World Economic Forum
Overview: The oil and gas industry’s digital transformation and hyperconnectivity have increased the digital footprint of third parties and transformed business models quickly, mainly through an increased focus on innovation and efficiency. Today, companies around the world rely on more than 1,000 third parties to support this transformation in order to gain a variety of business benefits such as cost savings, operational efficiencies, scaling of capabilities and resources, and value generation.
Such third-party expansion introduces significant cyber and operational risks, including the mishandling of confidential data, failure to meet business operational and compliance needs, and a lack of adequate safeguards against cyber threats. These risks may generate important consequences for an organization’s operations, reputation and, ultimately, its bottom line. PwC’s Third Party Risk Management Digital Trust Survey Snapshot demonstrates that one-third of surveyed organizations experienced significant disruptions due to third parties, including software supply chain disruptions (47%), cloud breaches (45%), third-party platform exposures, and outages and downtime (41%). The Colonial Pipeline ransomware attack represents the most recent example; the pipeline was shut down for several days, which had a significant impact on organizations that rely on critical third parties within their supply chain, leading to gas shortages in several US states. Colonial paid the ransom demand of approximately $4.4 million to reopen the pipeline.
A more recent example is the compromising of Kaseya, a managed technology services provider to many small and medium-size companies: the company’s safety features were subverted to push out malicious software to customers’ systems (around 1,500 companies). These examples underscore the need for a harmonized and holistic third-party risk management approach to effectively identify, remediate and monitor cybersecurity risks across the third parties’ life cycle.
