Fathom World

Mapping the transformation of shipping and the oceans

Digital & ElectronicsFeatured

Has shipping bought into cyber security needs?Covid-19 may answer that

Shipping companies may have begun using more technologies in recent months, with vessel operators claiming greater use of digital solutions, but with their uptake these systems and communication and data storage tools offer greater cyber security risks according to AXIS Insurance underwriter Georgie Furness-Smith. Samantha Fisk reports on whether the risk of new attacks are growing.

Shipping has been relatively slow over recent years to adopt digital technologies, taking and more “wait and see” approach to new solutions coming on to the market. Because of this, cyber security hasn’t always been at the forefront of the shipping industry. However, with the 2017 cyber attack on Maersk companies have been starting to take a more proactive approach to its cyber security. Georgie Furness-Smith, Cyber Underwriter at Axis Insurance.“Following this [attack], BIMCO gave seven verified examples of cyber incidents that had occurred onboard ships to highlight the fact that the problem really existed.”

In 2018, a maritime cyber security survey by IHS Markit/BIMCO revealed that 58% of respondents confirmed that cyber security guidelines had been incorporated into their company or fleet, up from 37% the previous year.

The main challenge for the industry is the lack of reporting cyber incidents, which Furness-Smith says can give a false sense of security. But, adds that there are also now organisations such as Be Cyber Aware at Sea and CSO Alliance gathering anonymous data to highlight the scale of the problem.

However, Furness-Smith adds: “Each time a cyber event hits the industry there is an obvious reaction, and with companies such as Toll Group being hit by ransomware twice in 2020, this is a trend that is unlikely to pass.”Due to the recent Covid-19 pandemic response, some companies in the industry adopted digital technologies at a faster rate, something that is expected to contoue once things return to more of a normal situation. The adoption of more technology has also seen companies conduct more business remotely and Furness-Smith says this has led to multiple attack vectors or an increase in the ways in which criminals are attacking companies.

In a world where many industries have already started to adopt digital solutions and cyber security solution, shipping companies that are late to respond could find themselves on the back foot if they are not up to speed, and seen as an easy target.

“The world is ready to digitalise; the introduction of 5G globally, the increased use of video conferencing, and an overall cultural shift of wanting to work from home more have meant that shipping companies find themselves in a position of increased risk and decreased revenues,” Furness-Smith adds.

She comments that the difference with the shipping industry is that it might fail to survive if they come under a cyber attack due to its “balancing risk vs reward and critical investment decisions in cyber security.”

Covid-19’s cyber risk

Data will be a crucial factor, even from a crew healthcare perspective, as ship operators and owners respond to coronavirus risks. Capturing this data, Furness-Smith also highlights, will bring further development for regulations surrounding this data and its usage.

Maritime is starting to better understand cyber security and the potential threats that it has for companies, but again Furness-Smith notes that: “Shipping is a target, not only from criminals carrying out devastating ransomware attacks but also from nation-state actors wishing to disrupt logistics as a whole.”

Guidelines have been put in place from bodies such as BIMCO, INTERTANKO and INTERCARGO with Furness-Smith, adding that there has been a lot of development in the last 6-12 months around the understanding of these guidelines.

Furness-Smith also notes that the IMO resolution on Maritime Cyber Risk Management in Safety Management System (SMS) has been a significant development for the industry, which is due to come into effect in 2021. “With less than six months until the resolution is in effect, the level of awareness has never been higher, although there is still noteworthy progress yet to be made,” she says.

About Author