Skip to Primary Menu Skip to Utility Menu Skip to Main Content Skip to Footer
Noname Security Logo

2023 API Security Trends for Energy and Utilities

Dan Murphy
Share this article

As environmental consciousness increases across the globe, the pressure on energy and utilities companies continue to intensify. The global community now understands that how we create and access energy affects geopolitical dynamics, food sourcing, climate change and other concerns that will literally dictate the course of human history.

To meet these challenges, the energy and utilities sector is now embracing digital transformation. However, these industries can be considered late-adopters of application programming interfaces (APIs), and their rush to dive into the deep end of such technologies, coupled with the tremendous amount of money they manage, makes them attractive targets for cybercriminals.

To paint the picture clearly, Noname Security’s 2023 API Security Trends report provides updated insight on last year’s research, surveying over 600 CIOs, CISOs, CTOs, and senior security professionals from UK and US-based organizations across six industries. 117 of these respondents were from the energy and utilities sector. With that in mind, this blog post will highlight the most common API security risks within the utilities sector, what’s at stake in navigating threats and the best strategies to make energy-related APIs safe and effective. You’ll also get access to the full report – free!

The Threat is Real

Of the six industries examined, energy and utilities was the only subgroup to see no change in the volume of API security incidents from 2022 to 2023. Holding firm at 78% of respondents reporting such problems, threat actors have found an enticing and susceptible target that they don’t plan to move on from any time soon.

Blind Spots

A key objective of Noname’s research is to highlight for industry leaders the disconnect between their API security procedures and the impact attacks are taking on their operations. Despite the consistently-high occurrences of breaches, 94% of energy and utilities survey respondents expressed confidence in their API security tools.

A Clear Target

While other industries posted slightly higher numbers in overall security incidents, the energy and utilities sector has a specific problem deeper than any other cohort. Web application firewalls were reported as the top attack vector at a rate higher than the five other sectors polled. This is particularly noteworthy given that firewalls were found to be the least targeted area in 2022.

How the Sector Loses When Cybercriminals Win

Given the sector’s importance to our global environment and economies, failures in API security often result in prominent news stories. However, there are also more nuanced pitfalls for industry leaders when defense systems fail.

Human Capital

With so much at stake in our developing energy landscape, it stands to reason that employees of related companies would feel a personal investment in their work. Noname’s survey found evidence of just that, revealing that nearly 60% of respondents have dealt with a loss of employee goodwill following a security incident.

Arrested Development and Profits

More than half of those polled within the energy and utilities sector reported a loss of organizational productivity and fees to implement solutions as costs of API security failures. Fines from regulators and customer churn were also cited as common impacts.

What Can Be Done

Although this sector has not been an early innovator in the digital space, the need to successfully integrate technology into organizational structures has grown too large to ignore. A heightened understanding of the problems the industry faces, along with progress within the securities industry, provides hope for the present and future.

Know Your Enemy

Increased focus on API security can go a long way toward thwarting threat actors. The second year of survey data showed significant jumps in companies’ inventory of their APIs, as well as knowledge of which platforms exchange sensitive data that would be most detrimental to have affected.

Value Added

Healthy, dynamic APIs aren’t only critical to the energy and utilities sector risk mitigation – they can also enhance their operational and financial prospects. Over half of respondents labeled API security a “business enabler,” and the volume of those reporting that such measures help them comply with GDPR exceeded all other sectors.

Partnership Matters

Frequent testing of API security strength is the most direct, impactful way to stop cybercriminals. Daily and real-time testing increased year-to-year thanks, in large part, to security partners equipping the sector with the necessary tools. Industry leaders also reported a reliance on security partners to fulfill PCI DSS requirements, underscoring the value of tools which enhance visibility to the type of PII moving across an organization’s APIs.


Simply put, there is too much at stake for the energy and utilities sector to fail in their transition to digital operations. The operational need is so prominent, and the vulnerabilities so lucrative, that the sector and cybercriminals will be locked in a tug of war for dominance for years, if not generations, to come. Energy and utilities industry leaders would be well-served by reading the report, learning more about API areas to protect and how to preserve a secure environment.

Click here to download the full report – 2023 API Security Trends for the Energy and Utilities Sector.