From ransomware attacks on grid assets to AI-powered spear-phishing targeting solar developers, cyber threats are increasingly putting energy infrastructure at risk. For the energy transition to scale, cybersecurity is imperative. This is creating a massive opportunity for startups.
Today's energy landscape is entering an era of assets that are digital by default. As sensors, controls, and real-time optimization become table stakes across renewables, EV infrastructure, smart buildings, and industrial automation, the industry’s attack surface is expanding. Every connected inverter, voltage regulator, and IoT device becomes an entry point — not just for performance monitoring, but for threat actors.
Cybersecurity is no longer a “nice-to-have” tucked under IT. It’s a strategic pillar of infrastructure resilience — and increasingly, a wedge for new software innovation.
At Energize, we’ve been tracking this shift for nearly a decade. In 2018, we invested in Nozomi Networks, now a global leader in OT cybersecurity. Examples of their projects include working with the French government to secure Paris infrastructure during the 2024 Olympics and expanding asset visibility and threat detection for the Dubai Energy and Water Authority. We’ve also invested in Finite State (vulnerability assessment for connected devices), Avathon (formerly SparkCognition, an AI-enabled predictive maintenance and endpoint security platform), and Awake Security (now part of Arista, offering AI-driven network detection and response [NDR]). Since entering the market, we’ve seen immense transformation, as well as expanding opportunities for cybersecurity tools. What’s changed now is not just the volume of cyber threats, but the convergence of geopolitical risk, underprepared industry stakeholders, and exponentially increasing attack sophistication resulting from AI. At Energize, we talk a lot about a resilient energy economy – one that can respond to climate disasters, provide reliable, sustainable energy, and meet growing demand. That resilient energy economy also relies on a robust cybersecurity toolkit.
Here’s why it matters more than ever.
The clean energy transition isn’t just decentralized — it’s deeply connected. Distributed Energy Resources (DERs), like rooftop solar, EV chargers, and home batteries, are being integrated into digital systems to enable responsiveness, market participation, and efficiency. This connectivity is essential for optimization, but it also creates millions of new vectors for exploitation. In fact, the number of connected IoT devices globally is expected to surpass 41 billion by 2030, with critical infrastructure sectors like energy and manufacturing leading the charge.
Legacy operational technology (OT) was not built for this level of exposure. As utilities and developers bolt on connectivity and analytics to systems originally designed to be air-gapped, cracks emerge. Visibility improves — but so does vulnerability. And in many climate-linked sectors, cyber maturity remains low.
Cyberwarfare has escalated dramatically, with energy infrastructure becoming a primary target. Numerous countries have been implicated in advanced persistent threat (APT) campaigns designed for strategic disruption in addition to financial gain. The Colonial Pipeline ransomware attack in 2021 offered a glimpse of what’s at stake — beyond a $5 million ransomware payout, the attack resulted in fuel shortages, supply chain breakdowns, and nationwide panic.
For some bad actors, power outages and SCADA disruptions are the point, not the collateral. This vulnerability underscores the need for defensible digital infrastructure across the clean energy value chain.
The average cost of a single data breach now exceeds $4.8 million— and it's materially higher in energy and industrial sectors. Global ransomware payments in 2023 were the largest ever observed, surpassing $1.1 billion1. In many cases, companies pay not to restore data, but to avoid catastrophic service interruptions.
Unsurprisingly, cyber budgets are rising fast — averaging a 12% CAGR since 2020 — and CIOs and IT decision makers now rank cyber spend as a top priority, even over AI and data infrastructure2.
From NERC-CIP enforcement in the U.S. to new AI-driven cybersecurity mandates in Europe and Asia, governments are stepping in to safeguard infrastructure. In the U.S. alone, over $900 million in fines have been levied for non-compliance in energy and utilities since 2007, with penalties now reaching over $1 million per day for severe violations3.
At the same time, landmark frameworks like the updated NIST Cybersecurity Framework and enhanced SEC cybersecurity oversight are establishing broader guidelines for securing digital assets, expanding threat sharing, and advancing AI-enabled defense — especially in critical infrastructure with new Software Bill of Materials (SBOM) requirements requiring additional transparency and security across the supply chain4.
Compliance is no longer optional. But navigating these shifting sands isn’t easy — and it creates an opportunity for forward-looking cybersecurity startups to guide the way.
To add fuel to the fire, AI is supercharging both sides of the cybersecurity arms race.
On one hand, generative models are a force multiplier for attackers, enabling hyper-personalized phishing, facilitating data leaks through unapproved use, and supercharging polymorphic malware development that can more effectively evade defense systems dynamically.
On the other hand, AI is also empowering defenders: cutting detection and containment times by 30–50%, automating triage and response, and improving threat intelligence at scale5. The market for AI-enabled cybersecurity solutions is forecasted to grow at 26% annually — one of the fastest-moving categories in enterprise software6.
For energy and climate, this means the best protection will come from AI-enabled tools built with the industry’s needs in mind.
Cybersecurity isn’t an add-on to climate innovation — it’s a prerequisite for scaling it.
To reach the next phase of a digital, distributed, and decarbonized energy system, it’s essential to remember that what can be optimized with software can also be weaponized with software. As a result, we need digital systems that empower emerging technologies, not compromise them; the companies that understand this will emerge as central players in the energy transition. At Energize, we believe cybersecurity represents not just a risk category, but a responsibility and an innovation frontier — one where we remain committed to deep research, conversations, and capital support.
We know that building long-term value means supporting technologies that can thrive under pressure — whether from market forces, regulatory shifts, or cyber threats. And we’re eager to partner with the founders who are building accordingly.
We’re actively exploring the frontier of cybersecurity in energy, climate, critical infrastructure, and industrials. If you’re building in this space, we’d love to hear from you! Reach me here on LinkedIn.
Sources: