According to new research (registration required) by SecurityScorecard and KPMG, the US energy sector is particularly vulnerable to supply chain attacks, with 45% of security breaches in the past year linked to third-parties.
This compares to a global average of 29% for supply chain breaches across all other industries, while 90% of attacks on energy companies breached more than once involved third parties.
Also notable, 67% of third-party related breaches involved external software and IT providers and 22% involved other energy companies.
The largest contributor to third-party breaches in the energy sector was the exploitation of the MOVEit file transfer software vulnerability in 2023, accounting for 39% of breaches.
“With geopolitical and technology-based threats on the rise, this complex system is facing an equally generational risk exposure that could harm citizens and businesses alike,” Prasanna Govindankutty, Principal, Cyber Security US Sector Leader at KPMG commented.
Emily Phelps, Director, Cyware had this to say:
“The rising threat to the energy sector, particularly from third-party vulnerabilities, underlines the urgent need for a collective defense approach. As cyberattacks increasingly exploit supply chain weaknesses, organizations can no longer afford to operate in silos. Collaboration between trusted companies and industries, alongside the operationalization of threat intelligence, is critical to staying ahead of attackers. By turning intelligence into actionable insights, organizations can identify risks earlier, coordinate defenses, and reduce the time it takes to respond. Proactivity is key – relying solely on reactive measures leaves critical infrastructure and businesses exposed to recurring threats. Only through shared intelligence and coordinated efforts can we address these complex, evolving risks effectively.”
We’re at a point now where every sector needs to ensure that they are taking steps to protect themselves. Because the threat landscape is only growing, which is a bad thing for all of us.
AI cuts energy waste by up to 30% in buildings says KPMG
Posted in Commentary with tags KPMG on September 15, 2025 by itnerdKPMG has recently released a report on “How AI is helping to improve energy efficiency and management in real estate.” It says that traditional retrofits are too slow and costly to deliver the scale of cuts required to reach net-zero goals of 2050, and instead points out that artificial intelligence is a faster route, but only together with the Strategic Energy Management (SEM) framework.
Exergio, a company that developed an AI-based tool for energy efficiency in commercial buildings, says that findings reflect what is already visible in real-world cases.
KPMG states that SEM should track how buildings use energy and assign clear responsibility for fixing problems. According to Karčiauskas, this usually means facility managers or energy officers are tasked with day-to-day oversight. However, certain tasks such as changing parameters in sensors should be automatically assigned to AI and machine learning models to adjust in real-time, with experts overseeing the process.
On its own, implementing a SEM mindset typically delivers 5-7% savings per year. But when used with AI, they rise to around 20%-30% state energy efficiency experts.
There are three tiers of SEM, according to the report. The first tier focuses on getting more out of what is already in place: engineers have to tune HVAC, lighting, and control systems so they run more efficiently day to day. This, according to Karčiauskas, is “a task of AI at the moment as we want to achieve faster savings”.
The second step is replacing worn or outdated equipment, for instance, boilers, chillers, or pumps, with models that use less energy. The third adds renewables or long-term power contracts, but only once the building’s basic energy consumption has been brought under control.
The authors of the paper stress that renewables should come last, since they deliver limited value if the building’s consumption has not already been optimised.
The study also indicates that efficiency depends less on new hardware and more on how existing systems are managed.
SEM has a five-step cycle. It includes assessment, planning, implementation, building capability, and monitoring. Within this setup, AI could regulate HVAC concurrently based on occupancy, weather, and usage, while managers define energy-saving goals, set comfort ranges, and review results.
Leave a comment »