News / The ‘double-edged sword’ that makes shipping an 'easy target’ for cyber crime

© Vchalup

Maritime organisations must protect their digital assets as cyber criminals become increasingly capable and ransom payments increase, warned a recent study by Thetius, CyberOwl and HFW. 

“Everything attached to a network can be hacked; everything is being attached to networks, therefore everything is vulnerable”, said Rod Beckstrom, former director of the United States Cyber Security Centre. 

In 2021 there were several high-profile attacks in the maritime supply chain, including on HMM, K-Line, Transnet, Port of Houston, CMA CGM, Swire Pacific Offshore, Danaos Management Consultants and Hellmann Worldwide Logistics. 

And there has been a shocking 200% rise in the cost of cyber-attacks, costing organisations an average of $550,000 over the last three years as the demand for ransom payments increased 357%, the average cost placed at $3.2m. 

The report data projects that by 2025, cybercrime could be a $10.5trn industry, which, if it were a nation state, would be the third largest global economy, behind the US and China.  

And it found that despite this costly risk, 25% of industry professionals did not have insurance against cyber-attacks and a further 37% confirmed their policy did not cover a claim they made following a cyber breach.  

The Loadstar previously reported on a $2.1m court claim faced by Expeditors after it was alleged it failed to implement a business continuity plan following a cyber-attack, owing to “inattentiveness and negligence”. 

Shipping is seen as particularly vulnerable to cyber threats, compared with other sectors, because of its points of weakness, or ‘disconnects’, in organisational structures, supply chain relationships and risk-sharing mechanisms. 

The study said: “Ships are becoming part of complex nodes on global business networks and their reliance on connectivity and digitalisation is growing” 

But, it warned, connectivity is a “double-edged sword”. 

According to a DNV survey this year, 87% of maritime professionals believe the future of the maritime industry relies on a significant increase in connected networks – but 90% think a serious disruption of fleet operations caused by a cyber-attack is likely. 

Advanced satellite communications such as Low Earth Orbit (LEO) networks are being trialled by shipping giants to improve connectivity at sea, but they widen the opportunities for cyber criminals to infiltrate ‘back door vulnerabilities’.  

Analysis by the CyberOwl team concluded: “A typical fleet of 30 cargo vessels experiences an average of seven cyber incidents a month, or over 80 a year…the average cyber incident on a vessel system took 57 days to resolve.” 

The first step towards preventing cyber-attacks, it suggests, is “overcoming the common scepticism that ‘it won’t happen to us’, and getting a better understanding of the total cost of cyber risk to the organisation. It can be equally damaging to assume that you’re on par with industry peers”. 

There has, however, been a significant increase in cyber defensive investment: 67% say they spend more than $100,000 a year on cyber security management – a 23% increase on 2022.