Almost 80% of large U.S. maritime industry companies (more than 400 employees) reported that cyberattackers targeted their companies within the past year, according to a maritime cybersecurity survey released today.
The inaugural Maritime Cybersecurity Survey from New Orleans-based Jones Walker LLP said that rapidly evolving technologies deployed throughout the U.S. maritime industry to increase efficiencies and competitiveness present significant cybersecurity risks, which the industry is unprepared to shoulder.
Survey participants included 126 senior executives, chief information and technology officers, non-executive security and compliance leaders, and key managers from U.S. maritime companies of all sizes
“The U.S. maritime industry is sailing too close to the wind when it comes to cybersecurity," said Andrew Lee, partner at Jones Walker and one of the co-authors of the Maritime Cybersecurity Survey White Paper. "While industry stakeholders are educated and aware of the severe implications of a cyberattack, in many respects they are unprepared for the severe fallout from a major cyberattack.”
Key findings from the survey include:
- The U.S. maritime industry is being targeted. Nearly 80% of large U.S. maritime industry companies (more than 400 employees), and 38% of all industry respondents reported that cyberattackers targeted their companies within the past year. 10% of survey respondents reported that the data breach was successful, while 28% reported a thwarted attempt.
- There is a false sense of preparedness in the U.S. maritime industry. 69% of respondents expressed confidence in the maritime industry's overall cybersecurity readiness, yet 64% indicated that their own companies are unprepared to handle the far-reaching business, financial, regulatory, and public relations consequences of a data breach.
- Small and midsize companies are far less prepared than larger companies to respond to a cybersecurity breach. All of the respondents from large organizations indicated they are prepared to prevent a data breach, while only 6% of small company (one to 49 employees) respondents and 19% of midsize company (50 to 400 employees) respondents said they were prepared.
- Small and midsize companies lack even the most fundamental protections, exposing them to huge potential losses. 92% of small company and 69% of midsize company respondents confirmed they have no cyberinsurance. In contrast, 97% of large company respondents have cyberinsurance coverage.
“For many companies – especially smaller and midsized companies – there are gaps in implementing fundamental cybersecurity procedures, including crucial training for employees and testing of cybersecurity systems,” Lee said.
Hansford Wogan, Maritime Attorney & Co-Author of the Maritime Cybersecurity Survey White Paper, Jones Walker LLP:
“The survey strongly illustrates that industry preparedness is dependent on two factors: company size and recent experience as a cyberattack target,” said Hansford Wogan, a Jones Walker maritime attorney and a co-author of the survey. “There are enormous risks to the industry as a whole. Yet, the survey indicates that only the larger U.S. maritime industry companies seem to have this threat on their radar, while the smaller and mid-sized companies are mostly unprepared.”
Martin J. Davies, director of the Tulane Maritime Law Center, Tulane University Law School, said the survey provides evidence of a worrying level of complacency among maritime industry operators about cyberattacks. "Although the financial consequences of data breaches can be crippling, the survey shows that few in the maritime industry are adequately prepared to guard against them, or to respond effectively if an attack occurs," he said. "The survey shows unequivocally that action in relation to cybersecurity is urgently needed, by both industry and political leaders.”