Business Sectors
Events
Offshore Wind Webinar Week
22 Sep 2025
BST - ONLINEContents
Register to read more articles.
DNV: cyber risk appetite in maritime grows despite recognition of increased threat
Ships’ increasing digital connectivity and integrated systems create vulnerabilities to cyber attacks, but a survey of the maritime industry shows that the sector’s general appetite for risk is growing despite seafarer training not keeping up with technology advances
In a survey of hundreds of maritime professionals about digitalisation and cyber risks, around 61% of respondents said the industry must accept the increased cyber risk from digitalisation if it enables innovation and new technologies.
The maritime sector’s appetite to taking on emerging risks arising from digitalisation is notably higher than other critical infrastructure industries including energy, manufacturing and healthcare.
Of the almost 500 maritime professionals surveyed by Norwegian class society DNV, 71% said leaders of their organisations consider cyber security to be the greatest risk their business faces.
Shipowners, operators, managers, ports and the entire maritime value chain are increasingly reliant on more connected digital technologies as the industry transforms to become greener, safer and more efficient.
Maritime professionals in the survey pointed to advanced data analytics, the internet of things, artificial intelligence, machine learning, high-bandwidth satellite communications and autonomous operations as presenting the greatest opportunities for their businesses in the coming years.
These make the industry more vulnerable to cyber attacks, and require high levels of security. In the survey, 83% said their organisation has a good cyber-security posture, and 71% are confident their organisation would quickly get back to business as normal following a cyber attack.
Around 73% reported their organisation is increasing cyber-security spending compared with 2023. The majority stated their organisation was prepared against potential outcomes, such as asset downtime and disruption to operations, theft of sensitive data, physical injury or loss of life and a grounded vessel.
While industry awareness of cyber risks and cyber-security investments have grown rapidly, there are signs of a false sense of security within the maritime industry. 53% of those surveyed are confident their organisation can demonstrate full visibility of supply chain vulnerabilities.
Additionally, 68% thought their organisation’s IT security is stronger than its operational technology (OT) security – which is linked to physical assets like sensors, programmable logic controllers, and enables automation, safety and navigation systems.
Some 76% said the cyber-security training their organisation provides is not advanced enough to protect against sophisticated threats.
“Organisations may feel they are prepared as more resources are being deployed to manage cyber risk, but the reality is more complex than that,” said DNV head of maritime cyber security Svante Einarsson.
Training needs to be implemented across the maritime sector to increase awareness of the latest cyber threats and to prevent security breaches, as does investment in prevention, response and recovery.
The appetite to improve cyber security is increasing as more owners are impacted by incidents and near misses, but training is still not advanced enough to protect against sophisticated attacks.
“Cyber attacks represent a growing threat to the safety of the maritime industry today," said DNV maritime chief executive Knut Ørbeck-Nilssen. "We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.”
He said training should be centred around digital and cyber awareness, "placing cyber risk alongside other safety risks."
Cyber security is not just about compliance with IMO and other upcoming regulations covering critical infrastructure and newbuild ships, it is about protecting vessels, seafarers and companies, and improving response and recovery after cyber attacks. This requires greater levels of collaboration, co-operation, transparency and information sharing.
"We should boost collaboration and transparency for a stronger, more resilient industry," said Mr Ørbeck-Nilssen. "We need more information sharing and training on how to manage cyber risks, understand attack vectors and manage security breaches."
Cyber risks can be intentional, such as state-backed and targeted, but 99% is unintentional, non-focused and wide reaching, from criminals seeking to extort money from individuals or companies.
"Hackers are sharing information, so as an industry we need to treat cyber as a traditional safety risk not to be competed on. We should share information and develop collaborations," said Mr Ørbeck-Nilssen.
Sign up for Riviera’s series of technical and operational webinars and conferences in 2025:
- Register to attend by visiting our events page.
- Watch recordings from all of our webinars in the webinar library.
Related to this Story
Events
Offshore Wind Webinar Week
22 Sep 2025BST - ONLINE
Maritime Decarbonisation, Europe: Conference, Awards & Exhibition 2025
30 Sep 2025Amsterdam
Offshore Support Journal Conference, Americas 2025
07 Oct 2025Rio de Janeiro
© 2024 Riviera Maritime Media Ltd.
