Cybersecurity Risks and Defense for a European Energy Retail Business : A Case Study Using FMEA and Bowtie Incident Analysis

The energy industry plays a critical role in powering economies and modern societies, making cybersecurity and resilience essential. This study explores cybersecurity risks and mitigation strategies in the energy retail sector by analyzing incidents in a European energy retail organization under the EU NIS 2 Directive from 2018 to 2023. The research identifies eight key cybersecurity risk categories and applies Failure Modes and Effects Analysis (FMEA) to each, providing detailed risk assessments and recommended defensive measures. Additionally, the study presents graphical cyberattack visualizations using the Bowtie model to enhance understanding of cybersecurity risks in energy retail. From a theoretical perspective, the findings offer a comprehensive view of these risks, grounded in real-world incidents. Practically, the analysis provides valuable guidance on cybersecurity risk management for energy retail organizations and critical infrastructure businesses, ensuring compliance with emerging cybersecurity regulations that mandate executive oversight within IT governance, regulation, and compliance functions.