Report: 90% of Energy Companies Experienced Third-Party Breach
Research highlights how the energy industry faces a threat from third-party risks, where attackers target an organization’s vendor ecosystem.
NEW YORK – SecurityScorecard has released new research revealing that 90% of the world’s leading energy companies experienced a third-party data breach in the past 12 months.
The research “highlights how the energy industry faces a significant threat from third-party risks, where attackers target an organization’s vendor ecosystem,” according to the SecurityScorecard announcement.
Using AI-powered data breach intelligence and elite threat researchers, SecurityScorecard “actively identifies, measures, and manages risk of emerging threats across the supply chain,” the announcement says.
Key findings from this data breach research include:
- 90% of the largest global energy companies had a third-party data breach in the past 12 months.
- 100% of the top 10 U.S. energy companies experienced a third-party breach.
- 92% of the energy companies evaluated have been exposed to a fourth-party data breach.
- 33% of energy companies had a C Security Rating or below, indicating higher likelihood of a data breach.
- In the last 90 days, SecurityScorecard identified 264 breach incidents related to third-party compromises.
- MOVEit was the most prevalent third-party vulnerability in the last six months, with hundreds of companies impacted around the world.
“More than two years after the major U.S. pipeline ransomware incident, the world still lacks a common framework for measuring cyber-risk,” says Ryan Sherstobitoff, senior vice president of threat research and intelligence for SecurityScorecard, in the company announcement. “Transparency and information sharing about cybersecurity is critical for national security.”
SecurityScorecard analyzed more than 2,000 third-party vendors and discovered that 4% of them had experienced data breaches themselves. However, 90% of the evaluated companies suffered from third-party breaches.
When attackers successfully compromise a widely-used software, they can potentially access all organizations that rely on that software, the report says.
Most Underestimate Data Breaches
As cited by the new SEC cyber incident disclosure requirements, SecurityScorecard research found that 98% of organizations use at least one third-party vendor that has experienced a data breach in the last two years.
“Hope and prayer may be useful, but are clearly not sustainable strategies,” says Jim Routh, Fortune 500 chief information security officer and senior advisor and chairman of the SecurityScorecard Cybersecurity Advisory Board.
“Preventing the surge of supply chain attacks requires systematically applying real time data triggering automated workflow to manage risk in the digital ecosystem,” he says.
SecurityScorecard analyzed the cybersecurity profiles of the 48 largest energy companies in the United States, United Kingdom, France, Germany, and Italy. These companies included the coal, oil, natural gas, and electricity sectors.
In total, SecurityScorecard examined over 21,000 domains, and analysis included both their third-party and fourth-party vendors The top 48 companies were ranked by current revenue.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.