Cybersecurity of energy companies is crucial, as they are an essential part of the country’s critical infrastructure and are necessary for the smooth functioning of the society. The successful attacks on the energy infrastructure can have large economic consequences and may also threaten national security. With the automation of energy systems, there is an ever-increasing number of sensors, controllers, meters and other internet-connected devices. These devices are often vulnerable due to the outdated software, insufficiently secure architecture or the use of nonstandard protocols. As a result, the number of possible attack points on the energy infrastructure is increasing, and with it, their vulnerability. In this thesis are presented the main vulnerabilities of energy systems, their causes, and possible approaches to ensure greater security of devices and the energy infrastructure in general. Regular risk assessment, continuous system monitoring, device updates, implementation of security monitoring systems and collaboration with cybersecurity experts are necessary. Based on the available literature, the thesis, which states that the human factor represents the biggest vulnerability in the entire system, was confirmed. The employees in the energy system can enable a successful intrusion by the attackers through intentional or unintentional actions. It is of the utmost importance that employees are properly educated and are aware of security risks and follow proper procedures to reduce them. Companies, based on the overarching security policies and regulations, must establish clearly defined security measures and procedures to respond to detected incidents, as well as periodic training for their employees.