New research recently released by SecurityScorecard reveals that 90% of the world’s leading energy companies experienced a third-party data breach in the past 12 months. The research highlights how the energy industry faces a significant threat from third-party risks, where attackers target an organization’s vendor ecosystem.

Key report highlights

• 90% of the largest global energy companies had a third-party breach in the past 12 months.
• 100% of the top 10 U.S. energy companies experienced a third-party breach. 
• 92% of the energy companies evaluated have been exposed to a fourth-party breach. 
• 33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
• In the last 90 days, the company identified 264 breach incidents related to third-party compromises.
• MOVEit was the most prevalent third-party vulnerability in the last six months, with hundreds of companies impacted around the world. 

The report analyzed more than 2,000 third-party vendors and discovered that only 4% of them had experienced breaches themselves. However, 90% of the evaluated companies suffered from third-party breaches. When attackers successfully compromise a widely-used software, they can potentially access all organizations that rely on that software.