Common vulnerabilities plague the oil and gas industry

69pc of top oil and gas firms scored D or F in cybersecurity


A recent cybersecurity report reveals that 69 per cent of the world’s top oil and gas companies are critically vulnerable to cyberattacks, scoring a dismal D or F in cybersecurity assessments.

However, most concerning is that 94 per cent of these companies have suffered, at least, one data breach, with over 50 per cent experiencing incidents in the past 30 days and 27.1 per cent in the last week alone.

According to the Cybernews Business Digital Index analysis, this alarming statistic, drawn from an evaluation of 391 of the 400 largest firms by market cap, underscores a sector-wide failure to secure critical infrastructure, leaving it perilously exposed to breaches, ransomware, and operational disruptions that could ripple through global supply chains.

The Cybernews research, utilising publicly available data from custom scans, IoT search engines, and domain/IP reputation databases, paints a grim picture.

A staggering 35 per cent of these companies received an F rating, the lowest possible score, while 34 per cent earned a D, highlighting systemic weaknesses.

Only 10 per cent achieved an A grade, indicating robust digital defences. The sector’s average security score of 72 out of 100 places it firmly in the high-risk category.

Vincentas Baubonis, Head of Security Research at Cybernews, warns: "These ratings point to widespread vulnerabilities that could lead to operational shutdowns, plummeting stock values, and eroded investor trust."

A significant proportion of companies exhibit unresolved software patching issues, which means they have not applied important security updates.

Some 32 per cent companies are vulnerable to general patching gaps and 20 per cent are exposed to critical unpatched flaws that could allow attackers to exploit known weaknesses and gain access to their systems.

Issues with SSL/TLS configuration were identified in 91 per cent of organisations, indicating widespread failures in properly encrypting data transmissions — a flaw that can expose sensitive information to interception or tampering.

The data also reveals that corporate credentials have been stolen from over 80 per cent of companies, increasing the risk of unauthorised access.

Common vulnerabilities plague the industry, with 91 per cent of firms showing SSL/TLS configuration flaws, exposing sensitive data to interception.

System hosting issues affect 74 per cent, revealing insecure server or cloud setups, while email security is another weak point, with 48 per cent lacking protections against phishing and spoofing, and 38 per cent of domains vulnerable to email spoofing.

Unresolved software patching issues impact 32 per cent, with 20 per cent exposed to critical flaws that attackers could exploit.

Baubonis says: "A single breach can halt drilling, refining, or logistics, costing millions and disrupting global markets."

Geographically, Asia fares worst, with an average score of 65 compared to 74 in Europe and North America.

Asian firms show higher vulnerabilities, with 59 per cent of domains susceptible to email spoofing and 68 per cent reusing breached passwords, compared to 35 per cent and 31 per cent in North America, respectively.

High-risk vulnerabilities affect 30 per cent of Asian companies, against 23 per cent in Europe and 18 per cent in North America.


By Abdulaziz Khattak