Europe’s top 100 companies are racing against the clock to address urgent cybersecurity challenges ahead of the EU’s Digital Operational Resilience Act (DORA) deadline on January 17, 2025. According to SecurityScorecard, the looming deadline has put cybersecurity resilience in the spotlight for the continent’s largest organizations.
SecurityScorecard’s latest report underscores the significance of its A-to-F rating system in providing valuable insights into cyber resilience. The data reveals that companies with an A rating are 13.8 times less likely to experience a breach compared to those with an F rating. Only 26% of Europe’s top 100 companies have achieved an A rating for cybersecurity resilience, indicating significant gaps in internal defenses.
Supply chain vulnerabilities have emerged as a key entry point for cyber adversaries to infiltrate organizations and networks. It is crucial for companies to recognize that they are only as secure as their weakest link, making them susceptible to third- and fourth-party vulnerabilities despite substantial investments in security measures.
Within specific industries, the energy sector has shown the lowest overall security ratings, with 75% of companies receiving a C rating or below. This industry complexity is attributed to extensive networks of third-party vendors, partners, and service providers, contributing to a higher risk of breaches. In contrast, the transport sector has emerged as the most secure in Europe, with no companies receiving a C rating or lower.
In terms of regional cybersecurity performance, Scandinavian companies lead the pack with only 20% receiving a C rating or lower. This contrasts with higher percentages in the UK, Germany, France, and Italy, highlighting the varying levels of vulnerability in managing supply chain security. France stands out with the highest rate of third- and fourth-party vendor breaches, signaling a critical need to enhance supply chain security practices.
Interestingly, larger companies with higher market capitalization tend to outperform smaller firms in security ratings. The top 50 companies by market capitalization demonstrate higher security ratings compared to smaller entities, showcasing the importance of strong cyber defenses regardless of company size or industry.
As the DORA deadline approaches, European companies are urged to prioritize third-party risk management and leverage rating systems to enhance cybersecurity resilience. SecurityScorecard emphasizes the value of top-tier cybersecurity ratings in reducing the likelihood of breaches and holding vendors accountable. Improved cybersecurity hygiene is paramount for European companies to mitigate the risks posed by third- and fourth-party breaches and bolster overall resilience in the face of evolving cyber threats.