SecurityScorecard and KPMG LLP today released a co-authored new cybersecurity research report on the 250 largest U.S. energy companies. In “A Quantitative Analysis of Cyber Risks in the U.S. Energy ...
Energy sector faces surge in supply chain risks amid growing dependence on vendors
NEW YORK: SecurityScorecard and KPMG LLP today released a co-authored new cybersecurity research report on the 250 largest U.S. energy companies. In “A Quantitative Analysis of Cyber Risks in the U.S. Energy Supply Chain,” security researchers and industry subject professionals provide a detailed analysis of cybersecurity vulnerabilities across the energy sector and its supply chains.
Novel insights into energy sector cybersecurity
This report arrives at a pivotal moment as regulatory bodies worldwide intensify cybersecurity requirements and initiatives for the U.S. energy sector. It aligns with global efforts to bolster cybersecurity across the energy supply chain, reflecting commitments made during the June 2024 G7 summit to enhance defenses against escalating cyber threats. The White House just convened the fourth round of International Counter Ransomware Initiative (CRI) meetings. CRI’s 68 members issued a joint statement following the meeting, which continued “the joint commitment to develop a collective resilience to ransomware.” In parallel, the U.S. Department of Energy is actively convening energy sector leaders to advance the Supply Chain Cybersecurity Principles.
SecurityScorecard’s latest research highlights frequent threats, such as ransomware attacks on conventional IT systems, which are often enough to cause widespread disruption across the energy sector. Much attention has been paid to potential attacks on industrial control systems (ICS) and operational technology (OT), which will continue to be a focus for risk mitigation. As the shift to cleaner energy accelerates, however, the sector’s vulnerabilities may grow, as a greener, more interconnected grid becomes increasingly reliant on software, making it more susceptible to cyberattacks.
Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, said:
“The energy sector's growing dependence on third-party vendors highlights a critical vulnerability — its security is only as strong as its weakest link. Our research shows that this rising reliance poses significant risks. It’s time for the industry to take decisive action and strengthen cybersecurity measures before a breach turns into a national emergency.”
Key findings
Cybersecurity recommendations for the energy industry
Based on this analysis, the SecurityScorecard STRIKE team offers actionable insights for enhancing cybersecurity in the energy sector:
Prasanna Govindankutty, Principal, Cyber Security US Sector Leader, at KPMG, said: “The energy industry is a complex system that is undergoing a generational transition with a heavy reliance on a steady supply chain. With geopolitical and technology-based threats on the rise, this complex system is facing an equally generational risk exposure that could harm citizens and businesses alike. Organizations that are able to quantify these risks and establish mitigation measures will increase their odds of success in the energy transition journey.”
Methodology
SecurityScorecard researchers compiled a sample of 250 top U.S. energy companies, based on market capitalization and the various sectors of the industry that they represent. These sectors cover: the successive stages of the traditional oil & gas supply chain; the existence of vertically integrated oil & gas companies covering that whole supply chain; the consumption of some energy via utilities; and the emergence of companies devoted to renewable energy sources.
Additional resources
About STRIKE
The STRIKE threat intelligence team combines unique threat intelligence, incident response experience, and supply chain cyber risk expertise. Backed by SecurityScorecard technology, STRIKE is a strategic advisor to CISOs worldwide, empowering the entire digital ecosystem to identify, measure, and resolve cyber risk.
About SecurityScorecard
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2014 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
Fonte: Business Wire
Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
Eni's VC company invest in the Italian drone company to develop new solutions for industrial plants monitoring
Oracle recognizes Technology Reply’s ability to develop and deliver pioneering solutions through partnering with Oracle
Panjaya.ai, led by former Apple TV and Vimeo executives, has launched BodyTalk, the first AI-driven translation platform designed to address a common…
Work AI leader Glean today announced it has been named a Cool Vendor in the 2024 Cool Vendors in Digital Workplace Applications1 report by Gartner, Inc.…
The "Spoofing Detection Technologies Market - A Global and Regional Analysis: Focus on Application, Solution Type, and Region - Analysis and Forecast,…
$III #CategoryManagementServices--Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm, has launched…