Skip to content
Menu
menu
Illustraton of a cargo ship outlines in blue and white cyber dots and lines

Illustrations by iStock

All Hands on Deck: Maritime Industry Considers Cybersecurity to Be Greatest Risk

More than 90 percent of the world’s goods move from one location to another using maritime transportation.

This gargantuan role in facilitating trade also makes maritime companies and their assets, including ships, lucrative targets for cyber criminals. In a survey of 489 maritime professionals between September and October 2024, 31 percent reported at least one infiltration by hackers in the 12 months prior to October 2024—compared to just 17 percent who experienced a breach in the five previous years.

The finding comes from DNV Cyber’s Maritime Cyber Priority 2024/2025: Managing Cyber Risk to Enable Innovation report.

“The cyber threat is causing concern at the highest levels of the maritime industry,” according to the report. “Seven in 10 professionals say that their leaders consider cybersecurity to be the greatest risk their organization faces. The proportion is higher among cyber professionals (80 percent) than it is among senior leaders themselves (70 percent), but the trend is clear and reflects broad industry concerns: 80 percent of all executives say their business has started taking cybersecurity more seriously in the wake of rising geopolitical tensions in the last year.”

Here are other major findings from the report:

Mariners are increasingly concerned about cybersecurity because ships themselves are more connected.

42,000. The minimum number of ships worldwide connected to satellite services, eliminating air gapping protections.

71 percent. Number of survey respondents who think their organization is more vulnerable to cyberattacks on Operational Technology (OT) than ever before.

61 percent. Survey respondents who said their organization is investing more in OT cybersecurity than the year before.

1224-Gates-Transportation-Maritime-Cybersecurity-02.jpg

The maritime industry is concerned about all types of threat actors:

79 percent – Organized cyber-criminal gangs

79 percent – Unintentional threat actors

73 percent - Hacktivists

66 percent – Foreign powers and state-sponsored actors

63 percent – Terrorist groups

63 percent – Vandals or script kiddies

61 percent – Malicious insiders or former insiders

46 percent – Competitors

1224-Gates-Transportation-Maritime-Cybersecurity-03.jpg

Concerns are especially paramount for exploits that leverage USB drives, which are used across maritime fleets for legitimate purposes.

8 in 10. The number of cyber incidents delivered via USB drive that are necessary for vessel operations.

When asked if they should accept an increase in cyber risk as a trade-off for digitization:

64 percent of maritime executives agreed

61 percent of mariners total agreed

50 percent of other critical industry personnel agreed

1224-Gates-Transportation-Maritime-Cybersecurity-05.jpg

The maritime industry is also “fairly confident” that it has prepared at least to “some extent” for a variety of cyberattack potential outcomes, including:

80 percent - Asset downtime interrupting operations

78 percent - Deactivation/shutdown of the organization’s core IT systems

77 percent- Theft of sensitive data (cargo manifests, crew details, client information)

75 percent - Harm to the environment

75 percent - Physical injury or loss of life

74 percent - Heightened regulatory scrutiny

67 percent - A grounded vessel

58 percent - Multiple grounded vessels

59 percent - Closure of a major port or strategic waterway

1224-Gates-Transportation-Maritime-Cybersecurity-06.jpg

Investment in cybersecurity in the maritime industry is largely driven by compliance and regulations (66 percent), followed by:

52 percent - A cyber incident or near-miss in my organization

31 percent - Avoiding financial or reputational damage

29 percent - Advances in digitalization across our business

28 percent - Pressure from a customer

13 percent - Strategic investment in new connected assets or infrastructure

13 percent - Geopolitical volatility

9 percent - Due diligence around new third-party relationships

9 percent - Procuring systems to connect operational assets

7 percent - Due diligence around capital expenditure

5 percent - Pressure from suppliers

But when asked about their cybersecurity training, 76 percent of respondents said it was not enough to prepare employees for today’s most sophisticated threats.

1224-Gates-Transportation-Maritime-Cybersecurity-07.jpg

The survey identified four key cybersecurity challenges the maritime faces in addressing the threats of today and the future:

  1. Ensuring experienced cyber professionals with knowledge of how to build and implement cybersecurity resilience in new systems and vessels have the access they need.

  2. Enhancing detection and response capabilities to minimize the consequences of marine OT.

  3. Assigning clear roles, responsibilities, and resources to handle OT cybersecurity in a continuous manner onshore and onboard vessels.

  4. Securing the many interdependencies and components in complex supply chains.


“Cyberattacks represent a growing threat to the safety of the maritime industry today. We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.” —Knut Ørbeck-Nilssen, CEO Maritime at DNV

arrow_upward