In the previous installment of our five-part, we discussed the first three of six interlocking levers that will allow utilities to reinvent their operations: eliminate friction at the edge, augment agents as workforce multipliers and run as a digital utility. In this third article, we set out the remaining three levers. To effect the desired reinvention, all six levers must be used in a coordinated fashion, not in sequence or isolation.
Customer experience extends beyond just apps. It is shaped by factors like truck rolls, outage duration, equipment forecasting and load balancing. Every physical operation now has a digital impact, and every outage moment is a brand moment.
However, operational technologies (OT) often remain disconnected from customer experience (CX) design. Field service teams lack visibility into customer complaints and ongoing journeys, while control centre decisions don’t trigger real-time messages. Crew scheduling optimization happens in isolation from communications.
Gartner has forecast that by 2027 no less than 40% of North American utilities will have implemented AI-driven operations in their control rooms.1 The focus is shifting from simple uptime and load capacity to customer-facing measures like outage resolution per segment, satisfaction during grid stress events and proactive mitigation efficacy. A digital utility bridges this gap by connecting real-time grid data with customer contexts in an adaptive, intelligent, and human-centric manner.
What reinvention looks like:
Progressive European and some Canadian utilities have begun integrating GIS, SCADA, OMS and CRM platforms into unified cloud-native environments. These ecosystems enable internal teams, not just IT, to see which customers are affected by which assets and shape service messages accordingly.
Regulators are aware that grid modernization is underway and are increasingly interested in seeing whether infrastructure investments are translating into better experiences, not just improved capacity. They want to know if smart meters are enabling smarter service, if outage data is improving personalization, and if grid telemetry is being used to prioritize service allocation fairly.
Running as a digital utility requires being able to answer ‘yes’ to each of these questions and to provide supporting evidence.
In today’s digitally interconnected utility landscape, cybersecurity and data privacy have become central pillars of customer trust, operational resilience and regulatory compliance. They are no longer back-office IT concerns but must be integrated into every layer of utility operations.
The North American utility sector faces evolving and intensifying cyber threats that target both customer data and grid OT. According to Gartner and Canadian national cybersecurity authorities, by 2026, up to 25% of utilities are expected to experience grid disruptions triggered by cyber-physical attacks on distributed assets and communications networks.2
Breaches involving customer personally identifiable information (PII), billing data, and payment systems significantly erode public confidence and invite regulatory scrutiny. The annual global cost of cybercrime affecting utilities collectively runs into hundreds of millions of dollars, with fines, reputational damage, and cost-to-recover frequently outweighing prevention investments.
Overcoming the complexities of embedding cybersecurity in utility operations requires addressing several key challenges:
Regulatory expectations – driven by stringent frameworks like NERC-CIP, GDPR and growing privacy regulations – add layers of process rigor and audit complexity. Human factors, including social engineering, insider risks and the security of third-party vendors, remain persistent weak points.
To address these challenges, a reinvention of cybersecurity practices is necessary. This involves adopting zero trust architecture, which requires continuous validation of devices and users across all systems, networks and endpoints. Multi-factor authentication (MFA), micro-segmentation of critical infrastructure and ‘least privilege’ access policies are essential components of this approach.
Integrated Threat Detection and Response (TDR) is another key aspect of this reinvention. AI-powered Security Operations Centers (SOCs) are employed to detect anomalies, automate threat hunting and enable rapid incident containment and recovery. Cyber-Physical Resilience is also crucial, involving the design of fail-safe mechanisms, redundancy and manual overrides for OT to ensure grid stability during cyber incidents.
Furthermore, embedded security in development is essential, requiring a shift from ‘bolt-on’ security to DevSecOps practices, integrating security review from software development through deployment and monitoring phases. Comprehensive employee training is also crucial, with all roles – including field technicians and call centre staff – continuously educated to recognize phishing, ransomware and social engineering risks.
Data privacy and ethical AI are also important considerations. Develop consent and audit frameworks to ensure transparent handling of customer data, especially when AI systems influence decision-making or communications.
Regulators and utility commissions have raised their expectations regarding cybersecurity maturity. State public utility commissions increasingly require utilities to submit cyber risk reports as part of rate proceedings. Failure to demonstrate robust cybersecurity readiness now threatens regulatory approval and may trigger remedial orders.
For instance, the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards continue to evolve, requiring more stringent reporting and control requirements.3 At the provincial level in Canada, for example, cybersecurity framework adherence and transparency are prerequisites for capital and operational expenditures related to customer service platforms.
Cybersecurity and trust cannot be afterthoughts or compliance checkboxes. They are fundamental enablers of customer confidence and business continuity, unlocking the freedom to innovate and serve proactively. Utilities that embed security by design transform existential risks into competitive advantages by demonstrating resilience and transparent stewardship of customer data.
The energy landscape is rapidly evolving from a centralized, one-way supply model to a dynamic ecosystem of producers and consumers. Increasing penetration of distributed energy resources (DERs) – such as solar panels, home batteries, electric vehicles and smart thermostats – and the emergence of Virtual Power Plants (VPPs) empowers customers to produce, manage and monetize energy, disrupting traditional utility roles.
In this new reality, customers no longer see themselves as passive recipients. They expect interaction with their utility to be transparent, collaborative, responsive to their contributions, and rewarding in economic and environmental terms. Utilities that fail to embrace this shift risk losing customer loyalty to aggregators and third-party platforms that facilitate DER participation and energy trading.
To win in this prosumer-driven future, utilities must become platforms for engagement and value orchestration, not just distribution gatekeepers. This reinvention involves several key strategies:
Emerging regulatory frameworks increasingly encourage the integration of DERs and prosumer participation as part of utility performance measures. Performance-based ratemaking models are evolving to reward utilities for actively engaging prosumers and enhancing grid value through flexibility and demand-side management.
Some commissions require utilities to demonstrate transparent DER export crediting, equitable access to programs, and mechanisms to prevent market discrimination. European utilities have pioneered DER orchestration platforms with real-time dashboards and financial settlements based on dynamic market signals. Leading North American utilities are piloting virtual power plants (VPPs) that aggregate residential batteries and EV’s to provide grid services, delivering customer value while enhancing reliability.
Utilities that co-create with prosumers will unlock new revenue streams, deepen customer relationships, and build community goodwill. They become trusted energy partners, empowering customers beyond the meter and into a sustainable, flexible energy future.
The six interlocking levers we have discussed in this and our previous article in turn inform and lay the foundations for five pillars that underpin the reinvention of the North American utilities operating model:
With these foundational pillars in place, utilities will be able to move away from disjointed experiences, wasted technology spend, and regulatory reviews and disclosures.
References
1 https://www.gartner.com/en/documents/5987671
2https://www.gartner.com/en/documents/4978531; https://www.electricity.ca/files/reports/english/CEA_DataToWisdom_EN.pdf; https://www.electricity.ca/files/reports/CP_Technology-Trends-Report_Final.pdf
3 https://www.nerc.com/standards/reliability-standards-under-development/2014-02-critical-infrastructure-protection-standards-version-5-revisions
