Maritime appetite for cyber risk notably higher than other key industries, new report reveals

13.11.2024

Oslo, 13 November 2024 – A new report published by DNV reveals that the majority (61%) of maritime professionals believe the industry should accept increased cyber risk from digitalization if it enables innovation and new technologies. The sector’s appetite to take on emerging risks arising from digital transformation is notably higher than other critical infrastructure industries including energy, manufacturing and healthcare.

The industry’s increasing appetite for cyber risk comes at a time when it must manage a growing volume of vulnerabilities. Seven in 10 (71%) of the almost 500 maritime professionals surveyed by DNV believe their organizations’ industrial assets are more vulnerable to cyber-attacks than ever before, while the same proportion (71%) say the leaders of their organizations consider cyber security to be the greatest risk their business faces.

Knut Ørbeck-Nilssen, CEO Maritime at DNV

In the maritime industry, we must match our ambitions for digital transformation and decarbonization with a steadfast commitment to securing our people, the vessels and the systems we rely on,” says Knut Ørbeck-Nilssen, CEO Maritime at DNV. “Cyber-attacks represent a growing threat to the safety of the maritime industry today. We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.

Ship owners, ports, and the entire maritime value chain are increasingly reliant on ever more connected digital technologies as the industry transforms to become greener, safer, and more efficient. Maritime professionals point to advanced data analytics, the internet of things, AI & machine learning, high-bandwidth satellite communications, and autonomous operations as presenting the greatest opportunities for their businesses in the coming years.

While interconnectivity and new technologies bring opportunities, they also make the industry more vulnerable to cyber-attacks. Maritime professionals are confident the industry is managing the risk. More than eight in 10 (83%) say their organization has a good cyber security posture, and seven in 10 (71%) are confident their organization would quickly get back to business as normal following a cyber-attack.

Contributing to this confidence, almost three quarters of maritime professionals (73%) report that their organization is increasing cybersecurity spending compared to last year. A majority say their organization has prepared against potential outcomes such as asset downtime and disruption to operations, theft of sensitive data, physical injury or loss of life, and a grounded vessel.

While industry awareness of cyber risk and cybersecurity investment have grown rapidly, there are signs of a false sense of security within the maritime industry. Only half (53%) of those surveyed are confident their organization can demonstrate full visibility of supply chain vulnerabilities, a concern given the recent rise in cyber-attacks targeting supply chains.

Additionally, 68% believe their organization’s IT security is stronger than its operational technology (OT) security – which is linked to physical assets like sensors, programmable logic controllers (PLC), and enables automation, safety and navigation systems. Some 76% say that the cyber security training that their organization provides is not advanced enough to protect against sophisticated threats.

Svante Einarsson, Head of Maritime Cybersecurity at DNV Cyber

Organizations may feel they are prepared as more resources are being deployed to manage cyber risk, but the reality is more complex than that,” says Svante Einarsson, Head of Maritime Cybersecurity at DNV Cyber. “Businesses have a sophisticated adversary to contend with, which complicates the picture significantly. We need to protect both IT and OT, and be ready to respond should an attack be successful.

Concerns are heightened among maritime professionals due to geopolitical tensions but also because of growing criminal activity. One notable trend is the increase in concern related to criminal gangs that have identified the huge profit potential from ransomware attacks: 79% of maritime professionals are concerned about this risk vector, up from 56% in 2023.

DNV’s new report Maritime Cyber Priority 2024/25: Managing Cyber Risk to Enable Innovation, identifies four key challenges for the sector:

Ensure access to experienced resources that know how to build and implement cyber security resilience in the design of new systems and vessels

Enhance detection and response capabilities to minimize the consequences of marine operational technology (OT) systems

Assign clear roles, responsibilities and resources to handle OT cyber security in a continuous manner onboard and onshore

Secure the many interdependencies and components in complex supply chains

The vast majority of maritime professionals (95%) call for more collaboration on cybersecurity among organizations within critical infrastructure industries.

“The maritime industry and other critical infrastructure sectors need to take big steps forward in openly sharing cyber security experiences – the good, the bad and the ugly – to collectively create security best practice guidance,” says Einarsson.

Download a free copy of the report here.

Cyber Priority 

DNV Cyber’s Cyber Priority research explores the changing attitudes and approaches to cyber security in key industrial sectors. The latest edition of the research for 2024/25 draws on a cross-sector survey of more than 1,150 professionals, conducted in September and October 2024.

The report Maritime Cyber Priority 2024/25: Managing Cyber Risk to Enable Innovation explores the views of almost 500 maritime professionals who responded to the survey, complemented by in-depth interviews and analysis from industry leaders and DNV Cyber experts.

About DNV
DNV is an independent assurance and risk management provider, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry standards, and inspires and invents solutions.

DNV combines specialist sector knowledge of with engineering expertise and information system best practice to secure critical infrastructure projects and operations from cyber threats. The company provides many of the world’s most successful and forward-thinking companies with clear and practical advice to uncover their cyber risks, build a powerful force of defence against threats, recover from attacks, and unite stakeholders behind cyber security programmes that everyone can believe in. Learn more at: dnv.com/cybersecurity

DNV in the maritime industry 
DNV is the world’s leading classification society and a recognized advisor for the maritime industry. We enhance safety, quality, energy efficiency and environmental performance of the global shipping industry – across all vessel types and offshore structures. We invest heavily in research and development to find solutions, together with the industry, that address strategic, operational or regulatory challenges. For more information visit: www.dnv.com/maritime

Share this!