Report: Shipping is an Easy and Lucrative Cybercrime Target

cybersecurity — Shipping is said to be an easy target with the risk increasing as new technologies are introduced

Shipping is an exciting and relatively easy target for cyber hackers who are looking for a quick thrill, concludes a new report exploring the state of cybersecurity in the maritime industry. Citing a 350 percent increase in ransom demands in the past year and an average payment of $3.2 million, the report prepared by law firm HFW and maritime cybersecurity company CyberOwl sees progress while warning “there is still huge room for improvement.”

The report highlights the dramatic growth in the use of technology, citing the rapid growth in the amount of data and functions incorporated into the systems, along with the vital link between ships and the home office. While they believe a better understanding is emerging of the risks, the report also highlights that as shipping companies as now testing advanced satellite communications such as Low Earth Orbit networks to improve connectivity, they are also widening the opportunity for cyber criminals to infiltrate backdoor vulnerabilities.

"Maritime operational technology and fleet operations management are now almost entirely digital, meaning that a cyberattack could compromise anything from vessel communication systems and navigation suites to the systems managing ballast water, cargo management, and engine monitoring and control,” says Tom Walters, a partner at HFW. “Failure of any of those systems could result in a vessel being stranded and potentially grounded. This is a critical issue for all parties involved in the shipping sector, and it's clear that the industry has to do more to protect itself against cyberattacks."

They warn that it is no longer possible to just budget for basic cyber protection systems. While they point to the unification of requirements by the International Association of Classification Societies, they believe maritime organizations must understand the varying levels of risk across key roles. CyberOwl notes that there however is some good news with an increasing focus on how best to invest in security and where the vulnerabilities are emerging.

Despite this, the report concludes that the cost of cyber risk is still poorly understood in the maritime industry. They highlight that within the last 18 months, the average cost of cyber-attacks has risen by 200 percent. While the number of attacks remained basically level in the past year, the average cost is now over $550,000.

“Our research shows that the industry has improved dramatically in a short space of time,” says Nick Chubb, Managing Director of Thetius. “But it also shows that cybercriminals are evolving faster.”

They note that a third of companies they surveyed are still spending less than $100,000 annually on cybersecurity management. While that is down from 54 percent in 2022, the report highlights that a quarter of respondents did not think their company had insurance in place to protect from the impact of a cyber-attack.

The report concludes by saying that the maritime sector must make the most of the resources available to it and do more to understand how roles and responsibilities are evolving. They believe more deliberate and holistic decisions are required on investments in cyber risk management, noting that the companies need to factor in the increased cyber risk as they assess the installation of new technologies.

With major shipping companies, consultants, suppliers to the industry, ports, and related businesses such as trucking and logistics, all having experienced cyber-attacks, they point out that the risk is far-reaching across the industry. Shipping has taken a more visible role in the global supply chain, and they conclude as such the risks are increasing, making the industry likely to continue to be a high-profile target for cybercriminals.