Clearly, the perceived threat of cyber attacks varies across industry verticals, but the actual threat level does not differ greatly. Most, if not all verticals have data worthy of a cyber attack and are, therefore, targeted on a regular basis. Due diligence should be universal across the spectrum of industry verticals.
Near continuous use of mobile devices is certainly a concern for C-level employees, but do not take security awareness for granted. Though individuals in these high ranking positions should be more aware than most of the cyber risks they face, they may not leverage that knowledge and take the right steps to protect themselves. Continue to educate all employees including your C-suite. Use that time honored adage from the back of your shampoo bottle – Train / rinse / repeat!
I have very happy to see this level of preparedness on the part of energy officials in South Korea. Threats to critical infrastructure are certainly real and in some cases more eminent than we care to admit. All nation states should have tested and realistic plans to deal with these type of threats. Such a practice is not reactionary or alarmist, but instead prudent and pragmatic.