Shipping companies need to overcome the issues they face when assessing their vulnerabilities to the ever-evolving cyber threat landscape
Vessel owners, operators and managers are constantly challenged by the changing cyber threats facing their IT networks, operational technology (OT) and assets.
Network intrusions and data theft can be prevented through effective cyber risk management and bolstered security. Vulnerabilities need to be identified to allow systems to be protected against these cyber threats.
Otherwise, shipping companies risk direct losses and the indirect consequences of a successful cyber attack, said Willis Towers Watson executive director and cyber cover specialist Andrew Hill.
He said cyber risk impact could include direct loss of revenue or loss of hire due to unavailable networks, during Riviera Maritime Media’s ‘Minimising cost and disruption after a cyber event’ webinar on 6 August. This was the concluding event of Riviera’s Maritime Cyber Security Webinar Week.
“It is important to understand the impact of cyber risk on maritime,” Mr Hill said. There will be the short-term impact of lost revenue and inability to take bookings. Shipping companies could “haemorrhage revenue and have increased costs of operations” he commented.
“There will be additional expenditure to get business back up and running,” said Mr Hill. This would include costs of hiring external specialists to manage the incident, and there may be physical damage to repair or replace.
Longer-term impacts from a successful cyber attack include “loss of revenue due to reputational damage, perhaps with customers taking their business elsewhere,” said Mr Hill. “If investigations show there were security lapses, there could be a loss of confidence.”
There are increasing examples of how cyber attacks through hacking and malware are impacting shipping companies. Carnival Corp was the latest victim of a ransomware attack with a security breach in August. During this unauthorised access, data files including information on passengers and seafarers were downloaded.
There have been other cyber attacks this year. Toll Group, Mediterranean Shipping Company (MSC), Anglo-Eastern and OSM Maritime Group reported cyber incidents involving ransomware, malware and hackers.
Mr Hill said the maritime sector was not immune from these threats and should be prepared to mitigate losses. “Do not be a victim of ignorance,” he said. “Take preventative steps for risk mitigation.”
Operators must understand the vulnerabilities on ships, have greater knowledge of how cyber attacks affect shipping and have adequate insurance cover for cyber risks in maritime.
Maritime is a late adopter of digitalisation and connectivity technology and subsequent cyber risk management. There are misconceptions that cyber risk poses a lesser threat to the marine sector because of the remote working of ships.
There has been a lack of reporting by organisations within the marine industry on how cyber risk is affecting them. “Public domain information does not show the actual number of attacks,” said Mr Hill.
There is also a lack of cyber security regulatory framework and inadequate maritime cyber risk insurance solutions. This needs to be addressed by IMO and its member states, said Mr Hill.
He also said the inadequate specialist knowledge of how cyber risk affects the marine sector and the cost of addressing vulnerabilities once they have been detected is too high.
This must be overcome if shipping companies are to be protected against the growing cyber threats to the industry.
In Q2 2020, WTW introduced CyNav, a product it developed with cyber risk cover specifically for ship operators and owners.