Stormy seas ahead? Maritime industry unprepared for cyber attacks, survey says

Cyberattacks on the maritime industry could expose client data and have far-reaching collateral consequence.

The shipping industry needs to take cyber security far more seriously, according to a survey that emerged — like a red sky in the morning — and the warning is not just for the maritime folks, but for any company that has dealings with them.

Cyber attacks on the maritime industry could expose client data and have far-reaching collateral consequences for an array of U.S. businesses that are involved in importing, exporting or otherwise have ties to the shipping world.

General lack of preparedness

While nearly 40% of all the survey respondents said their maritime company had been targeted in a cyber attack in the past year, an alarming 64% indicated that their companies weren’t prepared to deal with the fallout from a data breach.

That’s according to Jones Walker, which surveyed 126 executives, chief information and technology officers, managers and other leaders for American port operators, cargo shipping companies and ship owners and operators. The latter group accounted for 60% of the survey respondents.

April Danos, information technology director for Louisiana’s Port Fourchon, said in a statement that the results of the survey “demonstrate that every maritime industry stakeholder needs to assess its vulnerability to a cyber attack, take preventive action and determine how it will respond.”

Chasm between small & large maritime companies

Digging deeper into the survey results revealed not just a general lack of preparedness, but also a chasm between small and large maritime companies, the former of which were far less confident about their cybersecurity shields or their ability to respond to an incident.

Only 6% of the respondents from small companies and 19% of those from midsize companies said they were prepared to prevent a breach.

Meanwhile, 100% of the large company reps said they were ready. And that’s good, because 80% of those same companies reported that they were targeted in cyber attacks over the past year. Maybe that’s why 97% of the large companies reported that they carry cyber insurance coverage.

No cyber insurance reported by most small & mid-size companies

By contrast, the vast majority — 92% — of small companies and 69% of the mid-sizers reported that they had no cyber insurance. The survey suggested they are far less likely to be cyber attack targets, however: 83% of small companies and 60% of midsize companies said they weren’t targeted in the past year.

In 2012, then-FBI Director Robert Mueller famously said there “were only two types of companies: Those that have been hacked and those that will be.” So, just because it hasn’t happened doesn’t mean it won’t.

Martin Davies, a professor of admiralty law and director at Tulane University’s Maritime Law Center, stated that the survey “provides evidence of a worrying level of complacency among maritime industry operators about cyberattacks.”

He called for industry and political leaders to take action.

Plans to increase cybersecurity budgets

Other findings from the survey:

• Large and midsize companies view external attacks, such as malware and ransomware, as the biggest threat, while small companies were more concerned about internal negligence.
• Large companies reported that 31% of the cyberattacks they’d experienced in the past year were successful. Five percent of midsize companies reported successful breaches and small companies said they had not been breached.
• A majority of respondents from companies in all three size brackets said they planned to increase their cybersecurity budgets in the coming year.