10 December 2022
New research has investigated the cases where cyberattacks in the maritime industry lead to ransom payment. Hence, shipowners pay more than US$ 3 million on average to the perpetrators.
The report was produced by maritime cyber security company CyberOwl and global, sector-focused law firm HFW. It also reveals significant gaps in cyber risk management that exist across shipping organizations and the wider supply chain. This is despite the progress made by IMO 2021 against cyberattacks.
Particularly, the report is based on a survey of more than 200 industry professionals. This includes C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers.
Note that, the maritime innovation agency Thetius carried out the research.
Other key findings include:
- The financial cost of a cyberattack can be extreme: where they lead to a ransom payment, the average ransom paid by shipowners was US$3.1 million.
- Despite this, most shipowners significantly under-invest in cyber security management: more than half spend less than US$100,000 per year.
- Two-thirds of industry professionals don’t know whether their insurance covers cyberattacks.
- Shipowners ask only 55% of industry suppliers to prove they have cyber risk management procedures in place.
- More than 25% of seafarers are not aware of the actions required of them during a cyber incident.
- Within organisations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.
“The findings in this report helps shipping leaders benchmark their own organisations. This goes beyond anecdotes and hearsay to statistics, backed by data-driven evidence from the fleets that CyberOwl monitors. Maritime cyber risk management is a continuous journey, prioritisation is key. Identifying where the real gaps are will help the shipping sector make smarter decisions, so it is no longer the weak link in the cyber resilience of global supply chains.”Daniel Ng, CEO, CyberOwl
“Technology in the shipping industry is changing at an astonishing pace. The use of IT already underpins so much within global supply chain operations, and as we look to the future and the adoption of alternative propulsion systems and autonomous ships, the importance of cyber security will only become more important. It is abundantly clear from our research that the shipping industry needs to do a lot more to protect itself from cyber threats. We hope that our report will provide the basis for further discussion in the next steps on this exciting journey.”Tom Walters, Partner, HFW
“Our industry has made great progress in recent years, both in terms of increasing awareness of cyber security and taking the action needed to close security gaps. But we have found that significant disconnects still exist between the industry’s expectations of cyber security and the realities on the ground.”Nick Chubb, Managing Director, Thetius
To read the full report, click here.