There is no single solution to managing cyber risks. It is a collaboration involving people, processes and IT systems. Establishing awareness in all levels of an organisation is the important first step when implementing cyber security management.
Cyber breach is placed among the top operational risks by management consultants such as KPMG, EY and risk.net. A Plymouth University article shows that outdated systems can be a vulnerability for many vessel operators. Law firms are also warning against the rise in cyber-crime targeting the shipping industry. The accelerating rate of technological changes provides criminals with endless opportunities to gain access to unsecured systems. Increased connectivity to onshore facilities, more cloud computing, the use of connected networks instead of isolated computers, ‘bringing your own device’ (BYOD), use of social media and the Internet of Things – all contribute to the growing risk.
What types of cyber attacks could happen in the maritime industry?
There have been many examples of cyber security incidents in the maritime industry:
What are the consequences of a maritime cyber attack?
In 2015, Lloyd's of London estimated that cyber attacks cost companies USD 400 billion every year. In addition to financial loss, the consequences are wide-ranging:
Cyber risk on the agenda
With increasing digitisation, we are seeing signs of a holistic approach from a broad spectrum of organisations:
Where can you start?
The weakest link is the human factor: Most cyber attacks rely on human errors to succeed, and according to DNV GL, 97 per cent of attacks exploit human emotions to trick a user into revealing valuable information (social engineering). At Gard we strive to protect the interests of our Members and clients in the best possible way. We are developing an internal Information Security Management System to protect the confidentiality, integrity and accessibility of our organisation's information through measures relating to people, processes and IT systems. This October, we marked the international cyber security month with various activities to raise awareness about the risks we face and how each individual can help prevent attacks.
We suggest that our Members, clients and business partners arrange similar international cyber security awareness activities to foster awareness within their organisations. More guidance and resources on how to get started are available on gard.no.
Questions or comments concerning this Gard Insight article can be e-mailed to the Gard Editorial Team.