Perscholas
Perscholas

The Cybersecurity Talent Shortage Putting Energy Infrastructure at Risk

For years, cyberattacks on critical infrastructure were considered a theoretical scenario managed at the national security level rather than within corporate operations. Those days are over. Today, cyberattacks on energy infrastructure are increasingly common. When these breaches succeed, the operational downtime and loss of public trust extend far beyond the IT department.

At the same time, federal regulators have stepped in to introduce severe financial penalties for energy providers that neglect cybersecurity. Regulations now require publicly traded companies to disclose material incidents within four business days. Yet, against this high-stakes backdrop, the energy sector is fighting to secure the IT security talent needed to protect itself. 

The emerging field of energy cybersecurity compliance is at a disadvantage, as industries with more established IT roles offer higher salaries and lighter compliance burdens. Energy employers may be underprepared to manage this new reality, but they can no longer defer building the cybersecurity workforce the modern power grid demands.

Cybersecurity technician reviewing code on a laptop in front of a server rack

The Threat Environment Has Changed

For many industries, a cyberattack might mean temporarily losing access to corporate email or restoring a database from backups. The energy sector could once say the same thing, but the threat environment has evolved into something more disruptive.

Today’s cybercriminals recognize that energy companies can’t afford even the slightest downtime, given the widespread disruption and substantial regulatory penalties that follow. Unfortunately, this has made energy employers prime targets for extortion, and cyberattacks have evolved to take advantage of it. Industry data shows that ransomware targeting energy and industrial infrastructure is accelerating at an alarming rate.

Research by Dragos identified 1,693 ransomware attacks against industrial organizations in 2024, a staggering 87% year-over-year increase. Of the ransomware incidents that Dragos itself responded to in 2024, 75% led to a partial shutdown of operational technology (OT), and 25% resulted in a full shutdown.

IT Vulnerability to Operational Shutdown

While OT is the foundation of energy production and distribution, and the ultimate target of cyberattacks, the path to a breach almost always begins in the corporate IT stack. One of the most consequential examples of this attack vector is the May 2021 Colonial Pipeline ransomware incident.

The breach began with a single unprotected password on an inactive VPN account, something an adequately staffed and trained IT security team should be able to prevent. Because the pipeline operator voluntarily shut down its operational systems to prevent the IT breach from spreading, the Eastern Seaboard faced massive fuel shortages.

The incident ended just one day after the attack. Colonial Pipeline CEO Joseph Blount Jr. agreed to pay a Bitcoin ransom worth nearly $5 million to restore access to the company’s OT and data. In sworn testimony before the US Congress, Blount acknowledged that the widespread outage motivated his willingness to meet the attackers’ demands.

“I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running. It was one of the toughest decisions I have had to make in my life,” Blount testified.

If there is one lesson to be learned from the Colonial Pipeline attack, it’s that adequate IT security staffing remains the first line of defense, even before specialized industrial controls

Two IT security professionals collaborating on system analytics in a technology operations center

The Financial Penalty of Understaffing

The amount Colonial Pipeline paid to end its operational shutdown and secure its data may sound astronomical, but industry studies show it wasn’t far from the average cost of an industrial cyberattack.

IBM, which has been calculating the cost of IT security lapses for decades, found that in 2025, the energy sector’s average breach cost reached $4.83 million. That’s well above the global average across all industries. However, IBM’s data revealed something even more illuminating: the financial penalty of the energy sector’s cybersecurity talent shortage.

“More organizations faced severe staffing shortages compared to the prior year (26% increase) and observed an average of $1.76 million in higher breach costs than those with low-level or no security staffing issues,” the research indicates.

While some organizations attempt to save money by maintaining leaner IT teams, a lean team introduces a massive financial premium when an inevitable breach occurs.

Regulators Have Made Cybersecurity an Obligation

As if the financial risk isn’t enough, there are now legal and regulatory consequences that energy companies have to consider. Several recent regulatory developments have essentially made cybersecurity an obligation in the sector. 

NERC CIP and the Million-Dollar Cost of Noncompliance

Cybersecurity regulations in the US are set by the North American Electric Reliability Corporation (NERC), a federal body with the authority to fine energy companies upwards of $1 million per violation per day.

The largest NERC cybersecurity fine on record is a $10 million settlement with North Carolina’s leading utility, Duke Energy. The figure ultimately reached that level due to the violations’ prolonged duration and recurrence, both hallmarks of an understaffed cybersecurity team struggling to keep up with rigid regulatory demands.

IT security professionals monitoring code and systems in a cybersecurity operations environment

The Four-Day Clock: SEC Disclosure Rules

Since December 2023, publicly traded energy companies have faced a second, highly visible obligation. Any cybersecurity incident deemed “material” must now be disclosed publicly to the Securities and Exchange Commission (SEC) within four business days of that determination. 

