A new study by cyber risk rating and monitoring company, BreachBits, has found that most United States-based oil and gas firms are exposed to risks of cyber-breach.
The study, which was unveiled yesterday (August 10) ranked 59 per cent of companies at ‘medium risk’ for a cyber-breach, 13 per cent at ‘low risk’, and 28 per cent at ‘very low risk’.
The study and analysis of 98 upstream, midstream, downstream and supply chain companies across the US oil and gas sector, showed that the risk for the sector overall is medium, but the risk is not evenly distributed across the industry.
The researchers from BreachBits cited that a total of 94 per cent of all ransomware threats were held by only 51 per cent of companies in the study. They concluded that the larger the company, the greater the risk of cyber-breach.
Risk increases for big companies
However, BreachBits is emphasising that the risk increases for companies with more than US$50 million in annual recurring revenue pointing out that the risk significantly increases for companies with more than 250 employees.
According to BreachBits CEO and co-founder John Lundgren, “On average, the oil and gas companies we observed were at Medium Risk, with a score of 4.1 out of ten on our BreachRisk scale, but that risk was not distributed evenly across the sector. Additionally, 11 per cent of the companies presented potentially serious, ‘high-risk’ threats.”
The cyber risk rating and monitoring company identified and monitor cyber risks at scale for customers to detect issues and then test them just as a hacker would.
In the meantime, globally energy industry executives are bracing up for an increase in cyber-attacks over the next two years, research from DNV among 940 respondents from around the world showed in May.
According to the study, 84 per cent of executives expect these will lead to physical damage to energy assets, while more than half—54 per cent—expect cyber-attacks to result in loss of human life. Some 74 per cent of the respondents expect environmental damage as a result of a cyber-attack.