In short, its not good,
In June 2017 Maersk, the maritime transportation conglomerate (130 countries and 88,000 employees) was attacked by a malicious piece of computer code that infected computers rapidly and fatally. It was a destructive worm that destroyed all the data in the infected computer, for good. Immediately, employees around the world were ordered to shut down computers, some 800 ships were idled. It took three weeks and $300 million to get back to full productivity. Forty-five thousand PCs, four thousand servers had to be replaced.
The NotPetya cyberattack, which was instigated by Russian military hackers, is estimated to have cost $10 billion worldwide, according to a U.S. government estimate.
According to Jones Walker, a New Orleans based law firm, nine out of ten of the small to mid-size maritime companies surveyed are unprepared for a cyberattack.
This segment covers most workboat operations.
The maritime industry historically is a reactive rather than a proactive industry. There is a shift required to get the focus on cybersecurity and it may be starting. The Coast Guard has recently issued recommendations for addressing this issue.
Laptops are ubiquitous in the wheelhouse, as captain and crew send reports and receive updates from shore. Meanwhile, crewmembers are bringing their own devices aboard, and shoreside personnel are using their own devices. Any of these can be a portal to transport malware from one to another computer.
The maritime industry is not a unique one. Many of the companies have been in operation for decades and therefore have been using technology for years.
Without an emphasis on technology, there are many machines running unpatched operating systems out there.
Add that false sense of security, and you’ve created a recipe for a costly disaster.
Others have estimated that cybersecurity breaches can cost upwards of several million dollars.
Cybersecurity must become an operational issue and requires an emphasis from the top. It needs to be addressed in the same way that crew safety is addressed. Simple measures, like routine changing of passwords and two-factor identification protocols are shockingly ignored.
Companies also need to allocate budget to upgrade systems and to keep them secure.
Based on an article in Workboat.