A survey carried by the Danish shipowners association has found that 69% of 26 local owners were hit by cyber criminals in the past year.
In the poll of CEOs of local lines carried out by Danish Shipping, 42% of executives indicated that they are very worried or extremely worried that their company will be attacked or that their data will be lost in the coming 12 months.
Cyber threats must certainly be taken very seriously, commented Danish Shipping’s executive director, Maria Skipper Schwenn who said she was heartened that 69% of the companies surveyed have increased their IT security budgets in the past year.
“It is worrying that a majority of shipping companies have been subject to attacks against their IT systems and unfortunately this is a threat that is not expected to diminish in future. At the same time, it is important to emphasise that the attacks experienced by the shipping companies are attacks that any company is at risk of being exposed to. Therefore, it is not the ships and the safety of the crew that is of the greatest concern but attacks on land based systems and the consequences of these”, said the Danish Shipping executive.
By far the most high profile cyber attack to hit shipping in the past year was against Denmark’s largest shipowner. Maersk had hundreds of millions of revenues wiped off its books when it suffered a cyber attack in late June last year.
Consider this when choosing the Right Maritime Cyber Security Partner – No doubt if you are involved in ship management and operations you have been contacted by many “Cyber Security Experts” offering a full menu of ‘must have’ consulting, software, and hardware solutions.
1. Vendors that are pushing software, hardware, and services will (deliberately or not) emphasize only their solutions. Many will overpromise.
2. Do they have customer references. Be diligent and verify them.
3. Does all of their staff have the right experience? You should be reasonably skeptical. Don’t be afraid to ask and expect an answer.
4. Do make a visit to their business and service offices if you can; A best practice for “critical” service providers that is often overlooked.
5. Can you trust them with your most sensitive commercial, operational data and IT assets? Have a background check done on the principles and a financial and legal business check on the company.
6. Do have the service agreement and confidentiality agreement reviewed by your legal staff. It could avoid a lot of legal problems later on.
7. Do they have an appropriate Quality System in place? If you are a Maritime Shipping company this is a prudent prerequisite.
As the article states, the cyber threat is not specific for shipping companies.
Much less spectacular than all these stories floating around (pun intended) about vessels being hijacked on the high seas.