Published on: January 8, 2025
Only 26 percent of Europe’s top companies have an adequate cybersecurity level.
Companies were scored using SecurityScorecard’s A-to-F rating system, which rates a company’s ability to adequately respond to cybersecurity threats. The rating system is used to help quickly identify whether or not a business is prepared for immediate action, but it’s more than a simple audit.
EU’s Digital Operational Resilience Act (DORA) is quickly approaching its Jan. 17 deadline. DORA creates a mandatory risk management framework to standardize and improve how businesses react to threats. Once the deadline arrives, the top 100 EU companies must rapidly improve their defenses.
In the past year, 18 percent of the top 100 companies reported data breaches. The importance of getting an A cannot be overstated. Last year, none of the 26 companies that received an A rating fell victim to a data breach.
“Our data clearly shows that organizations with top-tier cybersecurity ratings are far less likely to experience breaches,” explains Jeff Le, VP, Global Government Affairs & Public Policy at SecurityScorecard. “By leveraging these ratings, companies can not only protect themselves but also hold vendors accountable, creating stronger, more resilient supply chains.”
Companies within the transport sector had the strongest cybersecurity defenses on average, with no company scoring less than a C rating. The runner-up was the technology sector, which only had 25 percent fall under a C.
The energy industry had the worst defenses overall. Shockingly, 75 percent of energy companies fell underneath a C tier, meaning they are extremely vulnerable to attacks. Many of these attacks come via supply chain vulnerabilities. If one company in the chain is weak, a breach can more easily impact its partners.
“Supply chain vulnerabilities remain a critical threat, as adversaries exploit these weak links to infiltrate global networks. With regulations like DORA set to reshape cybersecurity standards, European companies must prioritize third-party risk management and leverage rating systems to safeguard their ecosystems,” said the SVP of Threat Research and Intelligence at SecurityScorecard.
Companies that are not DORA compliant can be fined up to 2 percent of their annual world turnover, meaning it can be extremely costly for a large company to shirk its cybersecurity responsibilities.