Industry spend on cyber security protections at odds with rise in maritime cyber-attacks

The shipping industry increased awareness when it comes to cyber security. Credit: Getty Images

Despite an increase in attacks and cyber risk awareness, spend on cyber security protections is polarised in the maritime industry, according to an industry survey.

Just under a third (31%) of respondents to the 2020 Safety at Sea and BIMCO Maritime Cyber Security survey said they had fallen victim to a cyber-attack in the last 12 months, up from 22% in last year’s survey. While 28% of respondents said that loss of money was a common effect of a cyber-attack, spend on cyber security is polarised. Just 18% of respondents said their organisation spends more than GBP40,000 (USD50,000) on cyber security measures, and19% spend less than GBP10,000 (USD12,400).

Spend on cyber security appears to be in stark contrast to industry awareness and attitude to cyber threats, with the majority (77%) stating they view cyber-attacks as high or medium risk to their organisations.

The rise in awareness is most likely due to the increase in cyber security attacks organisations are experiencing, as well as companies being more transparent when they have experienced an incident. The most recent network outages to be publicised was at the MSC Mediterranean headquarters in Geneva due to a malware attack. Malware is a malicious software designed by hackers to cause damage to data or systems or to gain unauthorised access to a network. Further, shipping and logistic operators, Toll Group, underwent two cyber attacks within the first six months of the year. The company was forced to shut down certain of its IT systems across multiple sites and business units in response to the attacks.

“Recently we have seen a number of maritime organisations declare their events and take definitive actions to remediate,” said Rachael Bardoe, director of Operations and Cyber Center of Excellence at Digital Container Shipping Association, “This builds an environment of trust, not only within the industry, but with their partners and customers too.  I think that other industries could learn from the maritime sector in this respect.”

Malware attacks were the third most common cause of cyber-attack in the last 12 months according to the 2020 Maritime Cyber Security survey respondents, with 33%. Meanwhile, phishing (the fraudulent attempt to gather sensitive information such as passwords through email) was identified as the main cause of cyber-attack experienced in the maritime industry at 68%. This was followed by spear phishing (the targeted form of phishing emails) at 41%.

However, despite the increased awareness and media attention, in total only a minority of respondents’ companies are investing in cyber protections (37%). With the majority of respondents citing loss of money (28%) as the most common effect of an attack, and 77% saying they would cancel contracts with third party suppliers should it be found they were responsible for the incident, the maritime industry still has a way to go when it comes to improving cyber resilience.