Report: Over 50% of top oil and gas firms hit by data breaches in last 30 days

Moreover, according to the Cybernews Business Digital Index, which grades businesses based on their online security measures, 69% of the companies received a cybersecurity score of D or F, and only 10% achieved an A grade.

“When a company suffers a data breach, customers, partners, and investors may lose confidence in the company's ability to protect sensitive information. Breaches often involve ransomware or sys-tems being taken offline, which can halt critical operations like drill-ing, refining, or logistics. Even a short disruption in the oil and gas industry can cost millions and affect global supply chains,” says Vincentas Baubonis, Head of Security Research at Cybernews.

Key research takeaways:

• 94% of the largest oil and gas companies had experienced at least one breach, and over 50% were breached within the last 30 days.
• Nearly 7 in 10 oil and gas companies are in the high-risk category for cybersecurity, with 35% scoring an F and 34% a D.
• Asia-based companies had the lowest average score at 65. Europe and North America followed closely with average scores of 74.
• Credential hygiene is a major weak spot, especially in Asia, where 68% of companies reused previously compromised passwords.
• Email security remains a critical weakness, affecting 48% of organisations worldwide.
• 74% of companies contain insecure configurations in their servers.
• Issues with SSL/TLS configuration were identified in 91% of organisations.
• More than 80% of firms had corporate credentials stolen, while 38% of domains were susceptible to email spoofing attacks.

The analysed oil and gas companies experienced common systemic vulnerabili-ties spanning several cybersecurity areas. A significant proportion of companies exhibit unresolved software patching issues – meaning they have not applied important security updates – with 32% vulnerable to general patching gaps and 20% exposed to critical unpatched flaws that could allow attackers to exploit known weaknesses and gain access to their systems.

Email security remains a critical weakness, affecting 48% of organisations. This includes missing protections against phishing, spoofing, and unauthorised ac-cess, allowing attackers to trick employees, steal credentials, or spread malware.

Additionally, vulnerabilities in system hosting, found in 74% of companies, point to insecure configurations in the servers or cloud environments that support core business functions. Issues with SSL/TLS configuration were identified in 91% of organisations, indicating widespread failures in properly encrypting data trans-missions – a flaw that can expose sensitive information to interception or tampering.

The data also reveals that corporate credentials have been stolen from over 80% of companies, and 38% of domains are vulnerable to email spoofing. These gaps in security posture indicate that fundamental cybersecurity controls and protocols are either inconsistently implemented or insufficiently maintained across the sector.

Data breaches represent the most prevalent cybersecurity issue across the oil and gas sector. According to the data, 94% of the analysed companies have experienced at least one data breach to date. Over 50% of companies suffered breaches within the last 30 days alone, and 27.1% experienced breaches during just the past week.

This high frequency of incidents shows not only the scale of the threat but also the ongoing failure to mitigate known risks effectively.

Overall, the data suggests that Asia currently faces the greatest cybersecurity challenges, while Europe shows a more balanced performance. Though heavily represented, North America appears relatively strong in password management and slightly less exposed to high-risk vulnerabilities.

Read the article online at: https://www.worldpipelines.com/equipment-and-safety/20052025/report-over-50-of-top-oil-and-gas-firms-hit-by-data-breaches-in-last-30-days/