Securing innovation at sea: Cyber risk management for SMEs in ship design
Abstract
This paper examines the critical cybersecurity landscape faced by maritime SMEs engaged in Ship Design, analysing their vulnerability to various cyber threats including ransomware, phishing attacks, and supply chain compromises. Through a comprehensive review of recent industry reports, regulatory frameworks, and cybersecurity incidents, we identify key risk factors and assess their potential impact on SMEs' operations, reputation, and competitive advantage. Our analysis reveals that maritime SMEs face disproportionate challenges in cybersecurity due to resource constraints, complex supply chain relationships, and the increasing sophistication of cyber threats targeting intellectual property. The paper presents a structured approach to cyber risk management based on established frameworks, emphasizing the protection of valuable intellectual property while maintaining operational efficiency. We propose practical recommendations for implementing robust cybersecurity measures within the resource constraints typical of SMEs, including strategies for threat detection, incident response, and recovery planning.
Downloads
References
[2] EUROSTAT, “International trade in goods by mode of transport,” EUROSTAT, 2024.
[3] SEA Europe, “Position Paper on the European Commission’s Communication “Making the most of the EU’s innovative potential. An intellectual property action plan to support the EU’s recovery and resilience,” 19 February 2021. [Online]. Available: https://www.seaeurope.eu/images/files/2021/Posit ion-papers/Regulatory-Affairs/sea-europesposition-paper-on-the-eu-ip-plan.pdf. [Accessed 9 October 2024].
[4] F. Torres Pérez and S. Louredo Casado, “Advantages and Challenges of Intellectual Property Rights Related to the Shipbuilding Process,” Comparative Maritime Law, vol. 61, no. No. 176, pp. 363-386, 2022.
[5] SEA Europe, “SEA Europe’s Position Paper on the European Commission’s new package for IPR Protection,” 7 February 2018. [Online]. Available: https://www.seaeurope.eu/images/files/181/660/290433/3660/4/SEA%20IPR%20
position%20on%20EC%20IPR%20Protection%20package%20FINAL.pdf. [Accessed 9 October 2024].
[6] DNV, “Maritime Cyber Priority: Staying secure in the era of connectivity,” DNV, 2023.
[7] Department for Transport, UK, “Cyber Security Code of Practice for Ships,” Department for Transport, London, 2023.
[8] G. C. Kessler and S. D. Shepard, Maritime Cybersecurity: A Guide for Leaders and Managers, Independently published, 2022.
[9] E. Tijan, M. Jović, S. Aksentijević and A. Pucihar, “Digital transformation in the maritime transport sector,” Technological Forecasting and Social Change, vol. 170, no. September 2021, 120879, 2021.
[10] R. Foote, “Cybersecurity in the Marine Transportation Sector: Protecting Intellectual Property,” Cybaris, vol. 8, no. 2, pp. 231-264, 2017.
[11] European Union Agency for Cybersecurity, “ENISA Threat Landscape: Transport Sector,” 2023.
[12] Mission Secure, “A Comprehensive Guide to Maritime Cybersecurity,” 2023.
[13] Verizon, “2024 Data Breach Investigations Report,” 2024.
[14] M. Kenney and F. Macdonald, “Shifting Tides, Rising Ransoms and Critical Decisions: Progress on maritime cyber risk management maturity,” CyberOwl, HFW & Thetius, 2023.
[15] IBM Security & Ponemon Institute, “Cost of a Data Breach Report 2024,” IBM Corporation, 2024.
[16] I. Progoulakis, P. Rohmeyer and N. Nikitakos, “Cyber Physical Systems Security for Maritime Assets,” Journal of Marine Science and Engineering, vol. 9, no. 12 : 1384, 2021.
[17] National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity,” 2018.
[18] BIMCO et al., Cyber Security Guidelines Onboard Ships, Version 4, 2021
