The Daily View: Cyber complacency — an accident waiting to happen
Your latest edition of Lloyd’s List’s Daily View — the essential briefing on the stories shaping shipping
CYBER risk is not news to shipping. Everyone knows the threat, has heard doom-mongering scenarios set out by worried looking chief technology officers, and understands how expensive it is to have to re-boot an entire global company.
If the past few years have taught us anything it’s that global supply chains are vulnerable.
The energy value chain is under siege, digitally speaking, fending off attacks on a daily basis. Their spend in cyber defence is commensurate with the threat they face. In shipping that is not the case.
At some point that bad actor is going to find it easier to poke the soft underbelly of that value chain and shipping is currently looking very vulnerable.
The problem is that, as maritime deploys digital solutions more widely, the likelihood and risk of disruptive cyber attacks increases.
Cyber incidents — including IT outages, ransomware and data breaches — are routinely ranked as the most important risks globally by insurance risk analysts, and even in the maritime space the slow dawning realisation of vulnerability is now catching on.
The industry polls acknowledge that cyber threats are now at least seen as a rising risk, but the same polls also reveal decreasing confidence in maritime’s ability to mitigate the effects, perhaps reflecting growing awareness of the risks posed.
When asked, shipping industry professionals seem pretty happy to accept a bit of extra cyber risk, if it means they can innovate faster. As this week’s podcast points out, we have a much higher appetite for cyber risks than comparable industries, and yet the vast majority also see that the training and investment is just not there.
This is mainly a matter of commercial risk appetite, coupled with well documented industry-wide myopia. But cyber exposure will grow unless robust standards are implemented and enforced. While current International Maritime Organization measures are non-mandatory, impending International Association of Class Societies’ Unified Requirements will at least place requirements on newbuilding vessels for secure systems and integration from this year onwards.
Beyond that though, the biggest catalyst towards taking the threat seriously will inevitably only come after the long-anticipated, but ill-considered cyber attack hits.
At that point, it’s going to take more than turning it off and back on again.
Richard Meade
Editor-in-chief, Lloyd’s List