We have seen significant interest from fleet operators on the CMA CGM cyber attack. It has taken CMA CGM 2 weeks to get their customer-facing systems back online. Fleet operators are starting to ask themselves questions about their own organisation’s resilience to a similar cyber attack.

In response to this, we have produced a two-part Special Report on the questions management should be asking IT teams in light of this latest attack, and how IT teams should answer them.


CMA CGM has taken nearly two weeks to recover from their cyber attack. Shipping leadership teams are looking to their own organisations’ preparedness. But how do you navigate such a technical subject in order to make the right decisions on cyber risk management?

As a shipping leader confronted with escalating cyber risk, sticking your head in the sand is no longer acceptable. Nor is it commercially viable. Cyber attacks in shipping are no longer an anomaly. CMA CGM is just the latest victim. It has taken nearly 2 weeks for them to restore their online customer systems. It will take a while before they fully understand whether losses are as severe as the much publicised $300m of the Maersk attack.

There is no way to be 100% secure. So the realistic approach is to make intelligent choices based on risk, prioritising investment in defences based on the criticality of the systems that could be affected.

Easily said, but much harder to achieve in practice.

The key to unlocking this approach is to set up a constructive, continuous dialogue with the IT team on cyber risk. One that is structured around having a business oriented understanding of the risks, rather than a technical analysis of them. It must be informed by a realistic view of the likelihood and potential impact of cyber attacks on critical business processes.

Given the urgency and present danger following the cyber attack on CMA CGM, where do you start? These are 6 questions you should be asking your team and the nature of the discussions you should be having in light of their responses.

No, this isn’t a stupid question.

Cyber attackers often repeat their attacks, with minor variations. It is simply more cost effective for them. They know that through a combination of inertia, indifference or stubbornness, organisations can be slow to act. So they have a window of opportunity.

Most shipping organisations are likely to fall victim to a similar attack, given the sector’s low level of cyber maturity. So it is useful to focus discussions on the likelihood and impact. This enables a meaningful discussion about how much cyber risk you are willing to live with or to what extent you should invest in risk mitigation.

The temptation is to focus on systems and applications. It is far more useful at the management level to focus discussions on potential operational disruptions and the responsibilities for response and recovery.

Consider where manual overrides exist to mitigate the risks by providing backup processes. Bringing together Technical, Commercial and Operations teams for a discussion on potential impact will be important, as the IT team may have limited knowledge of how key applications are being used and relied on in day to day operations.

Vessel IT systems and applications are definitely vulnerable to the same attack techniques used on CMA CGM. The focus for discussions should be on how reliant your onboard operations are on these applications, how prepared the crew are to revert to manual back-up processes, the level of shoreside support required and the financial impact of such disruptions.

Keeping a pulse on international shipping cybersecurity policy developments provides a bellwether for inspection requirements. A few recent developments in the US are worth noting. The US Treasury Department has threatened steep fines for companies involved in negotiations with ransomware extortionists. In addition, the US Department of Energy is extending a cyber maturity assessment framework, currently used in the energy sector, for assessing maritime organisations transporting energy products.

Given the volume of cyber attacks on maritime organisations this year, there is likely to be increasing focus from authorities worldwide over the coming months.

Supply chain cyber risk is frequently forgotten. This is where a cyber attack on your suppliers’ systems affects your operations directly or indirectly.

Many shipping businesses will grind to a halt if they can no longer operate their eCommerce web portal, cargo tracking systems, crew management systems, ship management software, procurement systems or vessel reporting systems. It will be important to explore how quickly the business can replace these with manual contingency plans.

The immediate focus is to shut down the vulnerabilities exploited by the attackers in the CMA CGM attack. Repeat attacks are common and good for business for the criminals. More permanently, there is an opportunity to use this as a catalyst to improve the cyber risk management of your organisation across land and sea.

Cybersecurity does not need to be expensive for a shipping sector that is already hit with wave after wave of challenges. Making intelligent, risk-based choices underpinned by a positive cybersecurity culture will go a long way.

That starts with having the right internal dialogue.