Shipping industry pays an average $3.2M in cyberattacks

• The shipping industry remains an “easy target” for cybercriminals, according to a recent report by global, sector-focused law firm HFW and maritime cybersecurity company CyberOwl

• Cyberattacks cost the target organization an average of $550,000, a threefold increase from 2022’s $182,000

• Ransom demands surged by more than 350%, with the average ransom payment reaching $3.2 million, up from $3.1 million in 2022

• Many shipping organizations underinvest in cybersecurity, with one-third allocating less than $100,000 annually, the study found

• Nearly two-thirds (42%) of industry professionals surveyed are uncertain about their insurance coverage for cyberattacks

• Industry experts emphasize the need for practical cybersecurity solutions, knowledge sharing, and industry-wide improvements to combat evolving cyber threats in the maritime sector

The maritime industry remains an “easy target” for cybercriminals, with cyberattacks costing the target organization an average of $550,000, a threefold increase from 2022’s $182,000, according to a recent report by global, sector-focused law firm HFW and maritime cybersecurity company CyberOwl.

Ransom demands also surged by more than 350%, with the average ransom payment reaching $3.2 million, up from $3.1 million in 2022.

The research, based on a survey of over 150 industry professionals, including C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers, reveals significant gaps in cyber risk management that exist across shipping organizations and the wider supply chain.

About 24% of the victims of cyberattacks were tricked into transferring funds to criminal organizations, according to the study.

RELATED READ: 1,000 ships hit as hackers attack DNV software

Despite these financial risks, many shipping organizations allocate inadequate resources to cybersecurity, with one-third investing less than $100,000 annually.

Insurance coverage and claims are also uncertain. Nearly two-thirds (42%) of industry professionals are indecisive about their insurance coverage for cyberattacks. A quarter (25%) believe no insurance is in place.

On a positive note, the report indicates improvements in industry preparedness. Eighty percent of survey respondents understand the actions needed during a cybersecurity incident, up from 74% in 2022.

Furthermore, 64% reported their organizations now have cybersecurity management procedures for supplier interactions, a notable increase from 55% the prior year.

Tom Walters, Partner, HFW, said: “Our findings show that while maritime cyber security has improved, the industry remains an easy target. Shipping organizations are being subject to more cyberattacks than ever before, and the cost of attacks and demand for ransom payments have skyrocketed. And as the use of technology continues to increase across all aspects of shipping – from ship networks to offshore installations and shoreside control centres – so does the potential for cybersecurity breaches.

“Maritime operational technology and fleet operations management are now almost entirely digital, meaning that a cyberattack could compromise anything from vessel communication systems and navigation suites to the systems managing ballast water, cargo management, and engine monitoring and control. Failure of any of those systems could result in a vessel being stranded and potentially grounded, and we saw from the Ever Given the impact that can have on global supply chains. This is a critical issue for all parties involved in the shipping sector, and it’s clear that the industry has to do more to protect itself against cyberattacks.”

Daniel Ng, CEO of CyberOwl, for his part, said: “The good news is that the conversation on vessel cyber risk management has clearly shifted away from the ‘why’ towards the ‘how’. There is less skepticism about the need to manage the risk, more thoughtfulness on how best to spend each dollar in shoring up defences.

“The challenge for the change agents in shipping is that they are dealing with new risks in a new domain under sector-specific constraints. All of this in an environment where shipping companies are still too secretive to share benchmarks and best practice widely. The sector must make the most of the specialist expertise available. And those with specialist maritime cyber security knowledge must do more to share knowledge of risks and best practice.

“What works in other sectors may not work in shipping. And applying a generic approach could lead to expensive wastage.”

Nick Chubb, managing director of Thetius, a maritime tech research agency that conducted the study, underscored the rapid evolution of cyber threats and the need for industry-wide improvements.

“Our research shows that the industry has improved dramatically in a short space of time. But it also shows that cybercriminals are evolving faster. The costs of cyber-attacks are growing. The impact that can be created in the global supply chain by exploiting a single easy target means the entire maritime industry needs to raise the bar,” he said.