The global economy relies heavily on shipping, with over 90% of global trade transported by sea. However, the maritime industry remains an “easy target” for cybercriminals. This cyber risk and the cost of attacks and demand for ransom payments across the sector have skyrocketed over the past 12 months, according to a new report by global, sector-focused law firm HFW and maritime cyber security company CyberOwl.
The report, based on a survey of more than 150 industry professionals, reveals that the average cyberattack in the maritime industry now costs the target organization US$550,000, up from US$182,000 in 2022. Additionally, the average ransom payment has increased by more than 350% to US$3.2 million, up from US$3.1 million in 2022.
25% Do Not Have Insurance
The report also found that despite the rising costs of cyberattacks, most shipping organizations significantly under-invest in cyber security management. A third of survey respondents said their organization spends less than US$100,000 per year on cyber security, and 25% said their organization does not have insurance to cover cyber risk.
“Our findings show that while maritime cyber security has improved over the past decade, the industry remains an easy target,” said Tom Walters, Partner at HFW. “Shipping organizations are being subject to more cyberattacks than ever before, and the cost of attacks and demand for ransom payments have skyrocketed.”
Walters warned that the increasing use of technology across all aspects of shipping, from ship networks to offshore installations and shoreside control centers, makes the industry even more vulnerable to cyberattacks.
“A cyberattack could compromise anything from vessel communication systems and navigation suites to the systems managing ballast water, cargo management, and engine monitoring and control,” he said. “Failure of any of those systems could result in a vessel being stranded and potentially grounded, and we saw from the Ever Given the impact that can have on global supply chains.”
From “Why” to “How”:
Daniel Ng, CEO of CyberOwl, said that the good news is that the conversation on vessel cyber risk management has shifted away from the “why” towards the “how.” “There is less skepticism about the need to manage the risk, more thoughtfulness on how best to spend each dollar in shoring up defenses,” he said.
However, Ng cautioned that the challenge for the change agents in shipping is dealing with new risks in a new domain under sector-specific constraints. “All of this in an environment where shipping companies are still too secretive to share benchmarks and best practice widely,” he said. “The sector must make the most of the specialist expertise available. And those with specialist maritime cyber security knowledge must do more to share knowledge of risks and best practice.”
Nick Chubb, Managing Director of Thetius, said that the report shows that the industry has improved dramatically in a short time, but it also shows that cybercriminals are evolving faster.
“The costs of cyber-attacks are growing,” he said. “The impact that can be created in the global supply chain by exploiting a single easy target means the entire maritime industry needs to raise the bar.”
Report Recommendations:
- Investing in cyber risk management programs and resources
- Conducting regular cyber security risk assessments
- Implementing and maintaining appropriate cyber security controls
- Raising awareness of cyber security risks among employees
- Having a cyber security incident response plan in place
The report also recommends that the maritime industry collaborate more closely to share information on cyber threats and best practices.
Get the full report here.