A new report titled "The Lifecycle Dilemma: Navigating Cybersecurity Risks Across Designing, Constructing and Operating a Vessel," published by Thetius, CyberOwl (a DNV Group company), and HFW, highlights a critical gap in the maritime industry, with only 1 in 6 shipowners fully understanding what a cyber-secure vessel should look like upon delivery.

The report examines challenges and approaches to managing cybersecurity across the vessel lifecycle, from initial design to operation and maintenance, detailing the roles, responsibilities, and misconceptions of more than 150 stakeholders, including shipowners, charterers, OEMs, seafarers, insurers, shipyards, and cybersecurity experts.

It underscores the necessity of embedding cybersecurity into every stage, starting with a secure-by-design approach, amid growing cyber risks driven by sophisticated criminals and new system vulnerabilities in an increasingly connected world.

Key findings reveal that the proportion of shipping companies paying ransom has dropped to 7% in the last 12 months from 14%, with the average ransom paid falling to US$500k from US$3.2m as large demands are rejected.

Additionally, 41% of shipyards feel they have adequate in-house cybersecurity expertise to design and construct a cyber-secure vessel, while 10% of OEMs incorporate security-by-design in new systems, leaving owners vulnerable to risks.

Only 32% of shipowners include cybersecurity in their newbuild teams, with many smaller companies assigning responsibilities to personnel lacking relevant knowledge.

The report, set for launch on March 12 at 11:00 am GMT with a live Q&A, aims to drive discussions and actions to enhance cybersecurity protocols and protect global maritime operations.

Tom Walters, Partner at HFW, stated, "With one in five shipping companies facing a cyber attack in the last 12 months, our landmark report could not be more relevant. The shipping industry is increasingly relying on technology for its operations, and with this comes greater exposure from external threat actors. It is vital that companies operating at every stage of the vessel lifecycle take action to protect themselves from the continuing threat. Our new report provides an insight into the current industry trends and aims to empower firms to act to mitigate these risks."

Daniel Ng, CEO of CyberOwl, added, "It’s clear from the research we are entering an era of expertise. Point solutions and one-off initiatives for vessel cybersecurity will no longer cut it. Risks evolve across each stage of the vessel lifecycle. Regulation increasingly demands end-to-end thinking. Now, more than ever, shipowners need to make the right choices, supported by the right domain expertise. Decisions made at design have consequences to the total cost to operate."

Nick Plummer of Thetius noted, "Over the past three years, this research partnership has documented the enormous progress the industry has made on cyber risk management. But there is more to do. This report highlights the need for a more integrated, lifecycle-wide approach that embeds cybersecurity from design through to daily operations. By working together, shipowners, shipyards, and OEMs can strengthen cyber resilience, reduce risks, and ensure safer, more secure vessel operations in an increasingly digital world."

Thetius, founded in 2016 and based in London, is a maritime innovation agency specializing in research and analytics, with a team of 15 experts focusing on cybersecurity and technology trends in shipping.

CyberOwl, established in 2016 and headquartered in Singapore, is a cybersecurity firm under the DNV Group, providing real-time threat monitoring for maritime assets, serving over 500 vessels globally in 2024.

HFW (Holman Fenwick Willan), founded in 1883 and based in London, is a global law firm with over 700 lawyers across 20 offices, offering specialized legal services in maritime and cybersecurity law.