Utilities’ Security Initiatives in Smart Grid Ecosystem Ramping Up, According to New IDC Energy Insights Survey 

FRAMINGHAM, MA, July 12, 2011 – IDC Energy Insights announced today the availability of a new report, Business Strategy: Smart Grid Security – What’s Real and What’s Hype (Document # EI229072). The new report provides analysis of the security initiatives among North American utility companies, based on a survey of over 150 U.S. utility respondents, as well as in-depth interviews with utility personnel responsible for security at utilities, including CIOs.

As the smart grid progresses rapidly among North American utilities, so have security concerns. Senior management in the utility companies have acknowledged the need for a robust security methodology and as a result, the year 2010 and onward has seen strong commitments toward security as well as an increase in security budgets. In fact, more than 75% of the respondents surveyed deem security investments to be of the highest importance. At the same time, 38% of the respondents depict security to be one of the top IT initiatives this year.

According to the results, in 2011, utilities are spending their budgets updating the security appliances and software, especially focusing on client security (antivirus, anti spam, anti-malware) and intrusion prevention.

Although security initiatives in the smart grid ecosystems are ramping up, these efforts may not be sufficient. While large investor-owned utilities (IOUs) and public cooperative utilities are spending money and setting up best practices to streamline security, they only embody 20% of the utilities in the United States. To enable industry-wide momentum, CIOs and CISOs will need to carefully evaluate the architecture to ensure end-to-end infrastructure safety and protection, given all the unknowns in the smart grid arena. The new IDC Energy Insights report provides key recommendations on developing a security strategy to address challenges and ensure protection.

Other findings in the report include:

• More than 60% of the survey respondents plan investments in new security solutions or maintaining or upgrading their existing solutions. Planned investment in security software is particularly high: 58% of respondents stated that investment in security software will comprise 25-49% of their budget.

• A majority of utility CIOs recognize that data protection will be a key issue. Some utilities are already collecting large amounts of data via their pilot programs, and they are starting to realize that to win customers' confidence, they have to employ protection schemes.

• Many utility CIOs express concern about the lack of security standards for home area networks (HANs), which will push security vulnerabilities upstream, requiring the utility to perform ongoing vulnerability testing in multiple areas.

"There's great momentum in the industry towards ensuring security is addressed in smart grid projects; however, these efforts are led by 50% of the large utility companies," says Usman Sindhu, senior research analyst, IDC Energy Insights. "While investments are picking up, utility companies are still behind on developing a security-aware culture. CIOs and CISOs will play a key role; they should be ready to work with operations and engineering groups to ensure security and risk practices are implemented."

For additional information, or to arrange a one-on-one briefing with Usman Sindhu, please contact Sarah Murray at 781-378-2674 Reports are available to qualified members of the media. For information on purchasing reports, contact

About IDC Energy Insights

IDC Energy Insights assists energy businesses and IT leaders, as well as the suppliers who serve them, in making more effective technology decisions by providing accurate, timely, and insightful fact-based research and consulting services. Staffed by senior analysts with decades of industry experience, our global research analyzes and advises on business and technology issues facing the utility and oil and gas industries. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology market. IDC is a subsidiary of IDG, the world’s leading technology, media, research, and events company. For more information, please visit, email, or call 508-935-4400. Visit the IDC Energy Insights Community at 



Recent News

If you would like to interview an IDG employee or quote an article in your news coverage please fill out the form below: