New research has found that where cyber attacks in the maritime industry lead to a ransom payment, shipowners pay more than $3m on average to the perpetrators.
A new 43-page report entitled The Great Disconnect, produced by maritime cyber security company CyberOwl, maritime innovation agency Thetius and law firm HFW, also reveals significant gaps in cyber risk management that exist across shipping organisations and the wider supply chain. It is based on a survey of more than 200 industry professionals, including C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers and also covers the increased risks of cyber attacks in the wake of Russia’s invasion of Ukraine.
Other key findings include the statistics that two-thirds of industry professionals do not know whether their insurance covers cyber attacks. Only 55% of industry suppliers are asked by shipowners to prove they have cyber risk management procedures in place.
Within organisations, the more senior someone’s role, both at sea and ashore, the less likely they are to be aware of a cyber attack, the report suggests. At sea, 26% of seafarers do not know what actions are required of them during a cyber security incident, and 32% do not conduct any regular cyber security drills or training. Ashore, 38% of senior leaders either don’t have a cyber security response plan or are unsure if their organisation has one, the results of the survey show.
Daniel Ng, CEO, CyberOwl, said: “The findings in this report help shipping leaders benchmark their own organisations. This goes beyond anecdotes and hearsay to statistics, backed by data-driven evidence from the fleets that CyberOwl monitors. Maritime cyber risk management is a continuous journey, prioritisation is key. Identifying where the real gaps are will help the shipping sector make smarter decisions, so it is no longer the weak link in the cyber resilience of global supply chains.”
44% of industry professionals reported that their organisation has been the subject of a cyber attack in the last three years. Of those, 3% resulted in a ransom being paid by the victim to the attacker, at an average cost of $3.1m. 54% of ship operators spend less than $100,000 per year on cyber security management.