Most maritime professionals (61%) believe the industry should accept increased cyber risk from digitalisation if it enables innovation and new technologies.
This is the finding of DNV’s new report, Maritime Cyber Priority 2024/25: Managing Cyber Risk to Enable Innovation, which shows that appetite to take on emerging risks arising from digital transformation is notably higher than other critical infrastructure industries including energy, manufacturing and healthcare.
The industry’s increasing appetite for cyber risk comes at a time when it must manage a growing volume of vulnerabilities.
Seven in 10 (71%) of the almost 500 maritime professionals surveyed by DNV believe their organisations’ industrial assets are more vulnerable to cyberattacks than ever before, while the same proportion (71%) say the leaders of their organisations consider cybersecurity to be the greatest risk their business faces.
“In the maritime industry, we must match our ambitions for digital transformation and decarbonisation with a steadfast commitment to securing our people, the vessels and the systems we rely on,” said DNV Maritime CEO Knut Ørbeck-Nilssen.
“Cyberattacks represent a growing threat to the safety of the maritime industry today. We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.”
Shipowners, ports, and the entire maritime value chain are increasingly reliant on ever more connected digital technologies as the industry transforms to become greener, safer, and more efficient.
Maritime professionals point to advanced data analytics, the internet of things, AI and machine learning, high-bandwidth satellite communications, and autonomous operations as presenting the greatest opportunities for their businesses in the coming years.
While interconnectivity and new technologies bring opportunities, they also make the industry more vulnerable to cyberattacks.
Maritime professionals are confident the industry is managing the risk. More than eight in 10 (83%) say their organisation has a good cybersecurity posture, and seven in 10 (71%) are confident their organisation would quickly get back to business as normal following a cyberattack.
Contributing to this confidence, almost three quarters of maritime professionals (73%) report that their organisation is increasing cybersecurity spending compared to last year.
A majority say their organisation has prepared against potential outcomes such as asset downtime and disruption to operations, theft of sensitive data, physical injury or loss of life, and a grounded vessel.
While industry awareness of cyber risk and cybersecurity investment has grown rapidly, there are signs of a false sense of security within the maritime industry.
Only half (53%) of those surveyed are confident their organisation can demonstrate full visibility of supply chain vulnerabilities, a concern given the recent rise in cyberattacks targeting supply chains.
Additionally, 68% believe their organisation’s IT security is stronger than its operational technology (OT) security – which is linked to physical assets like sensors, programmable logic controllers (PLC), and enables automation, safety and navigation systems. Some 76% say that the cybersecurity training that their organisation provides is not advanced enough to protect against sophisticated threats.
DNV Cyber Head of Maritime Cybersecurity, Svante Einarsson, said organisations may feel they are prepared as more resources are being deployed to manage cyber risk, but the reality is more complex.
“Businesses have a sophisticated adversary to contend with, which complicates the picture significantly. We need to protect both IT and OT, and be ready to respond should an attack be successful,” Einarsson said.
Concerns are heightened among maritime professionals due to geopolitical tensions, but also because of growing criminal activity. A notable trend is the increase in concern related to criminal gangs that have identified the huge profit potential from ransomware attacks: 79% of maritime professionals are concerned about this risk vector, up from 56% in 2023.
DNV’s report identifies four key challenges for the sector to fight cybercrime:
- Ensure access to experienced resources that know how to build and implement cybersecurity resilience in the design of new systems and vessels
- Enhance detection and response capabilities to minimise the consequences of marine OT systems
- Assign clear roles, responsibilities and resources to handle OT cybersecurity in a continuous manner onboard and onshore
- Secure the many interdependencies and components in complex supply chains
DNV found that the majority of maritime professionals (95%) called for more collaboration on cybersecurity among organisations within critical infrastructure industries.
“The maritime industry and other critical infrastructure sectors need to take big steps forward in openly sharing cybersecurity experiences – the good, the bad and the ugly – to collectively create security best practice guidance,” Einarsson said.
