New research recently released by SecurityScorecard reveals that 90% of the world’s leading energy companies experienced a third-party data breach in the past 12 months. The research highlights how the energy industry faces a significant threat from third-party risks, where attackers target an organization’s vendor ecosystem.
Key report highlights
90% of the largest global energy companies had a third-party breach in the past 12 months.
100% of the top 10 U.S. energy companies experienced a third-party breach.
92% of the energy companies evaluated have been exposed to a fourth-party breach.
33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
In the last 90 days, the company identified 264 breach incidents related to third-party compromises.
MOVEit was the most prevalent third-party vulnerability in the last six months, with hundreds of companies impacted around the world.
The report analyzed more than 2,000 third-party vendors and discovered that only 4% of them had experienced breaches themselves. However, 90% of the evaluated companies suffered from third-party breaches. When attackers successfully compromise a widely-used software, they can potentially access all organizations that rely on that software.