Key findings from the survey include:
- The U.S. maritime industry is being targeted. Nearly 80% of large U.S. maritime industry companies (more than 400 employees), and 38% of all industry respondents reported that cyberattackers targeted their companies within the past year. 10% of survey respondents reported that the data breach was successful, while 28% reported a thwarted attempt.
- There is a false sense of preparedness in the U.S. maritime industry. 69% of respondents expressed confidence in the maritime industry’s overall cybersecurity readiness, yet 64% indicated that their own companies are unprepared to handle the far-reaching business, financial, regulatory, and public relations consequences of a data breach.
- Small and midsize companies are far less prepared than larger companies to respond to a cybersecurity breach. All of the respondents from large organizations indicated they are prepared to prevent a data breach, while only 6% of small company (one to 49 employees) respondents and 19% of midsize company (50 to 400 employees) respondents said they were prepared.
- Small and midsize companies lack even the most fundamental protections, exposing them to huge potential losses. 92% of small company and 69% of midsize company respondents confirmed they have no cyberinsurance. In contrast, 97% of large company respondents have cyberinsurance coverage.
“For many companies – especially smaller and midsized companies – there are gaps in implementing fundamental cybersecurity procedures, including crucial training for employees and testing of cybersecurity systems,” Lee said.
“The survey strongly illustrates that industry preparedness is dependent on two factors: company size and recent experience as a cyberattack target,” said Hansford Wogan, a Jones Walker maritime attorney and a co-author of the survey. “There are enormous risks to the industry as a whole. Yet, the survey indicates that only the larger U.S. maritime industry companies seem to have this threat on their radar, while the smaller and mid-sized companies are mostly unprepared.”