The maritime industry remains an “easy target” for cybercriminals, and the cost of attacks and demand for ransom payments across the sector have skyrocketed, according to the research findings from law firm HFW and maritime and offshore system cyber risk management specialist, CyberOwl.

The report, which was produced in collaboration with HFW and maritime research agency, Thetius features exclusive insight from interviews and a survey of more than 150+ maritime stakeholders, including cyber security experts, seafarers, shoreside managers, industry suppliers, and C-suite leaders.

It reveals a sector facing increasing attacks, rising ransoms, and climbing costs.

It also shows that in the last few years, the maritime industry has made great progress in improving its approach to cyber risk management, but significant gaps remain.

The research reveals that the financial cost of a cyberattack can be extreme, as the average price paid for ransom by shipowners is now US$3.2 million.

Despite this, most shipowners significantly under-invest in cyber security management. More than half spend less than US$100,000 per year.

Two-thirds of industry professionals don’t know whether their insurance covers cyberattacks.

Only 55% of industry suppliers are asked by shipowners to prove they have cyber risk management procedures in place.

Furthermore, the report shows that more than 25% of seafarers don’t know what actions would be required of them during a cyber incident.

Key findings in the study also include that “within organisations, the more senior someone’s role, the less likely they are to be aware of a cyberattack.”

As it is reported, while the number of attacks appears to have stabilised, the cost to organisations has significantly increased. But what’s most alarming, is the demand for these payments. Since 2022, the frequency of ransom payouts has sharply risen.

“The cost of cyber attacks in on the rise. Hackers are demanding greater ransom payments than previously and those targeted have little choice but to pay the price,” says CyberOwl.

The research has uncovered three great disconnects that exist across the industry where expectations and reality don’t match up, cyber risk management efforts are lacking, or risks that are unique to maritime exist. These industry disconnects exist not just internally within maritime organisations, but across the maritime supply chain, and in how the industry approaches investment and risk.

The report contains an analysis of maritime cyber threats and the results of an industry-first survey on attitudes to cyber risk management. It also explores where maritime organisations need to improve their internal cyber security management and examines the cyber risks that are included in the maritime supply chain.

CyberOwl also investigates the maritime industry’s relationship with cyber risk including insurance and legal issues, whilst it makes recommendations to the industry on how to improve cyber risk management.