All Hands on Deck: Maritime Industry Considers Cybersecurity to Be Greatest Risk
More than 90 percent of the world’s goods move from one location to another using maritime transportation.
This gargantuan role in facilitating trade also makes maritime companies and their assets, including ships, lucrative targets for cyber criminals. In a survey of 489 maritime professionals between September and October 2024, 31 percent reported at least one infiltration by hackers in the 12 months prior to October 2024—compared to just 17 percent who experienced a breach in the five previous years.
The finding comes from DNV Cyber’s Maritime Cyber Priority 2024/2025: Managing Cyber Risk to Enable Innovation report.
“The cyber threat is causing concern at the highest levels of the maritime industry,” according to the report. “Seven in 10 professionals say that their leaders consider cybersecurity to be the greatest risk their organization faces. The proportion is higher among cyber professionals (80 percent) than it is among senior leaders themselves (70 percent), but the trend is clear and reflects broad industry concerns: 80 percent of all executives say their business has started taking cybersecurity more seriously in the wake of rising geopolitical tensions in the last year.”
Here are other major findings from the report:
Mariners are increasingly concerned about cybersecurity because ships themselves are more connected.
• 42,000. The minimum number of ships worldwide connected to satellite services, eliminating air gapping protections.
• 71 percent. Number of survey respondents who think their organization is more vulnerable to cyberattacks on Operational Technology (OT) than ever before.
• 61 percent. Survey respondents who said their organization is investing more in OT cybersecurity than the year before.
The maritime industry is concerned about all types of threat actors:
• 79 percent – Organized cyber-criminal gangs
• 79 percent – Unintentional threat actors
• 73 percent - Hacktivists
• 66 percent – Foreign powers and state-sponsored actors
• 63 percent – Terrorist groups
• 63 percent – Vandals or script kiddies
• 61 percent – Malicious insiders or former insiders
• 46 percent – Competitors
Concerns are especially paramount for exploits that leverage USB drives, which are used across maritime fleets for legitimate purposes.
8 in 10. The number of cyber incidents delivered via USB drive that are necessary for vessel operations.
When asked if they should accept an increase in cyber risk as a trade-off for digitization:
• 64 percent of maritime executives agreed
• 61 percent of mariners total agreed
• 50 percent of other critical industry personnel agreed
The maritime industry is also “fairly confident” that it has prepared at least to “some extent” for a variety of cyberattack potential outcomes, including:
• 80 percent - Asset downtime interrupting operations
• 78 percent - Deactivation/shutdown of the organization’s core IT systems
• 77 percent- Theft of sensitive data (cargo manifests, crew details, client information)
• 75 percent - Harm to the environment
• 75 percent - Physical injury or loss of life
• 74 percent - Heightened regulatory scrutiny
• 67 percent - A grounded vessel
• 58 percent - Multiple grounded vessels
• 59 percent - Closure of a major port or strategic waterway
Investment in cybersecurity in the maritime industry is largely driven by compliance and regulations (66 percent), followed by:
• 52 percent - A cyber incident or near-miss in my organization
• 31 percent - Avoiding financial or reputational damage
• 29 percent - Advances in digitalization across our business
• 28 percent - Pressure from a customer
• 13 percent - Strategic investment in new connected assets or infrastructure
• 13 percent - Geopolitical volatility
• 9 percent - Due diligence around new third-party relationships
• 9 percent - Procuring systems to connect operational assets
• 7 percent - Due diligence around capital expenditure
• 5 percent - Pressure from suppliers
But when asked about their cybersecurity training, 76 percent of respondents said it was not enough to prepare employees for today’s most sophisticated threats.
The survey identified four key cybersecurity challenges the maritime faces in addressing the threats of today and the future:
- Ensuring experienced cyber professionals with knowledge of how to build and implement cybersecurity resilience in new systems and vessels have the access they need.
- Enhancing detection and response capabilities to minimize the consequences of marine OT.
- Assigning clear roles, responsibilities, and resources to handle OT cybersecurity in a continuous manner onshore and onboard vessels.
- Securing the many interdependencies and components in complex supply chains.
“Cyberattacks represent a growing threat to the safety of the maritime industry today. We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.” —Knut Ørbeck-Nilssen, CEO Maritime at DNV