Avangrid Earns 2026 CSO Award for Strengthening Third-Party Risk Management and Cybersecurity Resilience
Avangrid, a major energy company and a member of the global energy group Iberdrola, has been honored with the 2026 CSO Award, one of the most respected recognitions in the cybersecurity and enterprise security community. The award highlights the company’s efforts to strengthen its Third-Party Risk Management (TPRM) program and reinforce protections against evolving cybersecurity, data privacy, and geopolitical threats facing the energy sector.
The recognition was granted to Avangrid’s Corporate Security and Resilience Office, which has led the transformation of the company’s approach to evaluating and managing third-party vendors. The initiative focuses on identifying vulnerabilities associated with external partners and ensuring that Avangrid’s energy operations, infrastructure, and customer data remain protected from increasingly sophisticated cyber threats.
Addressing a Critical Challenge in the Energy Sector
Third-party risks have become one of the most significant cybersecurity challenges across the global energy industry. Utilities and energy companies rely heavily on contractors, suppliers, software providers, and service vendors to support their operations. While these partnerships are essential for delivering reliable energy services, they can also create potential entry points for cybercriminals seeking to exploit vulnerabilities in supply chains.
Recognizing these risks, Avangrid prioritized strengthening its vendor risk management framework. The company redesigned its evaluation and monitoring systems to provide deeper insight into the security posture of external partners and to identify potential weaknesses before they can be exploited.
The updated program ensures that third-party vendors are thoroughly assessed for cybersecurity practices, data protection standards, and compliance with regulatory requirements. It also examines how vendors store, handle, and secure sensitive data related to Avangrid’s operations and customers.
Leadership Perspective on Security and Resilience
According to Avangrid leadership, the award reflects the company’s ongoing commitment to protecting critical infrastructure while adapting to a rapidly changing threat landscape.
Jose Antonio Miranda, Chief Executive Officer of Avangrid, emphasized the importance of proactive risk management in the energy sector.
He noted that the recognition underscores the dedication and expertise of Avangrid’s security professionals, who work continuously to anticipate emerging threats and mitigate risks that could impact the company’s operations and customers.
Miranda highlighted that as geopolitical tensions and cyber threats grow more complex, Avangrid’s Corporate Security and Resilience Office plays a vital role in safeguarding the company’s systems, infrastructure, and data. By adopting advanced intelligence capabilities and strengthening collaboration across teams, the organization is raising the standard for security practices within the industry.
Modernizing Third-Party Risk Management
A key component of Avangrid’s award-winning initiative was the modernization of its third-party review system. The company introduced a more flexible and advanced platform designed to streamline vendor evaluations and improve cross-department collaboration.
The redesigned system enables multiple internal teams—such as cybersecurity, legal, compliance, and procurement—to work together more effectively when reviewing potential vendors. This collaborative approach ensures that risks are assessed from multiple perspectives before a partnership is established.
The system also improves tracking and organization of vendor assessments, providing better visibility into risk levels associated with each external partner. Through these improvements, Avangrid can identify vulnerabilities earlier and implement mitigation strategies more efficiently.
By evaluating prospective vendors for cybersecurity practices, potential network access points, and overall security posture, the program helps prevent unauthorized access that could threaten critical infrastructure.
Integrating Intelligence and Risk Analysis
Another distinguishing element of Avangrid’s program is the integration of corporate intelligence capabilities into the vendor risk management process. The company combined its third-party risk framework with advanced intelligence tools that support monitoring, discovery, and network analysis.
These capabilities allow Avangrid to detect undisclosed relationships between vendors and high-risk individuals, organizations, or foreign entities that could pose operational or reputational risks. Identifying such connections early enables the company to make more informed decisions when selecting partners and suppliers.
The intelligence tools also help analysts identify complex networks of relationships among companies and individuals that might otherwise remain hidden. This deeper level of insight strengthens the company’s ability to evaluate the broader risk environment surrounding each vendor.
Monitoring the Dark Web for Emerging Threats
As part of its enhanced security strategy, Avangrid’s program incorporates advanced monitoring tools capable of scanning the dark web for evidence of vendor data breaches or compromised credentials.
These tools continuously monitor online environments where stolen data and hacking tools are often shared or sold. By maintaining persistent monitoring, Avangrid’s security team can detect early signs of potential breaches involving its vendors.
In some cases, this approach enables the company to identify data exposures even before the affected vendor becomes aware of the breach. Early detection allows Avangrid to respond quickly, coordinate with the vendor, and reduce the risk of further damage or unauthorized access.
Such proactive monitoring represents an important step in protecting critical energy infrastructure from cyber threats that may originate outside an organization’s direct control.
Industry Recognition for Strategic Security Initiatives
The CSO Awards recognize organizations that demonstrate exceptional innovation, leadership, and measurable business value through their security initiatives. The awards are presented by CSO Online, a leading media platform focused on cybersecurity and risk management for enterprise security leaders.
Beth Kormanik, Content Director of the CSO Cybersecurity Awards & Conference, noted that the organizations recognized this year demonstrate how security teams are evolving into strategic business enablers.
She explained that modern security programs must do more than defend networks. They must support organizational resilience, ensure regulatory compliance, and protect business continuity in an increasingly complex threat environment.
The projects selected for the CSO Awards show how innovative thinking, advanced technology, and strong execution can help organizations address real business challenges while strengthening security defenses.
The Role of CSO in the Cybersecurity Community
CSO Online serves enterprise security professionals by providing insights, analysis, and guidance on the evolving cybersecurity landscape. Its content covers a wide range of topics including risk management, network defense, fraud prevention, compliance, and data protection.
Through research, expert commentary, and industry events, the organization supports IT security leaders in making informed decisions about technology investments and security strategies.
The CSO Awards program specifically highlights projects that demonstrate measurable business impact, innovation, and thought leadership within the cybersecurity field.
Strengthening the Energy Sector’s Security Posture
Cybersecurity has become a top priority for energy companies worldwide as digital technologies and interconnected systems play a larger role in power generation, transmission, and distribution.
Energy infrastructure is considered critical national infrastructure in many countries, making it a frequent target for cyberattacks and espionage activities. Supply chain vulnerabilities, particularly those involving third-party vendors, have been identified as a key risk area for utilities and energy operators.
By investing in advanced vendor risk management systems and integrating intelligence capabilities into its security operations, Avangrid aims to stay ahead of these evolving threats.
The company’s efforts demonstrate how utilities can combine technology, data analysis, and collaboration to build stronger defenses against cyber risks.
Source Link: https://www.businesswire.com
