“Shipping companies will not truly deal with the increasing risk of Cyber attack until executive boards and senior management fully understand the risks and face up to the challenge” – Harry Theochari, Chairman of Maritime UK
The maritime industry is undergoing unprecedented change as it embraces digitization and automation in order to benefit from operational efficiencies and productivity. In recent years centuries of traditional ways of working have started to be replaced by digital solutions and innovations in technology, on land and at sea. Inevitably this progress has led to growing exposure to Cyber threats, highlighting the importance of the industry protecting itself from this increasing risk.
Threat actors recognise the substantial damage and disruption a Cyber-attack can cause to a business; indeed, recent incidents involving some of the industry’s biggest players have sent shockwaves that are still reverberating across the sector. Increasingly, the importance of demonstrating adequate leadership on the Cyber agenda is coming to the fore at both an organisational and global industry level.
Recognising the need for an effective and sustainable response, the International Maritime Organization (IMO), has been trying to raise the awareness of the industry to these risks by providing guidance (such as in the Guidelines on maritime Cyber risk management MSC-FAL.1/Circ.3) and by IMO Resolution MSC.428 (98) encouraging flag states to require that shipowners and ship operators address these risks as part of the ISM code safety management requirements, by early 2021. The guidance states that stakeholders must “raise awareness on the Cyber risk”; “embed a culture of Cyber risk awareness”; “respond quickly to a Cyber incident” and “notify other parties quickly”. This takes organisation, training and investment to be done effectively.
The implementation of these measures within organisations requires proactive leadership from the Board as it constitutes a serious business risk. Raising awareness requires a good understanding at the Board level of the Cyber landscape encompassing the threats, opportunities and risks to the organisation. Embedding a culture of risk awareness requires education and training of employees and a strategy that makes clear the investment and value the Board places on this. Having the capability to respond and recover in the event of an incident requires robust planning and practice that involves the Board and other key stakeholders in order to mitigate the financial, regulatory and reputational risks to the organisation.
Demystifying Cyber jargon, understanding the industry threat landscape, reviewing governance and the latest regulations, determining the risk parameters and appropriate mitigations – all are key to enabling informed decision making at the Board level. In an environment that is evolving at pace, it is best practice therefore for Boards to undertake regular Cyber briefings from a distinguished and accredited provider.
Templar Executives has an outstanding track record in providing GCHQ Certified Board level briefings to private and public sector organisations across a range of industries including Maritime through our world class Templar Cyber Academy. These privileged customised briefings are delivered to our global clients by qualified individuals who have been Board members themselves, and support Boards in ensuring Cyber is understood as a leadership agenda and addressed through the organisation’s essential business environment.