NOTNew research has found that when cyberattacks in the shipping industry result in ransom payments, shipowners on average pay the perpetrators more than $3 million.
The report, which was produced by maritime cybersecurity firm CyberOwl and industry-focused global law firm HFW, also reveals significant gaps in cyber risk management that exist in shipping organizations and across the supply chain. wider supply, despite the progress made by IMO 2021.
It’s based on a survey of over 200 industry professionals, including C-suite executives, cybersecurity experts, seafarers, shore managers and suppliers.
The research was conducted by maritime innovation agency Thetius.
Other key findings include:
- The financial cost of a cyberattack can be extreme: when it results in the payment of a ransom, the average ransom paid by shipowners is $3.1 million.
- Despite this, most shipowners significantly underinvest in cybersecurity management: more than half spend less than USD 100,000 per year.
- Two-thirds of industry professionals don’t know if their insurance covers cyberattacks.
- Only 55% of industry suppliers are asked by shipowners to prove that they have implemented cyber risk management procedures.
- More than 25% of seafarers do not know what actions would be required of them during a cyber incident.
- Within organizations, the higher a person’s role, the less likely they are to be aware of a cyberattack.
Daniel Ng, CEO of CyberOwl: “The findings of this report help shipping leaders benchmark their own organizations. It goes beyond anecdotes and hearsay to statistics, backed by evidence based on data from the fleets that CyberOwl monitors. Maritime cyber risk management is an ongoing journey, prioritization is key. Identifying where the real gaps lie will help the shipping industry make smarter decisions so that it is no longer the weakest link in the cyber resilience of global supply chains.
Tom Walters, Partner, HFW: “Technology in the shipping industry is changing at an amazing rate. The use of IT already underpins so much of global supply chain operations, and as we look to the future and adoption of alternative propulsion systems and autonomous vessels, the importance of cybersecurity will only grow in importance. It is clear from our research that the shipping industry needs to do much more to protect itself from cyber threats. We hope our report will provide the basis for further discussion in the next steps of this exciting journey.
Nick Chubb, Managing Director, Thetius: “Our industry has made great strides in recent years, both in terms of raising cybersecurity awareness and taking the necessary steps to close security gaps. But we found that there are still significant mismatches between industry expectations for cybersecurity and the realities on the ground.
To read the full report, click here.