DNV: Maritime appetite for cyber risk higher than other key industries

The maritime sector’s appetite to take on emerging risks arising from digital transformation is notably higher than other critical infrastructure industries including energy, manufacturing and healthcare, according to a new report published by the classification society DNV.

The report, Maritime Cyber Priority 2024/25: Managing Cyber Risk to Enable Innovation, found that the majority (61%) of maritime professionals believe the industry should accept increased cyber risk from digitalization if it enables innovation and new technologies.

As disclosed, seven in 10 (71%) of the almost 500 maritime professionals surveyed by DNV believe their organizations’ industrial assets are more vulnerable to cyber-attacks than ever before, while the same proportion (71%) say the leaders of their organizations consider cyber security to be the greatest risk their business faces.

Knut Ørbeck-Nilssen, CEO of Maritime at DNV, commented: “In the maritime industry, we must match our ambitions for digital transformation and decarbonization with a steadfast commitment to securing our people, the vessels and the systems we rely on. Cyber-attacks represent a growing threat to the safety of the maritime industry today. We can innovate, progress, and take a lead in ensuring the resilience of our businesses and societies, but only if we truly manage cyber risk.”

The entire maritime value chain is increasingly reliant on digital technologies as the industry transforms to become greener, safer and more efficient, DNV noted, adding that maritime professionals point to advanced data analytics, the internet of things, AI and machine learning, high-bandwidth satellite communications and autonomous operations as presenting the greatest opportunities for their businesses in the coming years.

The classification society said that maritime professionals are confident the industry is managing the risk: “More than eight in 10 (83%) say their organization has a good cyber security posture, and seven in 10 (71%) are confident their organization would quickly get back to business as normal following a cyber-attack.”

However, there are also signs of a false sense of security within the industry, according to DNV: “Only half (53%) of those surveyed are confident their organization can demonstrate full visibility of supply chain vulnerabilities, a concern given the recent rise in cyber-attacks targeting supply chains. Additionally, 68% believe their organization’s IT security is stronger than its operational technology (OT) security… Some 76% say that the cyber security training that their organization provides is not advanced enough to protect against sophisticated threats.”

Svante Einarsson, Head of Maritime Cybersecurity at DNV Cyber, stated: “Organizations may feel they are prepared as more resources are being deployed to manage cyber risk, but the reality is more complex than that. Businesses have a sophisticated adversary to contend with, which complicates the picture significantly. We need to protect both IT and OT, and be ready to respond should an attack be successful.”

DNV’s report identified four key challenges for the sector:

• Ensure access to experienced resources that know how to build and implement cyber security resilience in the design of new systems and vessels.
• Enhance detection and response capabilities to minimize the consequences of marine operational technology (OT) systems.
• Assign clear roles, responsibilities and resources to handle OT cyber security in a continuous manner onboard and onshore.
• Secure the many interdependencies and components in complex supply chains.

Einarsson concluded: “The maritime industry and other critical infrastructure sectors need to take big steps forward in openly sharing cyber security experiences – the good, the bad and the ugly – to collectively create security best practice guidance.“