-aware culture and focusing on impact,” Ian Bramson, vice president for global industrial cybersecurity at Black & Veatch, said. “Rather than trying to defend everything equally, we counsel clients to take a consequence-driven approach: prioritize assets based on the impact of a successful attack. Systems that affect safety, service continuity, or public health should get the most protection.”  With substation attacks doubling between 2021 and 2023, the real solution lies in integration, not just technology. “The real problem isn’t just technology; it’s separation. Cybersecurity still operates too far from day-to-day grid operations, automation, and communications. Training operations staff on cyber risks isn’t optional anymore. Cybersecurity teams can’t afford to stay isolated from operational realities. Both sides need a common language and mutual trust.”  The 2025 Electric Report detailed that the threats don’t distinguish. “Malware leads the list at 41%, followed by cloud vulnerabilities (38%) and ransomware (37%). These are operational risks. They require fast, informed action by people who understand the systems inside and out. Yet 34% of respondents don’t fully understand how physical and cyber risks intersect. Only 22% use unified teams. That’s a dangerous gap.”  It also found a significant rise in substation attacks, up 50% in 2023 from just 23% in 2021, making clear that attackers don’t distinguish between physical and digital entry points — yet many utilities still do; different departments manage physical and cyber with different tools, teams, and response protocols. “That leads to a fragmented defense in a world of blended threats.” The 2025 Electric Report said that grid modernization will only magnify these challenges. “More connected devices. More automation. More complexity. At the same time, recent regulatory changes may push utilities to act. NERC CIP-015-1, for example, was formally approved by the Federal Energy Regulatory Commission (FERC), setting expectations for securing critical infrastructure. It focuses on protecting the grid from supply chain threats, reinforcing the idea that utilities must now manage not just their own systems, but also the risks embedded in their vendors’ hardware and software.”  It added that utilities that successfully break down silos can build tighter integration across roles, departments, and systems. “Through internal training, outside partnerships, or hybrid approaches, the goal is the same: cybersecurity that’s built in, not bolted on. It’s a good sign that 40% of respondents are putting training first. However, if cyber teams and operations crews continue to work in parallel, rather than together, it won’t be enough. Cybersecurity needs to be treated akin to system reliability: something everyone owns. That shift won’t happen overnight, but the sooner it does, the stronger the grid becomes.” “For medium- and high-impact facilities with external routable connectivity (ERC) systems, FERC’s approval of CIP-015-1 on Internal Network Security Monitoring (INSM) represents a major step forward,” Anirban ‘Sunny’ Ghosh, NERC CIP lead, global industrial cybersecurity at Black & Veatch, said. “This new standard promotes integrated asset visibility, enables proactive threat detection, and drives a shift from reactive defenses to a preventive cybersecurity posture. By embedding cybersecurity into every layer of grid operations — whether in legacy systems or new projects — power utilities need to build resilient, future-ready environments that protect against both cyber and physical threats. This integrated approach is essential to ensuring a secure, reliabl,e and sustainable energy future.” The Black & Veatch 2025 Electric Report highlights a pivotal moment for the power industry as the energy transition itself evolves. Survey responses show utilities navigating early-stage shifts, often feeling challenged by rising demands and policy changes. “Grid modernization is gaining traction, with twice as many respondents planning to adopt dynamic line ratings within five years. Recent Integrated Resource Plans show more gas capacity additions than solar or wind through 2035. Smart-grid investments are also set to rise in 2026, focusing on field devices and cybersecurity.” The 2025 Electric Report outlines several paths forward for the utility sector amid shifting federal policies and ongoing market changes. Utilities are forming new business models with large-load data centers, including advance payment agreements for grid upgrades. With data center power demand expected to double by 2030, utilities must secure contracts that manage risk and require flexible load participation to support grid reliability. Respondents also anticipate greater challenges in integrated transmission planning, as new FERC and regional mandates demand longer-term planning horizons. On cybersecurity, it was assessed that while many utilities are already conducting regular assessments, reduced federal oversight will require them to take more responsibility for protecting their systems, potentially by bringing in outside expertise.  In May, Black & Veatch released its 2025 Water Report that provided a layered, unflinching look at the pressures shaping the future of the U.S. water sector. As utilities contend with aging infrastructure, persistent workforce attrition, and the toxic legacy of ‘forever chemicals,’ they also face rising demands linked to digital transformation, artificial intelligence, and cybersecurity threats. Anna Ribeiro Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT. Related CCB report reveals rising cyber pressure on critical infrastructure as reporting surges under NIS2 Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure Marlink warns surge in satellite spoofing is blinding maritime digital infrastructure, disrupting vessel navigation Stryker rules out ransomware, confirms threat actor used non-propagating malicious file FCC expands Covered List to block high-risk routers and drones, tighten ban on foreign-made connectivity devices Tenable Hexa AI brings agentic automation to exposure management across IT, OT and AI environments NIST expands CSF 2.0 toolkit with quick-start guides aligning cyber risk, risk management, workforce strategy PwC Annual Threat Dynamics 2026 discloses that identity attacks surge as AI reshapes cyber threat landscape Forescout achieves FedRAMP high ATO, strengthens security for converged IT, OT and IoT networks Darktrace introduces Adaptive Human Defense to personalize security training and protection across organizations