New research published by DNV claims that less than half (40%) of maritime professionals think their organisation is investing enough in cyber security, amid an almost universal expectation that cyber-attacks will disrupt ship operations in the coming years.
The Maritime Cyber Priority 2023: Staying secure in an era of connectivity report found that three quarters of the 800 maritime professionals surveyed believe a cyber incident is likely to force the closure of a strategic waterway (76%), while more than half expect cyber-attacks to cause ship collisions (60%), groundings (68%), and even result in physical injury or death (56%). 79% said that cyber security risks should be treated with as much importance as health and safety risks.
Three quarters (75%) of those surveyed believe that OT security is a significantly higher priority for their organisation than it was just two years ago. However, just one in three is confident that their organisation’s OT cyber security is as strong as its IT security.
“Cyber security is a growing safety risk, perhaps even ‘the’ risk for the coming decade,” said Knut Ørbeck-Nilssen, CEO Maritime at DNV.
“But crucially, it is also an enabler of innovation and decarbonisation. Because as we pursue greener, safer, and more efficient global shipping, the digital transformation of the industry is deeply dependent on securing these inter-connected assets. Making it vital that we work collaboratively to strengthen our collective cyber security.”
Most maritime professionals believe that regulation provides the strongest motivator to unlock cyber security funding, according to DNV’s research. 84% believe that regulation will drive investment in cyber security, but just over half are confident of the effectiveness of cyber security regulation (56%) and in their firms’ ability to meet requirements.
Just 36% of maritime professionals agree that complying with cyber security regulation is straightforward and almost half (44%) say that regulatory compliance requires technical knowledge that their organisation does not possess in-house.
“Regulation only sets a baseline for cyber security. It’s doesn’t guarantee security. Rather than taking it as our goal, the maritime industry should use it as a foundation on which to further improve and adapt to the changing threat landscape,” said Svante Einarsson, Head of Maritime Cyber Security Advisory, DNV.
“As we have seen in the safety domain, regulation becomes more straightforward and effective when it is supported by industry players coming together to share knowledge. Our research indicates that the industry needs to take big steps forward in openly sharing cyber security experiences – the good, the bad and the ugly – to collectively create security best practice guidance for a safer, more sustainable maritime sector.”
Barely three in 10 (31%) maritime professionals believe that organisations are effective at sharing information and lessons learned around cyber security threats and incidents. This lack of transparency is reflected in the belief of the majority (60%) that the maritime industry lacks standards for building an effective, repeatable approach to cyber security.