Business Sectors
Events
Contents
Register to read more articles.
Shipping remains 'easy target' for cyber criminals
The report, produced by law firm HFW and maritime cyber-security company CyberOwl, reveals the average cyber attack in the maritime industry now ends up costing the target organisation US$550,000 – up from US$182,000 in 2022
It also shows that demands for ransom have increased, with the average ransom payment now US$3.2M – up from US$3.1M last year.
The report is based on a survey of more than 150 industry professionals – including C-suite leaders, cyber-security experts, seafarers, shoreside managers and suppliers – and reveals significant gaps in cyber-risk management that exist across shipping organisations and the wider supply chain, despite progress made by IMO 2021.
Key findings from the study suggest up to 24% of the victims of cyber attacks were tricked into transferring funds to criminal organisations. But despite this, the report concludes most shipping organisations still under-invest in cyber-security management. And one in four, or 25% of respondents surveyed in the study said their organisation does not have insurance to cover cyber attacks.
In carrying out the research for the report, maritime technology research agency Thetius found one tonnage provider that cited confusion around the role of regulatory compliance measures in the industry as being behind "a misaligned attitude to risk".
The provider said, “Many shipowners are used to tolerating high risks, and this is happening with cyber risk, too. For some, the default approach is to meet new rules and standards at the minimum baseline.”
However, the report found evidence that overall levels of preparedness seem to be improving: 80% of survey respondents understand what actions would be required of them in the event of a cyber-security incident (up from 74% in 2022), and 64% said their organisation has cyber-risk management procedures for dealing with suppliers (up from 55% in 2022).
Similar concerns over a lack of preparedness were echoed in a survey conducted by class society DNV earlier this month.
Recent years have seen attacks cripple major shipowners from Maersk to MSC. This January, a cyber attack affected DNV’s ShipManager service affecting more than 70 customers and 1,000 vessels.
Last year, Singapore offshore rig building specialist Sembcorp Marine reported a cyber incident after an unauthorised party accessed part of its IT network via third-party software products.
HFW partner Tom Walters said, "Maritime operational technology and fleet operations management are now almost entirely digital, meaning a cyber attack could compromise anything from vessel communication systems and navigation suites to the systems managing ballast water, cargo management and engine monitoring and control. Failure of any of those systems could result in a vessel being stranded and potentially grounded.”
CyberOwl chief executive Daniel Ng added, "The good news is the conversation on vessel cyber-risk management has clearly shifted away from the ’why’ towards the ’how’. There is less scepticism about the need to manage the risk, and more thoughtfulness on how best to spend each dollar in shoring up defences.”
Mr Ng said the challenge for shipping is dealing with new risks in a new domain under sector-specific constraints.
“The sector must make the most of the specialist expertise available. And those with specialist maritime cyber-security knowledge must do more to share knowledge of risks and best practices. What works in other sectors may not work in shipping. And applying a generic approach could lead to expensive wastage."
Sign up for Riviera’s series of technical and operational webinars and conferences in 2023:
- Register to attend by visiting our events page.
- Watch recordings from all of our webinars in the webinar library.
Related to this Story
Events
Offshore Support Journal Conference, Americas 2025
07 Oct 2025
Rio de Janeiro
LNG Shipping & Terminals Conference 2025
21 Oct 2025LONDON
Vessel Optimisation Webinar Week
23 Oct 2025BST - ONLINE
© 2024 Riviera Maritime Media Ltd.
