The state of cyber risk management in the maritime industry
In the last few years, the maritime industry has made great progress in improving its approach to cyber risk management, but significant gaps remain.
This report explores the gaps that exist between the industry’s perceptions of cyber security and reality, taking into account the views of more than 200 stakeholders from across the industry, including cyber security experts, seafarers, shoreside managers, industry suppliers, and C-suite leaders.
The research has uncovered three great disconnects that exist across the industry where expectations and reality don’t match up, cyber risk management efforts are lacking, or risks that are unique to maritime exist. These industry disconnects exist not just internally within maritime organisations, but across the maritime supply chain, and in how the industry approaches investment and risk.
- The financial cost of a cyberattack can be extreme: where they lead to a ransom payment, the average ransom paid by shipowners was US$3.1 million.
- Despite this, most shipowners significantly under-invest in cyber security management: more than half spend less than US$100,000 per year.
- Two-thirds of industry professionals don’t know whether their insurance covers cyberattacks.
- Only 55% of industry suppliers are asked by shipowners to prove they have cyber risk management procedures in place.
- More than 25% of seafarers don’t know what actions would be required of them during a cyber incident.
- Within organisations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.
- Contains an analysis of maritime cyber threats including who targets the maritime industry and why.
- Includes the results of an industry-first survey on attitudes to cyber risk management.
- Explores where maritime organisations need to improve their internal cyber security management.
- Examines the cyber risks that are included in the maritime supply chain.
- Investigates the maritime industry’s relationship with cyber risk including insurance and legal issues.
- Makes recommendations to the industry on how to improve cyber risk management.
This article is shared by courtesy of CyberOwl cyberowl.io – support the customer with Managed Services and Cybersecurity Advisory Services. So you can secure your operational assets regardless of your maturity or expertise.