Survey reveals false sense of cyber security preparedness in US maritime

The survey also found that nearly two in five companies experienced an attempted (28%) or successful (10%) data breach in the past year, and that only a minority of the respondents participate in government and industry initiatives designed to mitigate the risk of a cyber attack.

The survey included responses from 126 senior executives, chief information and technology officers, non-executive security and compliance leaders, and key managers representing small, mid-sized, and large companies.

The results, which were announced at the Marine Technology Society and IEEE OCEANS conference, confirm that rapidly evolving technologies deployed throughout the US maritime industry to increase efficiencies and competitiveness present significant cyber security risks, which the industry is unprepared to shoulder.

The US maritime industry is sailing too close to the wind when it comes to cybersecurity. While industry stakeholders are educated and aware of the severe implications of a cyber attack, in many respects they are unprepared for the severe fallout from a major cyber attack,

...said Andrew Lee, Partner and Co-Chair of the Data Privacy Group & Co-Author of the Maritime Cybersecurity Survey White Paper.

This year’s survey report also outlines what a prepared company looks like and offers guidance on how maritime companies can evaluate and improve cyber readiness.

Key findings

• The US maritime industry is being targeted. Nearly 80% of large US maritime industry companies (more than 400 employees), and 38% of all industry respondents reported that cyber attackers targeted their companies within the past year. 10% of survey respondents reported that the data breach was successful, while 28% reported a thwarted attempt.
• There is a false sense of preparedness in the US maritime industry. 69% of respondents expressed confidence in the maritime industry's overall cybersecurity readiness, yet 64% indicated that their own companies are unprepared to handle the far-reaching business, financial, regulatory, and public relations consequences of a data breach.
• Small and mid-size companies are far less prepared than larger companies to respond to a cybersecurity breach. 100% of respondents from large organizations indicated they are prepared to prevent a data breach, while only 6% of small company (1 to 49 employees) respondents and 19% of mid-size company (50 to 400 employees) respondents indicated preparedness.
• Small and mid-size companies lack even the most fundamental protections, exposing them to huge potential losses. 92% of small company and 69% of mid-size company respondents confirmed they have no cyber insurance. In contrast, 97% of large company respondents have cyber insurance coverage.

There are enormous risks to the industry as a whole. Yet, the survey indicates that only the larger US maritime industry companies seem to have this threat on their radar, while the smaller and mid-sized companies are mostly unprepared. An ounce of prevention in training is worth a pound of a cure in terms of cyber attack readiness, and if every company approached this cybersecurity issue with that mindset, the maritime industry as a whole would be far less at risk,

...noted Hansford Wogan, Maritime Attorney & Co-Author of the Maritime Cybersecurity Survey White Paper.

The results of Jones Walker’s cybersecurity survey demonstrate that every maritime industry stakeholder needs to assess its vulnerability to a cyber attack, take preventive action, and determine how it will respond,

...added April Danos, Director of Information Technology, Port Fourchon, Louisiana & Member of the National Maritime Security Advisory Committee.