New research has found that where cyberattacks in the maritime industry lead to a ransom payment, shipowners pay more than $3 million on average to the perpetrators. The report, which was produced by maritime cyber security company CyberOwl and global, sector-focused law firm HFW, also reveals significant gaps in cyber risk management that exist across shipping organisations and the wider supply chain, despite progress made by IMO 2021.
It is based on a survey of more than more than 200 industry professionals, including C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers. The research was carried out by maritime innovation agency Thetius.
Other key findings include:
- The financial cost of a cyberattack can be extreme: where they lead to a ransom payment, the average ransom paid by shipowners was US$3.1 million.
- Despite this, most shipowners significantly under-invest in cyber security management: more than half spend less than US$100,000 per year.
- Two-thirds of industry professionals don’t know whether their insurance covers cyberattacks.
- Only 55% of industry suppliers are asked by shipowners to prove they have cyber risk management procedures in place.
- More than 25% of seafarers don’t know what actions would be required of them during a cyber incident.
- Within organisations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.
Daniel Ng, CEO, CyberOwl: “The findings in this report helps shipping leaders benchmark their own organisations. This goes beyond anecdotes and hearsay to statistics, backed by data-driven evidence from the fleets that CyberOwl monitors. Maritime cyber risk management is a continuous journey, prioritisation is key. Identifying where the real gaps are will help the shipping sector make smarter decisions, so it is no longer the weak link in the cyber resilience of global supply chains.”
Tom Walters, Partner, HFW: “Technology in the shipping industry is changing at an astonishing pace. The use of IT already underpins so much within global supply chain operations, and as we look to the future and the adoption of alternative propulsion systems and autonomous ships, the importance of cyber security will only become more important. It is abundantly clear from our research that the shipping industry needs to do a lot more to protect itself from cyber threats. We hope that our report will provide the basis for further discussion in the next steps on this exciting journey.”
Nick Chubb, Managing Director, Thetius: “Our industry has made great progress in recent years, both in terms of increasing awareness of cyber security and taking the action needed to close security gaps. But we have found that significant disconnects still exist between the industry’s expectations of cyber security and the realities on the ground.”