A survey conducted by the consulting firm PwC indicates that oil and gas industry executives are confident that their companies’ information security practices will provide protection from cyber attacks, despite poor intelligence of how and when future attacks could be mounted.

In a 26-page document titled “Eye of the Storm,” — which highlights PwC’s 2012 Global State of Information Survey (GISS), conducted worldwide by PwC, CIO Magazine and CSO Magazine — PwC found that executives believe they have effective strategies in place.

“After three years of cutting information security budgets and deferring security-related initiatives, respondents are bullish about security spending,” said PwC spokesman Mark Lobel. “What is evident, however, is that many of the vulnerabilities that began emerging last year — two years after the global economic downturn — are still present and require attention.”

According to the report, 46% of the 143 oil and gas executives questioned in the GISS said they believe their companies have implemented effective strategies to ward off cyber attacks. Another 28% of respondents said their companies were better at planning a strategy to fight cyber attacks than actually implementing a plan, while 16% said their companies actually had the opposite problem: better at implementing than planning.

Executives at 9% of oil and gas companies considered themselves to be in a “firefighter” mentality, lacking both a strategy and the ability to implement one. Those companies, the report said, “are typically in a reactive mode.”

PwC said that within the last four years, oil and gas executives had gained remarkable clairvoyance into security matters. In 2008 the GISS found that 45% of respondents didn’t know how many security breaches had occurred within a 12-month period, and 48% didn’t know what type of incident occurred or what the source was.

In this year’s survey, only 9% of oil and gas executives said they didn’t know how many security breaches had occurred within a 12-month period. Another 10% didn’t know what type of incident occurred, and 21% did not know the source of the incident.

Hackers remained the top suspect of cyber attacks (47% in 2011), but PwC said the threat of an attack by a third party — like a partner or supplier — had increased dramatically (23% in 2011, up 475% from the 2010 figure of 12%). In 2011 employees and former employees accounted for 27% and 24% of attacks, respectively. The employee figure declined 23% from 2010, when it was 34%.

“For years the most commonly suspected source of breaches has been employees, both current and former,” Lobel said. “This has remained constant.”

PwC has been conducting GISS for 14 years; CIO and CSO magazines have assisted with the survey for nine years.

©Copyright 2011Intelligence Press Inc. All rights reserved. The preceding news reportmay not be republished or redistributed, in whole or in part, in anyform, without prior written consent of Intelligence Press, Inc.