NEW research from DNV found less than half (40%) of maritime professionals think their organisation is investing enough in cybersecurity.
The survey of 800 industry professionals warned of insufficient investment at a time when vessels and critical infrastructure are becoming increasingly connected to IT systems.
DNV published the findings of the survey in its report, Maritime Cyber Priority 2023: Staying secure in an era of connectivity.
It highlighted an almost universal expectation that cyberattacks will disrupt ship operations in the coming years.
Three quarters (76%) of those surveyed believed a cyber incident is likely to force a strategic waterway to close. More than half expected cyberattacks to cause ship collisions (60%), groundings (68%) and injuries or death (56%).
A majority of those surveyed (79%) indicated the industry considers cybersecurity risks to be as important as health and safety risks.
“The maritime industry is still thinking IT in an era of connected systems and assets,” DNV head of maritime cybersecurity advisory Svante Einarsson said.
“With ship systems being increasingly interconnected with the outside world, cyberattacks on operational technology are likely to have a bigger impact in the future,” he said.
Three quarters (75%) of survey participants believed operational technology security is a significantly higher priority for their organisation than it was two years earlier.
DNV said the new era of connectivity is creating new vulnerabilities, but that the maritime industry is confident in the possibilities it will enable.
The survey suggests 87% of maritime professionals believe the future of the industry relies on an increase in connected networks, and 85% believe connected technologies s are helping in the industry reduce emissions.
DNV Maritime CEO Knut Ørbeck-Nilssen said cybersecurity is a growing safety risk for the coming decade.
“But crucially, it is also an enabler of innovation and decarbonisation,” he said.
“Because as we pursue greener, safer, and more efficient global shipping, the digital transformation of the industry is deeply dependent on securing these inter-connected assets, making it vital that we work collaboratively to strengthen our collective cyber security.”
DNV’s said tighter regulation of maritime cybersecurity is on the horizon, and 84% of survey participants thought regulation would drive investment.
Of those surveyed, 56% were confident in their ability to meet requirements, 36% found regulation compliance to be straightforward, and 44% indicated regulatory compliance requires technical knowledge that their organisation does not possess in-house.
“Regulation only sets a baseline for cybersecurity. It doesn’t guarantee security,” Mr Einarsson said.
“Rather than taking it as our goal, the maritime industry should use it as a foundation, on which to further improve and adapt to the changing threat landscape.
“As we have seen in the safety domain, regulation becomes more straightforward and effective when it is supported by industry players coming together to share knowledge.
“Our research indicates that the industry needs to take big steps forward in openly sharing cybersecurity experiences – the good, the bad and the ugly – to collectively create security best practice guidance for a safer, more sustainable maritime sector.”
DNV’s survey also identified an apparent lack of transparency around cybersecurity threats; 31% of participants believed organisations are effective at sharing information and lessons learned from threats.
Sixty per cent of participants indicated the maritime industry lacks standards for building an effective, repeatable approach to cybersecurity.
