Report on Surge in Supply Chain Risks in the Energy Sector amid Growing Vendor Dependence

In a recent report released by SecurityScorecard and KPMG LLP, it has been revealed that the energy sector is facing a surge in supply chain risks as it becomes increasingly dependent on vendors. The report, titled “A Quantitative Analysis of Cyber Risks in the U.S. Energy Supply Chain,” delves into the cybersecurity vulnerabilities across the energy sector and its supply chains.

As regulatory bodies worldwide are ramping up cybersecurity requirements, the timing of this report couldn’t be more critical. The report aligns with global efforts to strengthen cybersecurity in the energy supply chain, following commitments made during the June 2024 G7 summit to enhance defenses against cyber threats.

Recent initiatives such as the International Counter Ransomware Initiative (CRI) and the US Department of Energy’s Supply Chain Cybersecurity Principles underscore the urgency of addressing cybersecurity risks in the energy sector.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, highlighted the industry’s vulnerability due to its growing dependence on third-party vendors. The report found that third-party risks drive almost half of breaches in the energy sector, significantly higher than the global average. Additionally, vulnerabilities are concentrated in key risk factors such as application security and network security.

With the energy sector undergoing a generational transition and facing evolving threats, it is crucial for organizations to quantify these risks and strengthen cybersecurity measures. By taking decisive action now, the industry can mitigate the risks posed by cyber threats and ensure a smooth transition towards a more secure and interconnected energy grid.