Lamprell recently attended Global Offshore Wind 2026 in Manchester, one of the industry’s leading events. This year’s theme, “Securing our future”, brought together developers, suppliers, policymakers, regulators and industry specialists to discuss how offshore wind can continue to grow safely, reliably and responsibly.
The event provided an opportunity to engage with the wider offshore wind market and to follow discussions on project delivery, supply chain resilience, export cables, grid connection, new technologies, and energy security. One of the strongest themes across the agenda was cybersecurity.
A business-critical issue
The threat landscape facing the energy sector has intensified. Across the Middle East and globally, critical energy infrastructure is operating in a more complex risk environment, with growing focus on operational technology, connected equipment and the wider supply chain. Threats are also becoming more sophisticated, from AI-enabled phishing and deepfakes to ransomware and state-aligned activity.
As the energy industry becomes more digital and dependent on complex infrastructure, cybersecurity is no longer simply an IT concern. It is a business resilience issue, a safety issue and, in the case of critical energy infrastructure, a national security issue.
Offshore wind is a clear example. A wind farm is not only a group of turbines at sea. It includes foundations, transition pieces, substations, export cables, vessels, ports, control systems, data platforms, suppliers and remote monitoring systems. If one part of the system is disrupted, the impact can move quickly across operations, project schedules, clients and the wider energy network.
Against this backdrop, cybersecurity at Lamprell has evolved from a standalone IT function into a business-wide capability that supports project delivery, strengthens operational resilience, enhances client assurance, and protects people, systems and information.



Trust, reputation and delivery
We continue to see in the media how cybersecurity incidents have a direct link to trust. A serious incident can affect more than systems and data. It can damage brand, reputation and confidence in delivery. Reliability is part of the value energy infrastructure companies provide to clients, and protecting project information, maintaining delivery discipline, safeguarding systems and managing supplier risk all contribute to dependable execution.
Lamprell helps deliver the physical infrastructure required for the energy transition, including offshore wind foundations and transition pieces. This work is supported by engineering, procurement, construction and project delivery capability built over almost 50 years in the energy sector.



Supply chain resilience
Large companies often have mature cybersecurity systems, so attackers may look for easier routes through smaller suppliers, contractors or service providers. Cyber resilience therefore cannot stop at the boundary of one organisation. It must extend across the full delivery chain, from developers and tier-one contractors to equipment suppliers, technology providers, logistics partners and specialist subcontractors.
Major energy companies also expect suppliers to demonstrate strong controls around information security, access management and data protection. Meeting these expectations through pre-qualification and contractual terms is becoming part of how reliability is assessed across the energy supply chain.
Evolving regulation and standards
Regulations and standards are moving in the same direction. Governments, regulators and clients are placing greater emphasis on cyber resilience, operational technology, connected equipment, supplier assurance and business continuity. Companies supporting energy infrastructure are increasingly being assessed on their ability to demonstrate strong cyber governance, secure systems and disciplined risk management.
As Lamprell operates across fast-changing markets, including the UAE, Saudi Arabia, Iraq and India, its cyber and data protection obligations continue to expand across multiple regulatory regimes. Lamprell also participates in industry and national cyber threat information-sharing channels to stay informed about emerging risks, strengthened response planning, and to ensure its approach continues to evolve.
Controls, monitoring and response
Lamprell’s approach is supported by internationally recognised information security standards, including ISO/IEC 27001:2022, and by a 24/7 security operations centre that provides continuous monitoring and response. These controls help protect the business, its projects, its people, its systems and the information entrusted to it by clients.
In 2025, 99% of employees completed mandatory cybersecurity training, and phishing susceptibility was reduced from 11.4% to below 1% over the course of the year. A company-wide disaster recovery drill also validated the organisation’s readiness to respond to potential disruption.
Technology and emerging threats
Artificial intelligence is changing both sides of the cyber landscape. It can help detect threats faster, and Lamprell uses AI-based detection and monitoring as part of its own defences. At the same time, AI creates new risks, including more convincing phishing, deepfakes and social engineering.
“AI has made cyber-attacks on energy infrastructure faster, smarter and more convincing than ever. Our response is to be faster and smarter still, using intelligent detection, continuous monitoring and people trained to spot what malicious tools are designed to disguise, from turbine to grid,” says Muhammad Shemeer Sunil, IT Security Officer.
Lamprell applies AI-driven threat detection, continuous monitoring, a data loss prevention programme and structured third-party risk assessments. The company is also extending security further into operational technology and connected equipment, deepening cyber assurance across its supply chain and continuing to mature its zero trust approach to identity and access.
As the business adopts new technologies, digital platforms and third-party systems, cyber risk management must evolve at the same pace. Digitalisation creates opportunities for greater efficiency, visibility and better project control, but it also requires disciplined governance, supplier assurance and recovery planning.
Safe, reliable and responsible execution
PB Bhat, Group IT Manager & CISO, noted: “As the energy sector becomes increasingly digitised, cybersecurity is no longer just about protecting systems and data. It is about protecting operations, people, economic stability, and national interests.
“Every cyber threat to energy infrastructure has the potential to become an operational, safety, or business risk. Cyber resilience must therefore be embedded into every layer of our operations.”
Cybersecurity requires the same discipline, reporting culture and quality controls that the energy industry applies to physical safety. Risks need to be identified early, controls must be followed, and near misses should be treated as opportunities to strengthen the system.
As offshore wind and the wider energy sector continue to scale, securing the future means protecting not only physical assets but also the digital systems, data, supply chains, and people that enable delivery.
In a connected energy world, resilience is becoming part of delivery.
Contributors: Thank you to PB Bhat, Group IT Manager & CISO, and Muhammad Shemeer Sunil, IT Security Officer, for their input into this article.