Maritime industry pays average US$3m ransom in cyberattacks, according to new research

New research has found that where cyberattacks in the maritime industry lead to a ransom payment, shipowners pay more than $3 million on average to the perpetrators.  The report, which was produced by maritime cyber security company CyberOwl and law firm HFW, also reveals significant gaps in cyber risk management that exist across shipping organizations and the wider supply chain, despite progress made by IMO 2021.

The research is based on a survey of more than 200 industry professionals, including C-suite leaders, cyber security experts, seafarers, shoreside managers, and suppliers.  It was carried out by maritime innovation agency Thetius.

Other key findings include:

  • The financial cost of a cyberattack can be extreme: where they lead to a ransom payment, the average ransom paid by shipowners was $3.1 million.
  • Despite this, most shipowners significantly under-invest in cyber security management: more than half spend less than $100,000 per year.
  • Two-thirds of industry professionals don’t know whether their insurance covers cyberattacks.
  • Only 55% of industry suppliers are asked by shipowners to prove they have cyber risk management procedures in place.
  • More than 25% of seafarers don’t know what actions would be required of them during a cyber incident.

Within organizations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.

Daniel Ng, CEO, CyberOwl: “The findings in this report helps shipping leaders benchmark their own organizations. This goes beyond anecdotes and hearsay to statistics, backed by data-driven evidence from the fleets that CyberOwl monitors. 

“Maritime cyber risk management is a continuous journey, prioritization is key. Identifying where the real gaps are will help the shipping sector make smarter decisions, so it is no longer the weak link in the cyber resilience of global supply chains.”

Tom Walters, Partner, HFW: “Technology in the shipping industry is changing at an astonishing pace. The use of IT already underpins so much within global supply chain operations, and as we look to the future and the adoption of alternative propulsion systems and autonomous ships, the importance of cyber security will only become more important. 

“It is abundantly clear from our research that the shipping industry needs to do a lot more to protect itself from cyber threats. We hope that our report will provide the basis for further discussion in the next steps on this exciting journey.”

Nick Chubb, Managing Director, Thetius: “Our industry has made great progress in recent years, both in terms of increasing awareness of cyber security and taking the action needed to close security gaps. But we have found that significant disconnects still exist between the industry’s expectations of cyber security and the realities on the ground.”

Text credit: CyberOwl

Photo credit: iStock/ pigphoto

The best maritime news and insights delivered to you.

subscribe maritime fairtrade

Here's what you can expect from us:

  • Event offers and discounts
  • News & key insights of the maritime industry
  • Expert analysis and opinions on corruption and more