DNV acquires CyberOwl, expanding digital security business

The acquisition comes at a time when shipping faces compliance with new cyber-security regulations and needs to invest in incident detection, response and recovery as digitally connected systems on board vessels create new vulnerabilities. 

According to a study led by CyberOwl, a typical fleet of 30 cargo vessels now experiences an average of 80 cyber incidents a year. The study found the average cost of unlocking computer systems in the maritime sector reached US$3.2M as of 2023. 

Over the last few years, several global ports, shipowners and yards have reported being hacked, crippling major players from Maersk to MSC.

DNV has an institutional stake in cyber security; last January an attack affected the Norwegian classification society’s ShipManager service, affecting more than 70 customers and 1,000 vessels for more than a month.

DNV chief executive Remi Eriksen stressed the benefits of digitalisation and automation “cannot be realised” without a stronger approach to cyber security. He added, “That’s why DNV has placed cyber security at the heart of its growth strategy. Together, DNV and CyberOwl will reduce cyber risks and strengthen compliance across the maritime supply chain with services that support all aspects of an organisation’s cyber-security needs and manage risk at every stage of a vessel’s lifecycle.” 

New unified requirements from the International Association of Classification Societies’ (IACS) this year are placing tougher rules on measures that maritime organisations must take to govern, identify, protect, detect, respond to, and recover from cyber incidents. This follows IMO requirements already in place for vessel owners, operators and managers to establish cyber-security management systems. A 2023 report from DNV notes just over half (56%) of maritime professionals surveyed were confident in their ability to meet cyber-security regulatory requirements. 

Through CyberOwl’s Medulla platform and managed security services, the company helps owners and operators of hundreds of vessels to discover and maintain asset inventories, monitor for escalating cyber risks, crew behaviour and evaluate the effectiveness of security controls and cyber-security policies.

Mr Eriksen’s counterpart at CyberOwl, Daniel Ng, said both companies have converging interests in helping the shipping industry boost its security apparatus by combining cyber-security expertise with technical, operational and commercial expertise.

Earlier this year, DNV created its cyber-security services business, DNV Cyber, by merging its existing cyber-security business with two recently acquired companies, Nixu and Applied Risk.

The CyberOwl acquisition will further strengthen DNV’s maritime cyber security and emergency response services portfolio, creating one of the world’s largest specialists in maritime cyber security with a presence in five global shipping hubs – Oslo, London, Singapore, Hamburg and Piraeus. 

CyberOwl will be operated separately to DNV’s ship classification business, and the business will team up with DNV’s existing network of 3,500 maritime risk experts and 500 cyber-security specialists.