According to a Moody’s Investors Service report released on November 4, 2020, privately owned utilities are better prepared to face cybersecurity threats than not-for-profit utilities.[1] [2] The report surveyed 115 private, state-owned, unregulated and not-for-profit electric utilities. Moody's found that smaller utilities that operate in the not-for-profit space don't have the same resources to handle cybersecurity threats while private utilities have more funds to combat cyberthreats and are more likely to have advanced defensive tools at their disposal to counteract hackers. Larger utilities also have more training against some of the common attack methods like email spearphishing, which is when hackers send malicious links aimed at tricking victims to give up valuable information or inserting malware into their devices. The report also found that only the largest utilities with total assets valued at over $100 billion have directors on their board with any cybersecurity expertise.

[1]https://www.eenews.net/energywire/2020/11/05/stories/1063717835?utm_campaign=edition&utm_medium=email&utm_source=eenews%3Aenergywire

[2] https://www.moodys.com/research/Moodys-Electric-utilities-cybersecurity-readiness-tied-to-scale-and-business--PBC_1252439