Lax cyber security measures can prove costly with research showing that where shipping companies paid a ransom as result of an attack it averaged some $3.1m.
New research into maritime cyber security carried out by Thetius for CyberOwl and HFW showed an alarming lack of awareness and preparedness to deal with cyberattacks.
The research report entitled ‘The Great Disconnect’ based on surveys and research interviews of over 200 maritime industry professionals. It was found that 38% of senior leaders ashore either didn’t have a cyber security plan or were unsure if their company had one. At sea some 26% of seafarers didn’t know what actions to take in a cyber security incident.
Being hit by some form of cyberattack is increasingly common and 44% of respondents said their organisation had been subject to an attack in the last three years.
Ransomware has become increasingly the hacker’s weapon of choice and 3% of those subject to an attack in the last three years paid a ransom averaging $3.1m. This is despite the payment of ransoms being a legally grey area.
But with the mean average annual cost of cyberattacks standing at $182,000, many do not see it as a serious problem with 54% spending less than $100,000 a year on cyber security management.
However, the report highlighted that they were failing to take into account the downside risk with one in 12 experiencing average annual cyberattack costs of $1.8m.
Just 34% of respondents said their organisation had cover for the impact of a cyberattack.
Tom Walters, Partner, HFW, commented, “The use of IT already underpins so much within global supply chain operations, and as we look to the future and the adoption of alternative propulsion systems and autonomous ships, the importance of cyber security will only become more important. It is abundantly clear from our research that the shipping industry needs to do a lot more to protect itself from cyber threats.”
Nick Chubb, Managing Director of Thetius, added, “Our industry has made great progress in recent years, both in terms of increasing awareness of cyber security and taking the action needed to close security gaps. But we have found that significant disconnects still exist between the industry’s expectations of cyber security and the realities on the ground.