Skip to main content
What can we help you find?
main content, press tab to continue
Campaign

Cyber spotlights on the marine industry: Identify, assess, protect

Dive into cyber spotlights on notable incidents, latest threats, current trends, and tailored solutions for the marine industry.

This spotlight delivers an overview of the latest cyber risks impacting the sector generally, including recent incidents and emerging threat vectors. We also highlight our insurance solutions that can address the cyber vulnerabilities faced by the marine industry. Use our insights to enhance your organisation’s cyber risk management approach.

What cyber incidents have we seen from the marine industry?

The increasing frequency of these incidents underscores the escalating cyber risks within the marine sector. A thorough understanding of the scope and ramifications of these events are instrumental in refining your organisation’s cyber risk management framework.

On July 19, cybersecurity company CrowdStrike released a software update for Falcon Sensor, their vulnerability scanner designed to detect system intrusions and hacking attempts. Unfortunately, this update contained flaws that disrupted approximately 8.5 million computers worldwide running the Windows operating system. The marine industry's reliance on digital systems for navigation, cargo management, and communication makes it particularly vulnerable to cyberattacks and systemic disruptions. A breach could potentially disrupt global trade routes, port operations, and vessel navigation, leading to significant operational delays, financial losses, and safety risks.

Read more here

A coordinated cyber-attack in April 2024 targeted several key maritime ports and vessels causing a widespread disruption. The incident was ransomware based where malicious software was used to target critical systems and[SL1] exploit vulnerabilities in the Automatic Identification Systems (AIS) onboard ships. Shipowners experienced serve delays due to misrouted cargo and the increased risk of collisions.

Read more here

Australia’s largest port operator suffered a cyber-attack where the threat actor was able to gain unauthorised access to critical systems which were used to coordinate shipping activity.

Read more here

Cyber insurance claims we have seen from the marine industry

Below is a selection of recent anonymised claims managed by WTW.

Siren-icon

Malicious data breach

A phishing attack on a company's network exposed confidential information. The suspected cause of the event was employees clicking on rogue links.

Bank-note-icon

Ransomware attack

A third party gained access to a company's network, encrypting and exfiltrating data. Cyber insurers indemnified the costs incurred by the company.

Server-icon

Payroll data breach

The company’s server, which hosts payroll data was accessed by criminals. The data was published on the internet for an unspecified period.

Hacking-icon

Ship computer systems hacked

The company was able to access specialists under its cyber policy. The affected exchange server was rebuilt.

Laptop-icon

Accidental data breach

The company discovered faulty programming in its network allowing users without authority to access the details of other clients.

Source: WTW proprietary claims data

Our perspective on cyber market trends for the marine industry

  • GPS Interference and AIS Spoofing: Shipowners have a dependency of GPS to navigate voyages efficiently and safely. The U.S Coast Guard Navigation Center data shows an increase in GPS Interference, which can lead to significant consequences such as collisions and severe delays due to misrouted cargo.
  • Increased autonomy in the maritime sector raises cyber risk: The move by shipowners and operators of ports and terminals towards greater reliance on IT and OT to fulfil key aspects of their operation can undoubtedly deliver vital efficiency gains. At the same time, however, this leaves such operations more exposed to malicious cyber activity aimed at disrupting such operations for both financial and political purposes. (The Maritime Executive, Jessie Hamill-Stewart and Andrew Sallay, 2023).
  • Legislation to force change on maritime sectors’ approach to cyber security: The NIS 2 Directive must be implemented by European Union (EU) member states by 17 October 2024. The Directive aims to achieve a common level of cybersecurity across the EU, imposing stricter cyber-security requirements with regard to risk management, incident reporting and the exchange of information. It comes in response to the escalating threats brought on by digital transformation and the rise in cyber-attacks, and replaces the Network and Information Security (NIS) Directive of 2016, which will be repealed with effect from 18 October 2024.

WTW insight:

The cyber insurance market has traditionally had a restricted appetite towards risks within the marine industry due to:

  1. 01

    A high dependency on out dated software, increasing the possibility of vulnerability exploitation.

  2. 02

    Both shipowners and ports and terminals are deemed national infrastructure and play a critical role in the global economy, positioning both operators as potentially higher target.

  3. 03

    Industry unique systemic exposure via the utilisation of common systems/vendors within the supply chain.

  4. 04

    A high dependency on technology both onshore and offshore, leading to increased business interruption exposure.

How WTW can help with identifying, assessing, and protecting your business

CyNav for Ports and Terminals: Navigating your cyber security risks

Our cyber insurance solution for the marine sector, designed to meet the unique requirements of ports and terminals
CyNav: Navigating shipowners’ cyber security risks

CyNav is an award-winning cyber insurance solution for the marine sector, designed to meet the unique requirements of shipowners.

SOLUTION

Concerned, confused, or curious?

WTW is here to help you and your organization identify, assess, and protect itself against cyber risks. Our team of cyber specialists, with years of experience in your industry, will provide you with peace of mind, allowing you to focus on your day-to-day role.

Our Financial, Executive and Professional Risks Capabilities

Financial, Professional and Executive Risks

We specialize in mitigating financial, professional and executive liability risks, enabling you to safeguard your reputation and bolster your business's prosperity.
Cyber Risk Management and Insurance

Safeguard your digital infrastructure and assets against cyber threats with our tailored coverage solutions and experienced teams.
Directors' and Officers' Liability Insurance

D&O insurance provides legal protection and promotes good corporate governance. Consider it as part of your risk management strategy.
Financial Institutions

From an ever-shifting regulatory landscape to the digitalization of the workplace, financial institutions face a complex set of challenges and risks. WTW helps our financial institution clients manage risk, cultivate talent and explore new ways of working.
Mergers and Acquisitions

We partner with you at every stage of the M&A deal making process, whether you are a strategic buyer, seller or a private equity firm that needs people or risk solutions.
Operational Risk Solutions

Helping to bridge the gap between risks and insurance programs for Financial Institutions.
Professional Indemnity Insurance

Our professional indemnity insurance offers tailored risk solutions for legal, financial, construction, and tech professionals, protecting against legal liabilities and financial loss.
Contact us