New research recently released by SecurityScorecard reveals that 90% of the world’s leading energy companies experienced a third-party data breach in the past 12 months. The research highlights how the energy industry faces a significant threat from third-party risks, where attackers target an organization’s vendor ecosystem.

Key report highlights

  • 90% of the largest global energy companies had a third-party breach in the past 12 months.
  • 100% of the top 10 U.S. energy companies experienced a third-party breach. 
  • 92% of the energy companies evaluated have been exposed to a fourth-party breach. 
  • 33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
  • In the last 90 days, the company identified 264 breach incidents related to third-party compromises.
  • MOVEit was the most prevalent third-party vulnerability in the last six months, with hundreds of companies impacted around the world. 

The report analyzed more than 2,000 third-party vendors and discovered that only 4% of them had experienced breaches themselves. However, 90% of the evaluated companies suffered from third-party breaches. When attackers successfully compromise a widely-used software, they can potentially access all organizations that rely on that software.