An opportune attack but how big is the problem?

###This week’s cyber attack which has affected many shipping organisations including the world’s largest container liner operator came at what must have been the most opportune moment for some speakers at TOC Europe in Amsterdam.

Speaking at the TOC Europe Container Supply Chain conference, Lars Jensen, CEO of cyber security specialist CyberKeel said the attack could throw global supply chains into chaos. Jensen said the attack illustrated the inherent digital weakness of the shipping industry.

No way does this imply that Maersk had insufficient security, if someone wants to hack you they will find a way. What it does mean is that shipping needs to build resilience into its digital products. It’s not about building a system and laying a security system over the top, but building security up front when you begin to develop a system – which, I’m afraid, is likely to cost more,” he said.

Given the extent of the problem that has been experienced this week, there are some in shipping who might be taking that warning very seriously. However, some things need to be put into perspective.

Container operations, indeed liner operations in general, are quite unique in that each ship could have several thousand boxes from almost as many shippers on board and there will be an equivalent number of receivers involved as well. That is very different from a bulk carrier or tanker which will likely only have one shipper and receiver to worry about for each voyage.

Then there is fleet size to consider as well. It cannot be disputed that there are some very big ship operators out there, but the average fleet size spread across all operators is only around 10 ships. The problem for the average operator is therefore likely to be a number of orders of magnitude lower than for the big container lines.

In fact, some of the more traditional owners who have been quite happy keeping track of things with a manual system may well decide that the age of digitalisation – at least for cargo and related commercial purposes – is something that is not for them.