HFW: Navigating the Choppy Waters of Maritime Cybersecurity 

The maritime industry, the unsung hero of global trade, is embarking on a digital transformation. Ships and the infrastructure supporting them are getting smarter and more connected, promising smoother operations and greater efficiencies. Yet, lurking beneath the surface, like an unseen iceberg, is the growing menace of cyberattacks. In this article, we’ll dive deep into the findings from the recent report “Shifting Tides, Rising Ransoms, and Critical Decisions” It reveals the state of maritime cybersecurity, and we’ll also chat with experts to get a sense of the challenges and opportunities in this ever-evolving landscape. 

Setting Sail into a Digital Future 

Picture the maritime sector as a ship sailing into the digital future. It’s a journey driven by technology, economic factors, and a sense of “Let’s get connected!” But, much like any voyage, there are storms ahead. You see, as vessels and critical maritime infrastructure become more connected, the good things – like operational efficiency – come with a side of trouble in the form of cyber threats. 

In fact, if global cybercrime were a country, it’d be the world’s third-largest economy after the US and China! That’s a tidbit from a 2022 cyber security report by Cyber Security Ventures. It’s like a glaring lighthouse warning us of the importance of cybersecurity in our digital world. 

Tom Walters, Partner at HFW, knows the waters well and warns us, ” Our findings show that while maritime cyber security has improved, the industry remains an easy target. Shipping organisations are being subject to more cyberattacks than ever before, and the cost of attacks and demand for ransom payments have skyrocketed. And as the use of technology continues to increase across all aspects of shipping – from ship networks to offshore installations and shoreside control centres – so does the potential for cybersecurity breaches.” 

Show Me the Money: The Costs of Cyberattacks 

Alright, let’s dive right into the deep waters of financial costs. Recent research revealed that the bills for maritime cyberattacks have been sailing north: 

  • The average cost of a maritime cyberattack is now around $550,000. That’s a whopping 200% increase since 2022. It’s like you ordered a dinghy, but they delivered a luxury yacht! 

And if that doesn’t make you seasick, here’s more: 

  • Ransom demands have surged by over 350% in the last year. The average ransom is now $3.2 million, up from $3.1 million in 2022. 
  • The worst part? Some folks were fooled into transferring their hard-earned cash to these cyber-crooks. To put it simply, they got scammed! 

But here’s the part that might make you throw your lifejacket overboard: 

  • A third of shipping organizations spend less than $100,000 a year on cybersecurity. It’s like bringing a water gun to a naval battle! 
  • Even worse, 25% of respondents admitted their organizations don’t have insurance to cover cyber risks. Imagine your ship sailing without any insurance, yikes! 

Raising the Anchor: Cyber Preparedness 

The good news is, while some ships are still using paper maps, many have upgraded to GPS. So, cyber preparedness is on the rise: 

  • 80% of respondents now know what to do when a cyberattack hits. It’s like the crew finally knows how to handle rough seas. 
  • 64% reported that their organizations have cybersecurity procedures for suppliers. It’s like they’re installing security cameras at all the entrances! 

So, things are looking up, but don’t break out the champagne just yet. Daniel Ng, CEO of CyberOwl, knows the score, “T the conversation on vessel cyber risk management has clearly shifted away from the ‘why’ towards the ‘how’. The challenge for the change agents in shipping is that they are dealing with new risks in a new domain under sector-specific constraints. All of this in an environment where shipping companies are still too secretive to share benchmarks and best practice widely. The sector must make the most of the specialist expertise available. And those with specialist maritime cyber security knowledge must do more to share knowledge of risks and best practice. ” 

Nick Chubb, Managing Director of Thetius, puts it succinctly, “The industry has improved, but the cybercriminals are evolving even faster. The costs are going up. It’s time for the whole maritime industry to raise the bar.” 

The New Maritime Landscape 

Now, as our maritime world goes full digital, it’s like upgrading from an old dinghy to a turbo-charged speedboat. But this also means the risks have become a lot more serious. 

Operational technology (OT) and fleet operations management are now almost entirely digital. This means that a cyberattack could mess with critical ship systems, like communication, navigation, ballast water, cargo management, and engine control. If one of these systems goes haywire, you might find your ship stranded or worse, run aground. Just think of the chaos caused when the Ever Given got stuck in the Suez Canal in early 2021. A cyberattack leading to such an event could have equally catastrophic consequences. 

Not Just a Maritime Problem 

And remember, it’s not just the ships at sea; the entire industry is at risk. Critical infrastructure like offshore installations and renewables rely on services provided by the maritime sector. Imagine data in fiber optic cables, oil, and gas in pipelines, and electricity in high-tension cables – all of these are prone to attacks. These systems are serviced by many maritime providers, and if something goes wrong here, it’s like a domino effect on the entire industry. 

Navigating the Storm: Recommendations 

  • To stay afloat in these turbulent cyber-waters, it’s important to understand how the roles of key crew members are changing. It’s like training your sailors to use newfangled navigation equipment. 
  • Make smart and holistic decisions about your cyber risk management. Don’t just throw money at problems; make a proper plan led by someone who knows the ropes. 
  • When you’re installing fancy new satellite communication systems, like LEO, make sure to budget for the additional cybersecurity measures. It’s like getting a state-of-the-art navigation system for your ship; you want it to work without any hiccups. 
  • Build good relationships with the Original Equipment Manufacturers (OEMs). These folks provide your ships with all their cool tech. But remember, it’s not a one-time job; you need to keep your ship’s tech up to date, like regularly servicing your car. 
  • Insurance can be your lifejacket in the storm. So, make sure you have the right insurance coverage, but more importantly, understand what it covers. It’s like making sure your ship is insured, and you’re well aware of the coverage. 
  • Don’t forget to check your contracts. Have clear agreements on who’s responsible in case of a cyberattack. It’s like having a ship charter agreement, but this time it’s for cybersecurity. 
  • Lastly, don’t be an island; work together with others in the maritime industry. Share your experiences, best practices, and lessons learned. It’s like telling your fellow sailors about a secret shortcut through the seas. Cooperation can make a big difference. 

As the maritime industry charts a course into a digital future, the importance of robust cybersecurity becomes crystal clear. It’s time for all hands on deck to navigate the challenges and ensure a safe journey through the cyber-infested waters of the 21st century. So, let’s raise the anchor, set sail, and face the digital horizon with preparedness, cooperation, and a watchful eye on the ever-evolving maritime cybersecurity landscape. 

About ‘Shifting Tides, Rising Ransoms And Critical Decisions: Progress on Maritime Cyber Risk Management Maturity’ 

The report is based on a combination of primary research including one to one interviews and a survey of industry stakeholders alongside high quality secondary sources including academic research, journals, and published media. 12 primary research interviews were conducted with industry stakeholders including ship operators, cyber security experts, and industry suppliers at various levels of seniority.  

The industry survey received 146 responses. 45% of responses were from members of staff at shipping companies, 44% of responses were from members of staff at industry suppliers or service providers, 5% were from seafarers, and 6% of responses were from other areas. The subsequent analysis of the data was conducted by Thetius analysts, with support from team members at CyberOwl and HFW.