Rising Threat of Maritime Cyberattacks

257
Credits: Towfiqu Barbhuiya/Unsplash

In a world driven by connectivity and digitalisation, the maritime industry is not immune to the growing threat of cyberattacks, reports Baltic Exchange.

Cost of cyber-attacks is on the rise

A recent report by Thetius, law firm HFW, and maritime cybersecurity company CyberOwl reveals a sobering truth: the average cost of a cyberattack in the maritime sector has soared to $550,000, a threefold increase from $182,000 in 2022. Moreover, ransom demands have skyrocketed by more than 350%, with an average payment of $3.2 million, up from $3.1 million the previous year.

The report, titled “Shifting tides, rising ransoms and critical decisions”, underscores the urgency of addressing cybersecurity challenges in the maritime industry. With cybercrime poised to become a $10.5 trillion industry by 2025, it’s imperative for maritime organisations to fortify their defences against cyber threats.

The cost of cyber-attacks is on the rise,” said Nick Chubb, founder and managing director of Thetius.

The maritime industry’s vulnerability to cyberattacks is heightened by the proliferation of operational technology (OT) and Internet of Things (IoT) networks on merchant ships. These digital systems create fertile ground for generic and specific threats, including business interruption, financial exploitation, and damage to critical systems. Yet, one of the most significant concerns is the operational disruption that a cyberattack can inflict. The industry witnessed the global supply chain chaos resulting from the Ever Given’s grounding in early 2021, underscoring the potential magnitude of disruption driven by a cyber breach. Recent research from DNV suggests that a cyberattack could even lead to the closure of major waterways, amplifying the risk.

Cybercriminals see the maritime sector as a tantalising target, not only for the prospects of substantial ransom payments but also due to the escalating attention and sensitivities of charterers and port authorities to potential reputational damage. In response, maritime organisations can no longer afford to rely solely on basic cybersecurity measures; they must address the financial pressures involved in safeguarding their digital assets and networks.

Challenges in maritime cybersecurity

While there has been a noticeable increase in cyber awareness and maturity within the maritime community, the report highlights several challenges that remain. The maritime industry is in a state of flux, with key roles and responsibilities shifting, new risks emerging, and crucial investment decisions looming. These decisions are not solely about reducing quantifiable costs but also about mitigating the reputational damage that can follow a cyberattack.

Our findings show that while maritime cyber security has improved, the industry remains an easy target,” said Tom Walters, a partner at HFW. “Shipping organisations are being subject to more cyberattacks than ever before, and the cost of attacks and demand for ransom payments have skyrocketed. And as the use of technology continues to increase across all aspects of shipping – from ship networks to offshore installations and shoreside control centres – so does the potential for cybersecurity breaches.”

It’s crucial for maritime organisations to recognise the varying levels of risk and ensure that they are adequately resourced. Securing vessel systems differs significantly from securing enterprise IT, necessitating distinct processes, skill sets, and technologies. Building strong relationships with third parties, such as Original Equipment Manufacturers (OEMs), is essential for successful asset protection and surviving cyberattacks.

Cyber insurance also remains a challenge, with a significant proportion of industry professionals admitting their organisations lack adequate insurance coverage. This lack of maturity in cyber risk management makes many companies ineligible for comprehensive insurance policies, leaving them exposed to significant financial losses.

Cyber guidance

The report offers six recommendations to enhance cybersecurity in the maritime industry.

  • First, recognise that key roles in the maritime sector are evolving due to increased connectivity and digitalisation. Blending skills across all departments through cross-functional teams can help improve cyber risk management.
  • Second, make deliberate and comprehensive investment decisions for cybersecurity. A coherent security program, led by experts who understand the risks, is essential. Avoid point-based solutions that may result in high costs and low effectiveness.
  • Third, when deploying advanced satellite communications systems like Low Earth Orbit (LEO) technology, it accounts for additional cyber risks. Understand that LEO may increase cyber risks, necessitating greater protection.
  • Four, collaborate effectively with OEMs to ensure software meets industry standards and maintains security over time.
  • Five, ensure a clear understanding of your organisation’s cyber insurance policies. Having insurance is a start, but knowing its extent and limits is crucial.
  • Finally, evaluate contracts to assign responsibility and risk related to cyber incidents. Consider including well-drafted cyber security clauses if the contract lacks relevant provisions.

There is less scepticism about the need to manage the risk, more thoughtfulness on how best to spend each dollar in shoring up defences.”

However, the challenge for the change agents in shipping is that they are dealing with new risks in a new domain under sector-specific constraints, he added. “All of this in an environment where shipping companies are still too secretive to share benchmarks and best practice widely.”

Ng cautioned against a silo approach to cyber security, urging the sector to make the most of the specialist expertise available. “What works in other sectors may not work in shipping. And applying a generic approach could lead to expensive wastage.”

Did you subscribe to our daily newsletter?

It’s Free! Click here to Subscribe!

Source: Baltic Exchange