Skip to main content

Addressing third-party cyber-risk in oil and gas

The dramatic operational, financial, and reputational impact of recent supply chain attacks affecting entire business ecosystems demonstrates the importance of managing third-party cyber-risk.

The Advancing Supply Chain Security in Oil and Gas: An Industry Analysis white paper from the World Economic Forum makes four key recommendations:

  1. Establish a baseline of common cybersecurity requirements with third parties.
  2. Define and adopt an evaluation approach depending on the risk level of products and services from suppliers, by combining different evaluation methods. Base the choice on scalability and coverage.
  3. Continuously monitor and revise all third-party assessments according to the level of risk to the organization.
  4. Share, engage and continuously communicate with supply chain stakeholders to identify, monitor, and mitigate risks faster and as a collective effort.


This detailed report from the Cyber Resilience Oil and Gas platform is the result of extensive collaboration between stakeholders from several oil and gas organizations, businesses, providers and governments, including Schneider Electric.