At its core, the oil industry has a very simple mission: finding and producing oil, driving value, and ultimately replacing the reserves to ensure there is more oil to come. It once was relatively easy work with plentiful options, but in recent decades it’s become increasingly complex: Oil is harder to find; it’s deeper in the earth, it’s located in more hostile environments without easy access to modern technology. Those circumstances are driving entirely new business models in the industry, involving more joint ventures, reliance on new, more complex technology and tactics, and involvement with a broader range of third parties. This major global transformation requires organizations to be able to predict, identify, and manage myriad changes nearly simultaneously to thrive.
In my conversations with clients and heard at industry events -- such as the 9th Annual API Cybersecurity Conference & Expo where our Senior Executive Advisor Mike McConnell is giving the keynote and the Abu Dhabi International Petroleum Exhibition & Conference where this year Vice President Terry Thompson is speaking about technology security challenges – there is a sense that energy companies have the fundamentals, such as technology development, cyber, IT, risk, and investment and regulation under control. But leaders tell me that what concerns them are the implications and risks related to each of these components of the business that are not being raised to the board level for a more holistic view of risk management. Here’s an example: a company may have a robust protection from Phishing attacks, but if one is successful and results in the loss of private personal or client information, that could be a crushing blow to customer relationships, and trigger regulatory issues and other impacts.