A new analysis by Cybernews Business Digital Index (BDI) has revealed that a staggering 69% of the world’s leading oil and gas companies have poor cybersecurity defences, leaving critical infrastructure exposed to escalating digital threats.
The report, reviewed by The Bavijas Club, evaluated the cybersecurity posture of 391 of the 400 largest oil and gas companies by market capitalization.
The analysis found that 35% of these companies received an “F” grade; the lowest possible score, while another 34% scored a “D.”
These ratings indicate major vulnerabilities that could lead to operational disruptions, data breaches, and severe financial consequences.
The Cybernews team based its findings on publicly available data using customized scans, Internet of Things (IoT) search engines, and domain IP reputation databases.
These tools revealed systemic gaps in digital defences across the sector, with only 10% of companies achieving an “A” rating for strong cybersecurity resilience.
“The majority of oil and gas companies scoring a D or F highlights how deeply exposed the industry is to potential cyber risks,” said Vincentas Baubonis, Head of Security Research at Cybernews.
“Just one successful breach could lead to production shutdowns, sharp stock declines, and lost investor confidence.”
The study also revealed several other key findings that should not be ignored.
These include:
-
The sector also recorded an average cybersecurity score of 72 out of 100, placing it in a “high-risk” category.
-
Over 50% of companies suffered at least one data breach in the past 30 days.
-
Corporate credentials were stolen from over 80% of companies.
-
48% of these companies lack protections against phishing, spoofing, and unauthorized access.
-
System hosting flaws were found in 74% of companies due to insecure server or cloud configurations.
-
91% of them had weaknesses in SSL/TLS configurations, risking data interception.
Overall, these findings suggest a widespread failure in basic cybersecurity hygiene among oil and gas companies.
The analysis found that essential defences such as timely software updates, secure hosting, email authentication protocols, and data encryption, are inconsistently applied or entirely missing in most cases.
Experts warn that these weaknesses represent a serious national and international security risk, given the role of the oil and gas sector in global energy security and economic stability.
However, the report calls for immediate action by oil and gas operators to strengthen cybersecurity protocols, invest in infrastructure, and improve internal awareness and governance.
It also urges regulators and stakeholders to push for more robust and standardized security requirements across the sector.
As the energy industry continues to digitize operations and expand its reliance on interconnected systems, so are the stakes of falling prey to critical cybersecurity gaps, the report says.