US Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits StudyUS Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits Study
Study offers a cyber "state of the industry" analysis from a hacker's perspective to help companies anticipate attacks.
August 9, 2022
ANNAPOLIS, Md. (Aug. 9, 2022) – The majority of companies across the US oil and gas industry are at risk of a successful cyberbreach, according to BreachBits, a cyber-risk rating and monitoring company that evaluates and tests organizations from a hacker's perspective to empower them to anticipate attacks. Following an analysis of 98 representative upstream, midstream, downstream, and supply chain companies across the energy sector, BreachBits has released its findings in BreachRisk: Energy 2022, a cyber state of the industry study.
"On average, the oil and gas companies we observed were at Medium Risk, with a score of 4.1 out of 10 on our BreachRiskTM scale, but that risk was not distributed evenly across the sector," said BreachBits CEO and Co-Founder John Lundgren. "Additionally, 11% of the companies presented potentially serious, High Risk threats. We identify and monitor cyber-risks at scale as we did here, detect issues, and then test them just as a hacker would for our customers."
The study by BreachBits ranked 59% of companies at Medium Risk for a cyberbreach, 13% at Low Risk, and 28% at Very Low Risk. Other key observations included:
94% of all ransomware threats were held by only 51% of companies.
BreachRisk increases for companies with greater than $50-million in annual recurring revenue.
BreachRisk significantly increases for companies with more than 250 employees.
BreachBits, founded by US military cyber warfare veterans, measures an organization's BreachRisk as the likelihood of a successful breach against the potential impact to the subject.
"We measure cyber-risk based on actual threats and viable attack vectors, not hypothetical ones, and we do that from the hacker's perspective. That means the risks we identified in this study are the same observations being made by active cyberattackers," said BreachBits COO and Co-Founder J. Foster Davis. "What's different is that we've taken those complex assessments and translated them into an easy-to-understand cyber-risk score that everyone from the boardroom to the server room can use to better understand, measure, and communicate risk."
Whether an organization needs to assess its own risk or that of a client, partner, portfolio, or supply chain, the BreachRisk methodology by BreachBits provides a new standard to benchmark exposure to cyberattackers, track risk mitigation efforts, make informed decisions, and shape the next era of cyber insurance. The full BreachRisk: Energy 2022 study is available for download at: www.breachbits.com/breachrisk-energy-2022
BreachBits is revolutionizing the way defenders talk about cyber, empowering stakeholders and all parts of an organization with easy-to-understand cyber-risk scores. Led by a team of cyber warfare veterans and multidisciplined professionals, we help defenders predict cyberattacks before they happen and communicate threats to key stakeholders. Organizations are both enabled and threatened by cyberspace today, but BreachBits helps leaders make informed business risk decisions. Learn more at: breachbits.com
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
The Rise of Extended Detection & Response