A new report published by Thetius, DNV’s CyberOwl and global law form HFW finds that only 1 in 6 shipowners fully understand what a cyber-secure vessel should look like upon delivery, highlighting a critical gap in the industry’s approach to maritime cybersecurity.

‘The Lifecycle Dilemma: Navigating Cybersecurity Risks Across Designing, Constructing and Operating a Vessel’ delves into the shifting risks and disconnected approaches in cybersecurity across each stage from initial design through to its operation and maintenance. It outlines the roles, responsibilities, challenges and misconceptions of various stakeholders at each stage of the vessel lifecycle.

The report launches at a time of growing cyber risks for the shipping industry. Increasingly sophisticated cyber criminals and new system vulnerabilities are arising as a result of a more connected world. Designing a vessel with cybersecurity in mind is not just optional but a necessity.

The Lifecycle Dilemma emphasises the need to embed cybersecurity into every stage of a vessel’s lifecycle, starting with a secure-by-design approach.

This report consolidates the opinions of more than 150 stakeholders, including shipowners, charterers, OEMs, seafarers, insurers, shipyards, and other cybersecurity experts. It provides a detailed assessment of the current and anticipated cybersecurity challenges. It evaluates the industry's responsiveness to evolving regulatory demands and technological progress, emphasising the critical need for integrated cybersecurity practices throughout the vessel lifecycle, from initial design to ongoing maintenance.

Key findings include:

- The proportion of shipping companies paying ransom has halved (7% within the last 12 months vs 14%).

- Large ransom demands are being rejected - the average ransom paid was now US$100k (vs US$3.2m previously).

- 17% of shipyards feel they have adequate in-house cybersecurity expertise to design and construct a cyber-secure vessel.

- 10% of OEMs incorporate security-by-design in new systems. This leaves owners unaware and vulnerable to potential risks in critical systems.

- 32% of shipowners include cybersecurity in their newbuild teams. Many smaller companies assign cyber responsibilities to personnel that may lack cybersecurity knowledge.

“With one in five shipping companies facing a cyberattack in the last 12 months, our landmark report could not be more relevant,” says Tom Walters (pictured), HFW Partner. “The shipping industry is increasingly relying on technology for its operations, and with this comes greater exposure from external threat actors. It is vital that companies operating at every stage of the vessel lifecycle take action to protect themselves from the continuing threat.

“Our new report provides an insight into the current industry trends and aims to empower firms to act to mitigate these risks."

“It’s clear from the research we are entering an era of expertise,” says Daniel Ng, CEO, CyberOwl, a DNV company. “Point solutions and one-off initiatives for vessel cybersecurity will no longer cut it. Risks evolve across each stage of the vessel lifecycle. Regulation increasingly demands end-to-end thinking.

“Now, more than ever, shipowners need to make the right choices, supported by the right domain expertise. Decisions made at design have consequences in the total cost to operate.”

Report highlights maritime industry’s urgent need to tackle growing cybersecurity threats

Columbia Group appoints Simona Toma as Chief of Maritime HR

Maritime framework in focus as Jamaica develops its maritime services