Report: 90% of energy companies experienced a third-party breach

Image via Unsplash

New research recently released by SecurityScorecard reveals that 90% of the world’s leading energy companies experienced a third-party data breach in the past 12 months. The research highlights how the energy industry faces a significant threat from third-party risks, where attackers target an organization’s vendor ecosystem.

Key report highlights

90% of the largest global energy companies had a third-party breach in the past 12 months.
100% of the top 10 U.S. energy companies experienced a third-party breach.
92% of the energy companies evaluated have been exposed to a fourth-party breach.
33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
In the last 90 days, the company identified 264 breach incidents related to third-party compromises.
MOVEit was the most prevalent third-party vulnerability in the last six months, with hundreds of companies impacted around the world.

The report analyzed more than 2,000 third-party vendors and discovered that only 4% of them had experienced breaches themselves. However, 90% of the evaluated companies suffered from third-party breaches. When attackers successfully compromise a widely-used software, they can potentially access all organizations that rely on that software.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.