Over 50% of the top oil and gas companies suffered data breaches in the past 30 days

Last updated: 2 June 2025
Oil platform
Central Press/Stringer/GettyImages

A new report reveals that only 10% of top oil and gas firms passed a basic cybersecurity assessment — the rest failed.

According to the Cybernews Business Digital Index analysis, 69% of the top oil and gas companies worldwide received a cybersecurity score of D or F — indicating widespread weaknesses. Additionally, over 50% of these companies experienced at least one data breach in the past 30 days.

ADVERTISEMENT

Nearly 7 in 10 oil and gas companies score D or below

The Cybernews research team evaluated the cybersecurity posture of 391 out of the 400 the world’s largest oil and gas companies by market cap. Using only publicly available information, the Business Digital Index relies on custom scans, IoT search engines, and domain/IP reputation databases to identify digital vulnerabilities across these organizations.

According to the index, 35% of the 391 companies analyzed received an F, the lowest possible rating, and 34% scored a D, revealing serious shortcomings. Only 10% achieved an A grade for their cybersecurity posture.

Gas and oil company security score

The overall average security score across the companies was 72 out of 100. Based on the BDI methodology, this places them in the high-risk category for potential cyberattacks.

“Most companies scoring a D or F in cybersecurity indicate that industries are exposed to possible risks. These ratings point to widespread vulnerabilities that open critical infrastructure to breaches and ransomware. A single incident could lead to operational shutdowns, plummeting stock value, and a collapse in investor trust. Only 10% have adopted strong digital defenses, making it clear the sector is lagging,” says Vincentas Baubonis, Head of Security Research at Cybernews.

Basic security failures expose 91% of companies

The analyzed oil and gas companies experienced common systemic vulnerabilities spanning several cybersecurity areas. A significant proportion of companies exhibit unresolved software patching issues — meaning they have not applied important security updates — with 32% vulnerable to general patching gaps and 20% exposed to critical unpatched flaws that could allow attackers to exploit known weaknesses and gain access to their systems.

ADVERTISEMENT

Email security remains a critical weakness, affecting 48% of organizations. This includes missing protections against phishing, spoofing, and unauthorized access, allowing attackers to trick employees, steal credentials, or spread malware.

Additionally, vulnerabilities in system hosting, found in 74% of companies, point to insecure configurations in the servers or cloud environments that support core business functions. Issues with SSL/TLS configuration were identified in 91% of organizations, indicating widespread failures in properly encrypting data transmissions — a flaw that can expose sensitive information to interception or tampering.

The data also reveals that corporate credentials have been stolen from over 80% of companies, and 38% of domains are vulnerable to email spoofing. These gaps in security posture indicate that fundamental cybersecurity controls and protocols are either inconsistently implemented or insufficiently maintained across the sector.

Paulina Okunyte Neilc adi jurgita
Be the first to know and get our latest stories on Google News
Google News Follow us

94% experienced data breaches

Data breaches represent the most prevalent cybersecurity issue across the oil and gas sector. According to the data, 94% of the analyzed companies have experienced at least one data breach to date. Over 50% of companies suffered breaches within the last 30 days alone, and 27.1% experienced breaches during just the past week.

This high frequency of incidents shows not only the scale of the threat but also the ongoing failure to mitigate known risks effectively.

“When a company suffers a data breach, customers, partners, and investors may lose confidence in the company's ability to protect sensitive information. Breaches often involve ransomware or systems being taken offline, which can halt critical operations like drilling, refining, or logistics. Even a short disruption in the oil and gas industry can cost millions and affect global supply chains,” Baubonis.

68% of Asia companies reuse breached passwords

Geographically, security performance varied widely. Asia-based companies had the lowest average score at 65. Europe and North America followed closely with average scores of 74.

ADVERTISEMENT

Among the three best-represented regions — Asia, Europe, and North America — Asia consistently showed the highest level of vulnerability across most key risk areas. For example, 59% of Asian domains were vulnerable to email spoofing, compared to 35% in North America and just 27% in Europe.

Gas and oil companies, security score

Password reuse involving previously breached credentials was also more common in Asia, affecting 68% of companies, while North America showed the strongest password hygiene, with only 31% of companies affected. In Europe, 39% of companies experienced similar issues.

High-risk vulnerabilities were identified in 30% of Asian companies, compared to 23% in Europe and 18% in North America. Critical vulnerabilities followed a similar trend, with Asia at 27%, Europe at 22%, and North America at 17%.

While North American companies had the highest number of data breach incidents and SSL/TLS configuration issues, Asian companies consistently appeared more exposed, including in areas such as cloud-hosting risks and weak system configuration.

Overall, the data suggests that Asia currently faces the greatest cybersecurity challenges, while Europe shows a more balanced performance. Though heavily represented, North America appears relatively strong in password management and slightly less exposed to high-risk vulnerabilities.

Methodology

Cybernews researchers evaluated 391 companies in the oil and gas industry using the Business Digital Index methodology and measured cybersecurity across seven areas.The companies were selected from Companiesmarketcap’s “Largest Oil and Gas Companies by Market Cap” list. The report’s Methodology can be found here. It provides detailed information on how researchers conducted this analysis.

About Business Digital Index

The Business Digital Index is designed to evaluate the cybersecurity health of organizations worldwide. It aims to help businesses by providing a clear, transparent, and independent assessment of their cybersecurity management, contributing to a more resilient digital future.

By leveraging data from reputable sources, such as IoT search engines, IP and domain reputation databases, and custom security scans, the BDI comprehensively assesses a company’s cybersecurity strength.

ADVERTISEMENT

The index evaluates risks across seven critical areas: software updates, web security, email protection, system reputation, SSL setup, system hosting, and data breach history.

Share
Post
Share
Share
Share
More from Cybernews
Tech companies pivot to military gear as NATO wavers and Putin’s threats grow
Windows Snipping Tool is getting a GIF creation upgrade
Iran hacks security cameras to gain intel on Israel – media
Russia-linked attackers hit target with novel social engineering attack
VR’s role in stroke rehabilitation
Scientists believe that the “heavenly sounds” of electric cars come with a safety flaw
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked