Skip to main content

US oil and gas sector at risk of a cyber breach according to BreachBits study

Published by , Editorial Assistant
Oilfield Technology,

The majority of companies across the US oil and gas industry are at risk of a successful cyber breach according to BreachBits, a cyber risk rating and monitoring company that evaluates and tests organisations from a hacker’s perspective to empower them to anticipate attacks. Following an analysis of 98 representative upstream, midstream, downstream and supply chain companies across the energy sector, BreachBits has released their findings in BreachRisk: Energy 2022, a cyber state of the industry study.


Follow us on LinkedIn »


“On average, the oil and gas companies we observed were at Medium Risk, with a score of 4.1 out of ten on our BreachRisk™ scale, but that risk was not distributed evenly across the sector,” said BreachBits CEO and Co-Founder John Lundgren. “Additionally, 11% of the companies presented potentially serious, High Risk threats. We identify and monitor cyber risks at scale as we did here, detect issues and then test them just as a hacker would for our customers.”

The study by BreachBits ranked 59% of companies at Medium Risk for a cyber breach, 13% at Low Risk and 28% at Very Low Risk. Other key observations included:

  • 94% of all ransomware threats were held by only 51% of companies.
  • BreachRisk increases for companies with greater than US$50-million in annual recurring revenue.
  • BreachRisk significantly increases for companies with more than 250 employees.

BreachBits, founded by US military cyber warfare veterans, measures an organization’s BreachRisk as the likelihood of a successful breach against the potential impact to the subject.

“We measure cyber risk based on actual threats and viable attack vectors, not hypothetical ones, and we do that from the hacker’s perspective. That means the risks we identified in this study are the same observations being made by active cyber attackers,” said BreachBits COO and Co-Founder J. Foster Davis. “What’s different is that we’ve taken those complex assessments and translated them into an easy to understand cyber risk score that everyone from the boardroom to the server room can use to better understand, measure and communicate risk.”

The full BreachRisk: Energy 2022 study is available for download at:

Read the latest issue of Oilfield Technology in full for free: Summer 2022

Oilfield Technology’s second issue of 2022 begins with analysis from Rystad Energy focusing on the upstream industry in Southeast Asia. The rest of the issue is dedicated to features covering advances in drilling, rig design, software and AI, corrosion and maintenance, artificial lift, flow control, and more.

Exclusive contributions come from Vink Chemicals, Archer, Taurex Drill Bits, Vysus, EM&I, SparkCognition, TÜV Rheinland Group, TGT Diagnostics, ChampionX, and Baker Hughes, as well as a guest comment from Patrick Long, Opportune.

Read the article online at:

You might also like


Embed article link: (copy the HTML code below):


This article has been tagged under the following:

Upstream news US upstream news Oil & gas news