Cyber Security and Data Protection

Our focus is to implement a cyber security framework; strengthen operational measures; and increase employee competence in cyber risk prevention behavior.

We have continued to increase our cyber security maturity during 2020. During the year, we continued with the implementation of a Wilhelmsen Cyber Security Framework building on the National Institute of Technology (NIST) Cyber Security Framework (CSF) and Center for Internet Security (CIS) Controls.  

24/7 security operations capabilities have been strengthened by hiring resources and partnering with one of Europe’s largest managed security service providers. A vulnerability assessment of all internet facing resources has been conducted and internal guidelines for secure application development put in place.

Ship Management also focused on preparations to meet with IMO 2021 Maritime Cyber Risk Management in Safety Management Systems requirements, which comes into force on 1 January 2021.

A mandatory cyber security awareness program was conducted during the year for all employees, with a 95% completion rate by year end. Ship Management also extends training to crew to manage the intricacies of onboard technology and report anomalies to their respective vessel IT managers.

In 2021, we will continue to strengthen our cyber security maturity by a continued focus on governance, risk management, security awareness, security architecture and security operations.

During the year, GDPR practices have been in place and managed through our internal network of personal data protection administrators. The global data protection officer processed 30 enquiries and incidents, approximately half of the previous year.  In 2021, we will conduct an audit of GDPR compliance and address findings.

Target 2020

Result 2020

Target 2021

Establish cyber security framework based on NIST CSF and CIS controls

Framework in place

Continuous improvement in cyber security maturity

100 % completion rate for cyber security awareness training  

95% onshore

95% completion rate for cyber security awareness training