This ticking four-day clock highlights another problem arising from understaffing. How fast a cybersecurity team detects, contains, and assesses an incident can make the difference between compliance and significant SEC fines. As one might expect, the disclosure statements must be fairly detailed, as evidenced by this report submitted by energy services giant Halliburton.

The Compounding Pressure of Continuous Monitoring

Other federal mandates shape how energy companies must monitor their OT. This includes regulations that took effect in 2025, which require utilities to implement continuous monitoring of their most critical systems. Each new compliance requirement creates an additional, specialized staffing obligation. These mandates arrive at a moment when the cybersecurity labor market is historically constrained.

The shortage of qualified cybersecurity workers is a well-documented, cross-industry crisis. A recent workforce study by ISC2 found that 67% of responding organizations reported a shortage of cybersecurity professionals. However, energy employers face specific structural headwinds that make it significantly harder for them to compete for this talent than for employers in tech, finance, or healthcare.

Overwhelmed cybersecurity professional surrounded by documents in an understaffed security operations center

A Crisis of Confidence and Constrained Budgets

Proof of just how much energy companies struggle with cybersecurity hiring can be found in the National Governors Association’s 2024 Energy Cyber Workforce Policy Brief. According to the brief, “The National Institute of Science and Technology (NIST) found only 20% of electric utility companies reported feeling confident that they have the cybersecurity talent they need.”

That confidence gap has a structural explanation. Despite years of rising attack frequency, online job postings for cybersecurity roles in the U.S. power utility sector have not risen since 2018. IEA research found that vacancies tend to spike after a major incident but do not persist, suggesting a recruitment posture that is reactive rather than strategic. Energy utilities also consistently lose candidates to industries that pay more for the same skills, making it harder to build and maintain security teams, even when the hiring intent is there.

Cybersecurity Talent Pipelines Built for Energy Employers

Energy employers cannot solve structural market disadvantages by simply competing harder for the same finite pool of experienced candidates. The solution is building a reliable pipeline of trained, job-ready professionals at a cost structure that works.

Per Scholas bridges this gap by manufacturing net-new cybersecurity talent. Through rigorous, instructor-led programs, Per Scholas creates a diverse talent pool uniquely equipped for the energy industry. Each learner is trained on vulnerability assessment, incident response, network defense, and AI-integrated security workflows.

Per Scholas alumni emerge fully prepared for IT security roles at the analyst, administrator, and security operations levels. They earn required industry certifications and connect directly with energy employers through the Power Up Initiative. By utilizing this purpose-built pipeline, employers report retention rates that are 30 to 50 percent higher than those from traditional hiring channels, supported by 2 years of continued alumni upskilling at no cost to the employer.

Two professionals working on laptops in a cybersecurity workforce training program

Meeting the Unique Demands of the Power Grid

At Per Scholas, we recognize that the power grid has unique demands for organizations whose workforce needs extend beyond standard IT security roles into OT and critical infrastructure defense. We work directly with employers to design customized training programs aligned to these specific operational realities.

Ready to secure your energy operations? Energy and utility employers can start with a 30-minute working session with Per Scholas Tech Talent Solutions to map cybersecurity hiring priorities, assess program fit, and explore what a tailored partnership looks like for their organization.

Start by having a conversation with our Tech Talent experts.

Connect with us for an initial skills and talent gap assessment.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Privacy*

Per Scholas

Per Scholas Tech Talent Solutions is unlocking potential by connecting organizations with highly-skilled technologists, ready to step-up and make an impact on day one. We partner together with businesses of all sizes to build sustainable tech talent pipelines and increasing your bottom line through increased collaboration and innovation. Stop Buying Talent. Start Building It.

Your Team Needs a Salesforce Administrator

As more businesses rely on data analytics for everything from sales and marketing to planning and customer management, Salesforce Administrators are in high demand across nearly all industries. Adding a skilled expert to your team is one way to make ...
Download Guide

Upskilling – The Key to Unlocking Potential in Your Teams

Your team needs new skills to achieve digital transformation. Look at these challenges as a chance to re-evaluate what you have and how you can properly train your teams to tackle new goals. Employee upskilling can improve more than just existing tec...
Download Guide

A Guide to Building a Sustainable Tech Recruitment Pipeline: Learn how it can work for you

The tech workforce is growing twice as fast as the rest of the economy. In 2025, there are nearly 500,000 tech job openings across the U.S., yet fewer than 73,000 computer science degrees are awarded each year. With AI adoption accelerating and digit...
Download Guide
Secret Link