Majority of top oil and gas companies suffered data breach

22 May, 2025

A study has found that 94 per cent of the world’s top 400 oil and gas companies have suffered at least one data breach to date.

A recent Cybernews analysis has found that 94 per cent of the world’s top 400 oil and gas companies have suffered at least one data breach to date, while more than 50 per cent of the analysed oil and gas firms were breached in just the last 30 days.

According to the Cybernews Business Digital Index, which grades businesses based on their online security measures, 69 per cent of the companies received a cybersecurity score of D or F, and only 10 per cent achieved an A grade.

Vincentas Baubonis, Head of Security Research at Cybernews, said: “When a company suffers a data breach, customers, partners, and investors may lose confidence in the company’s ability to protect sensitive information.

“Breaches often involve ransomware or systems being taken offline, which can halt critical operations like drilling, refining, or logistics.

“Even a short disruption in the oil and gas industry can cost millions and affect global supply chains.”

Other key research takeaways:

Nearly seven in ten oil and gas companies are in the high-risk category for cybersecurity, with 35 per cent scoring an F and 34 per cent a D.
Asia-based companies had the lowest average score at 65, while Europe and North America followed closely with average scores of 74.
Credential hygiene is a major weak spot, especially in Asia, where 68 per cent of companies reused previously compromised passwords.
Email security remains a critical weakness, affecting 48 per cent of organisations worldwide.
Nearly three quarters (74 per cent) of companies contain insecure configurations in their servers.
Issues with SSL/TLS configuration were identified in 91 per cent of organisations.
More than 80 per cent of firms had corporate credentials stolen, while 38 per cent of domains were susceptible to email spoofing attacks.

The study’s methodology involved Cybernews researchers evaluating 391 companies in the oil and gas industry worldwide and assessing cybersecurity risk across seven core dimensions: software patching, web application security, email security, system reputation, system hosting, SSL/TLS configuration, and data breach history.