A rise in maritime cyber threats (and one new solution)

Rapid digital transformation and changing regulatory requirements mean that cybersecurity is increasingly important for the maritime industry. 

Companies that are agile and can leverage new technologies have an advantage – and because shipping operations depend on software systems and digital communications, cybersecurity represents a critical risk area. So innovators are developing new solutions to secure the industry and avoid operations disruption. 

Cyber risk is increasing in the maritime industry

New research in 2023 produced by global law firm Holman Fenwick Willan (HFW) and maritime cybersecurity firm CyberOwl, and executed by maritime tech research agency Thetius, found that the industry is an ‘easy target’ for cyber criminals. The researchers surveyed over 150 industry professionals, from C-suite leaders to seafarers, shoreside managers, and cybersecurity experts, identifying ‘significant gaps’ in cyber risk management across the supply chain. 

And the cost of attacks and ransom demands have soared over the last year. Now, the average cyber attack in the maritime industry costs the target USD $550,000, compared with $182,000 in 2022. Demands for ransom have also increased by over 350% – and while the average ransom payment was $3.1 million in 2022, it’s $3.2 million in 2023. 

But although the risks are severe, shipping organisations are not investing heavily enough in cybersecurity systems. One third of those surveyed spend under $100,000 annually, and 25% of respondents said their organisation doesn’t have insurance that covers cyber risk. 

Nick Chubb (Managing Director at Thetius) said in a statement, 

“Our research shows that the industry has improved dramatically in a short space of time. But it also shows that cybercriminals are evolving faster. The costs of cyber-attacks are growing. The impact that can be created in the global supply chain by exploiting a single easy target means the entire maritime industry needs to raise the bar.”

So how can the industry raise the bar? 

In December 2023 Digital Ship reported that Korean marine mobile cybersecurity firm CYTUR Inc. has successfully undertaken its Smart Ship Cybersecurity Demonstration project this year, with funding from the Korean Ministry of Science and ICT, and the Korea Internet and Security Agency (KISA). 

Participants in the project included ship suppliers, ship builders, and academic and industrial experts. Across the course of the project, the analysis scope of shipping cyber threats increased by 400%, while resources invested in secure ship design were reduced by 83% – showing how critical this research is, and how important smart ship security solutions will be to protecting the industry in the future. 

As noted by Digital Ship, “the project was significant in that it reduced the time and costs associated with ship construction and improved security through the application of cybersecurity technology based on the life cycle of smart ships.” 

And based on the best practices developed via the research, CYTUR Inc. plans to release:

• A cybersecurity technology called SHIPPOT™ designed for specialised ships
• A network intrusion detection system for ships
• A cyber awareness, education and training system for ships
• A threat monitoring service for shipping firms
• A zero trust security model for ships

By the time the research was published, the attack surfaces on operational ships had grown by 1,034% compared to January 2022. So new, effective, and comprehensive solutions for maritime cybersecurity are absolutely needed – in order to protect the complex network of operations that underpins the industry.