Maritime appetite for cyber risk notably higher than other industries

13 December 2024 Consultancy.eu

There is more willingness to accept heightened cybersecurity risks in the maritime industry than in other industries. That is one of the main findings from a new report from DNV.

The report from the engineering and consulting firm found that 61% of surveyed maritime professions believe their industry should be willing to accept more cyber risk associated with digitalization. They see it as a worthwhile trade-off, with digitalization certain to enable innovation and new technologies.

This appetite for risk is in contrast to other infrastructure industries like energy, manufacturing, and healthcare, which are less enthusiastic about adopting new technologies when security is likely to be at stake.

Acceptance for higher cyber risk as a trade-off for digitalization

Source: DNV Cyber

Cyberattacks have been on the rise in the maritime industry, much like in many other industries. The DNV study found that around a third of all maritime industry organizations suffered at least one infiltration by attacks in just the past year.

The actual number, however, might be much higher, with many organizations hesitant to publicly disclose such incidents. One CEO told the researchers that maritime organizations can expect over 60 incidents per year, with varying levels of severity. In the past few years, many European ports have experienced attacks from hackers associated with Russia, for example.

Against this backdrop, it has been for good reason that the maritime industry has been increasing their investments into cybersecurity in recent years. Over 60% of respondents said that their organizations invested more this year in both IT and OT cybersecurity than last they did last year.

The industry is increasing investment in cybersecurity

Source: DNV Cyber

“In the maritime industry, we must match our ambitions for digital transformation and decarbonization with a steadfast commitment to securing our people, the vessels and the systems we rely on,” said Knut Ørbeck-Nilssen, CEO of the Maritime business of DNV.

“Cyberattacks represent a growing threat to the safety of the maritime industry today. We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.”

Navigating the cyber tide

The industry is generally quite confident in its ability to deal with cyber risks, according to the survey. A majority of respondents agree that they have a robust ability to return to normal operations quickly following a cyberattack.

Industry confident in its preparation against cyber attacks

Source: DNV Cyber

An even larger majority agreed that their organizations have a good cybersecurity posture and a healthy level of readiness in the event of a cybersecurity risk. But that high level of confidence might be somewhat unfounded, according to DNV.

Cybersecurity experts are less confident than maritime executives on these organizations’ cybersecurity preparedness. Organizations might feel more prepared because they have been deploying more resources, but that comfort may be illusory.

“We must remember that cyber risks do not occur randomly and can emerge independently of any actions we take,” said Svante Einarsson from DNV. “Businesses have a sophisticated adversary to contend with, which complicates the picture significantly. Our experience is that maritime organizations are not as ready to detect or handle a cyber incident within the OT domain as they might think.”

Regulation is the greatest driver of cybersecurity investment Industry confident

Source: DNV Cyber

The greatest driver for maritime organizations to invest more in cybersecurity was regulation and compliance. That was followed by the powerful motivator of a previous cyber incident or a near-miss.

There is currently a long list of rules across the industry’s subsectors, with different jurisdictions imposing their own requirements. These include the European Union’s new NIS2 Directive, which looks at overall critical infrastructure.

One point brought nearly all the respondents together in agreement: The vast majority of maritime professionals (95%) said there should be more collaboration on cybersecurity among organizations within critical infrastructure industries.

Cyberattacks – from ransomware and malware to email attacks, data breaches, or DDoS attacks – are a formidable threat to businesses around the world and in a wide variety of industries. As digitalization picks up pace and organizations adopt new technologies, the threat will only become more pressing.