I was very surprised to find that over three quarters of the global energy providers surveyed recently admitted to having at least one data breach in the last year. What might be more amazing to me is that 71% said their executive teams didn't understand or appreciate the value of IT security and only 21% think their current tools provide attacks through the smart grid system.
Now that could be scary. While I'd like to think a smart grid is the way to go for more efficient energy usage, especially as we all start to use more energy in our daily lives, a lack of security here could have huge consequences. We could find customers over-, or undercharged on their bills. A nightmare to sort out and prove for either side. We could find customers overloading the system, possbily resulting in grid shutdown, not from usage, but possibly from poor reporting.
However the impact to our energy system isn't the worrisome thing. The fact that executives don't understand or appreciate IT security, or haven't conveyed that message to the IT staff, is a problem. How any corporate leader can discount the value of securing their technology systems speaks to a fundamental problem in many of our corporations.
I think that lack of penalties, lack of repurcussions from consumers, and the short memory of the public mean that executives can dismiss security precautions as a lower priority. That and the fact that it seems to be relatively easy to cover up breaches from the public. There will always be another target, and without a direct effect on people in the short term, there will not be enough attention paid to any of these attacks to raise them to a high priority level for executives.
They might be right, and perhaps there isn't enough of a downside for the company, but as a data professional, there certainly could be a downside for you. There will often be someone held accountable, even if the issue isn't publicized, and that person could easily be you. Follow best practices for security, raise awareness where you can, and document the exceptions with your objections noted. It might not make the company more secure, but it likely will help you keep your job.