New research has found that where cyberattacks in the maritime industry lead to a ransom payment, ship owners pay more than US$3 million on average to the perpetrators.
The report, which was produced by maritime cyber security company CyberOwl and global law firm HFW, has also revealed significant gaps in cyber risk management that exist across shipping organisations and the wider supply chain, despite progress made by IMO 2021.
Tom Walters, Partner of HFW, said, “It is abundantly clear from our research that the shipping industry needs to do a lot more to protect itself from cyber threats. We hope that our report will provide the basis for further discussion in the next steps on this exciting journey.”
The cyber risk management research, which was carried out by maritime innovation agency Thetiusis, is based on a survey of more than 200 industry professionals, including C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers, according to a statement.
Despite the cyber security progress of the shipping industry in recent years, Nick Chubb, managing director at Thetius, pointed out that the research has found “significant disconnects still exist between the industry’s expectations of cyber security and the realities on the ground.”
The report showed that the financial cost of a cyberattack can be extreme: where they lead to a ransom payment, the average ransom paid by shipowners was US$3.1 million. Despite this, most shipowners significantly under-invest in cyber security management with more than half spending less than US$100,000 per year.
Additionally, two-thirds of industry professionals don’t know whether their insurance covers cyberattacks, according to the cyber risk management report, while only 55% of industry suppliers are asked by shipowners to prove they have cyber risk management procedures in place and more than 25% of seafarers don’t know what actions would be required of them during a cyber incident.
The report also said that within organisations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.
“The findings in this report help shipping leaders benchmark their own organisations. This goes beyond anecdotes and hearsay to statistics, backed by data-driven evidence from the fleets that CyberOwl monitors. Maritime cyber risk management is a continuous journey, prioritisation is key. Identifying where the real gaps are will help the shipping sector make smarter decisions, so it is no longer the weak link in the cyber resilience of global supply chains,” commented Daniel Ng, CEO of CyberOwl.