A new report from maritime cyber security company CyberOwl claims that shipowners pay around $3.1 million on average per ransom attack.
Despite this, most shipowners still significantly under-invest in cyber security management: more than 50 per cent spend less than $100,000 per year.
The report also highlighted significant gaps in cyber risk management that exist across shipping organisations and the wider supply chain.
Other key findings from the report include:
- Two-thirds of industry professionals don’t know whether their insurance covers cyberattacks
- More than 25 per cent of seafarers don’t know what actions would be required of them during a cyber incident
- Within organisations, the more senior someone’s role, the less likely they are to be aware of a cyberattack
The report was produced in cooperation with law firm HFW and the research was carried out by maritime innovation agency Thetius.
“The findings in this report helps shipping leaders benchmark their own organisations. This goes beyond anecdotes and hearsay to statistics, backed by data-driven evidence from the fleets that CyberOwl monitors,” said Daniel Ng, CEO of CyberOwl.
“Maritime cyber risk management is a continuous journey, prioritisation is key. Identifying where the real gaps are will help the shipping sector make smarter decisions, so it is no longer the weak link in the cyber resilience of global supply chains.”
Nick Chubb, Managing Director of Thetius, added: “Our industry has made great progress in recent years, both in terms of increasing awareness of cyber security and taking the action needed to close security gaps. But we have found that significant disconnects still exist between the industry’s expectations of cyber security and the realities on the ground.”
In November last year, intelligence company Intel 471 reported that the cybercrime underground was flush with shipping companies’ credentials.
On 22 June, PTI will be hosting its Cyber Security for Ports and Terminals 2022 event, striving to help create a more cyber-resilient industry. Sessions will include discussions about cyber-awareness and training, policy and standards, emerging risk factors for ports and terminals, and many more.
Registration for the event can be done here.