The oil and gas (O&G) industry is the engine of the global economy. Oil and gas production passes through axes related to exploration, research, extraction, transportation, and finally the final manufacturing of energy products. All these stages permeate some risks that threaten both the human factor and the material factor. The oil industry merged with the fourth technological industry 4.0, which included multiple technologies and systems, the most important of which is the cyber-physical system (CPS), which some researchers have named petroleum cyber-physical systems if it is embodied within this industry. CPSs are collaborative systems formed of autonomous and smart devices that can handle data flows and activities while maintaining integrated physical objects. Several risks confront the energy field, with the potential to interrupt critical supply lines, hurt the environment, and trigger a financial catastrophe. In the field of O&G, there are very few scientific studies that are exposed to risks in a complementary and comprehensive manner, including only those that focus on cyber-attacks and their causes. There is a lack of comprehension and in-depth studies of all types of threats in all their aspects that surround cyber-physical systems within this field. Some risk classifications are based on internal and external risks, while others are based on the influencing and causative aspects in a general way. This study deals with the classification of risks: 1) classification of risk for the global industry of O&G. 2) in terms of the fact that the cyber-physical system is the most important component in the O&G industry and that these risks are either physical, cyber, or related to permissibility and authorization in the O&G field. A security approach is also presented that leads to mitigating the impact of risks in oil and gas zones.