Lloyd's List warns: insufficient cyber security
Three out of four in the shipping industry do not think that enough is being done to spread awareness about the risk of cyber attacks, while every third lacks knowledge of what measures to take if attacked. This should set off the alarm bells, Lloyd's List writes in a new report.
Last week, there was a total halt in India's largest state port, Jawaharlal Nehru, after being subjected to a major cyber attack. A further attack hit the American logistics company Expeditors, which had to shut down its systems worldwide.
Cyber attacks are today more or less every day news. And much has been done to raise awareness. Maersk, which was subjected to a comprehensive and well-publicized attack in 2017, has, for example, have made cyber security a top priority, while the IMO (which has also seen its systems fall into the hands of hackers) introduced its first comprehensive guidelines in this area last year.
However, that is not enough. With a shipping industry that increasingly relies on digital systems, both the scope for attack and the vulnerability of the industry are expanding, Lloyd's List writes in the report Cyber security, which is based on an industry-wide survey - representatives of shipping companies, consultants, finance companies, academia and logistics companies have responded.
One in five respondents answered that their company has been subjected to a cyber attack in the last three years, and a majority believe that the industry's measures leave much to be desired. Only a quarter of those surveyed (26%) think that the shipping industry is doing enough to combat or spread awareness of the threat of cyberattacks, while a fifth emphasize that "much more needs to be done".
Bill Egerton of the cyber insurance company Astaara, says in the report that the majority of the larger shipping companies take appropriate measures and have the capacity to defend themselves against attacks. Those who need to worry are the smaller players.
“It is often thought that they are too small to be noticed, but this is not size dependent. If you are on the internet, you are a target, ”he says.
Another worrying result of the survey, according to Lloyd's List, is that almost half of all respondents stated that they were not offered any cybersecurity training. Perhaps even more worrying was that a third of respondents either did not know how their companies worked with cybersecurity or even thought they were prepared for an attack.
“This is about life and safety on board ships and if training is not carried out, we have a serious problem. You can not ignore the need to have people trained in cyber security ", says Bill Egerton.