US Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits Study

Study offers a cyber "state of the industry" analysis from a hacker's perspective to help companies anticipate attacks.

August 9, 2022

2 Min Read


ANNAPOLIS, Md. (Aug. 9, 2022) – The majority of companies across the US oil and gas industry are at risk of a successful cyberbreach, according to BreachBits, a cyber-risk rating and monitoring company that evaluates and tests organizations from a hacker's perspective to empower them to anticipate attacks. Following an analysis of 98 representative upstream, midstream, downstream, and supply chain companies across the energy sector, BreachBits has released its findings in BreachRisk: Energy 2022, a cyber state of the industry study.

"On average, the oil and gas companies we observed were at Medium Risk, with a score of 4.1 out of 10 on our BreachRiskTM scale, but that risk was not distributed evenly across the sector," said BreachBits CEO and Co-Founder John Lundgren. "Additionally, 11% of the companies presented potentially serious, High Risk threats. We identify and monitor cyber-risks at scale as we did here, detect issues, and then test them just as a hacker would for our customers."

The study by BreachBits ranked 59% of companies at Medium Risk for a cyberbreach, 13% at Low Risk, and 28% at Very Low Risk. Other key observations included:

  • 94% of all ransomware threats were held by only 51% of companies.

  • BreachRisk increases for companies with greater than $50-million in annual recurring revenue.

  • BreachRisk significantly increases for companies with more than 250 employees.

BreachBits, founded by US military cyber warfare veterans, measures an organization's BreachRisk as the likelihood of a successful breach against the potential impact to the subject.

"We measure cyber-risk based on actual threats and viable attack vectors, not hypothetical ones, and we do that from the hacker's perspective. That means the risks we identified in this study are the same observations being made by active cyberattackers," said BreachBits COO and Co-Founder J. Foster Davis. "What's different is that we've taken those complex assessments and translated them into an easy-to-understand cyber-risk score that everyone from the boardroom to the server room can use to better understand, measure, and communicate risk."

Whether an organization needs to assess its own risk or that of a client, partner, portfolio, or supply chain, the BreachRisk methodology by BreachBits provides a new standard to benchmark exposure to cyberattackers, track risk mitigation efforts, make informed decisions, and shape the next era of cyber insurance. The full BreachRisk: Energy 2022 study is available for download at:

About BreachBits

BreachBits is revolutionizing the way defenders talk about cyber, empowering stakeholders and all parts of an organization with easy-to-understand cyber-risk scores. Led by a team of cyber warfare veterans and multidisciplined professionals, we help defenders predict cyberattacks before they happen and communicate threats to key stakeholders. Organizations are both enabled and threatened by cyberspace today, but BreachBits helps leaders make informed business risk decisions. Learn more at:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights