Classification society DNV had today a very interesting research regarding the insufficient investment in cyber security in shipping as risks escalate in the era of connectivity.
DNV’s new research report reveals that cyber-attacks will disrupt ship operations in the coming years. Three quarters of maritime professionals believe a cyber incident is likely to force the closure of a strategic waterway, and more than half expect cyber-attacks to cause ship collisions, groundings and even result in physical injury or death.
Insufficient funding is the maritime sector’s biggest barrier to greater cyber resilience in 2023, DNV warns, as safety-compromising threats to the industry’s operational technology gather pace.
The new research reveals that less than half (40%) of maritime professionals think their organization is investing enough in cyber security at a time when vessels and other critical infrastructure are becoming increasingly networked and connected to IT systems.
Tightening regulation raises hopes for greater investment in cyber security to be unlocked, according to DNV’s survey of more than 800 industry professionals, but concerns are emerging over rulebook effectiveness and companies’ ability to comply.
Three quarters (75%) of the 800 industry professionals surveyed by DNV believe that operational technology (OT) security – which manages, monitors, controls and automates physical assets such sensors, switches, safety and navigation systems, and vessels – is a significantly higher priority for their organization than it was just two years ago. Just one in three is confident that their organization’s OT cyber security is as strong as its IT security.
DNV’s research report called “Maritime Cyber Priority 2023: Staying secure in an era of connectivity” reveals an almost universal expectation that cyber-attacks will disrupt ship operations in the coming years. Three quarters of maritime professionals believe a cyber incident is likely to force the closure of a strategic waterway (76%). More than half expect cyber-attacks to cause ship collisions (60%), groundings (68%), and even result in physical injury or death (56%) as an overwhelming majority (79%) of professionals say the industry considers cyber security risks to be as important as health and safety risks.
Maritime organizations must prepare to comply with the new rules, including the IACS Unified Requirements and the EU’s NIS2 Directive from 2024, highlights DNV, but warns that regulation only sets a baseline for cyber security and it doesn’t guarantee security.
“Rather than taking it as our goal, the maritime industry should use it as a foundation, on which to further improve and adapt to the changing threat landscape,” says Svante Einarsson, Head of Maritime Cyber Security Advisory, DNV.
According to DNV’s research this new era of connectivity enables possibilities despite the vulnerabilities.
Some 87% of maritime professionals say the future of the industry relies on an increase in connected networks, and 85% say that connected technologies are helping the industry reduce emissions.