Cyber security

Cyber security is in essence IT security. We take a holistic and multi-layered approach to systematically reduce cyber security risks onshore and onboard the vessels we manage.

We work closely with ship owners, ships' crew and employees onshore to enforce and build a strong cyber protection.

 

UNSDG

Target 2020

Result 2020

Target 2021

E-WEB-Goal-16

100% completion rate in cyber security training

  • 99% completion rate in cyber security training

100% completion rate for cyber security awareness training

Establish cyber security framework based on NIST CSF and CIS controls

Framework in place

 

Continue to be committed to protect the data that we collect and work with. Greater focus on empowering employees and crew with the right knowledge and tools to heighten their risk mitigation behaviour.

Heighten awareness of cybersecurity for all employees, customers and suppliers.

Continuous improvement in cyber security maturity

Key figures

Cyber security campaign

  2020 2019 2018
Cyber security training completion rate for all employees 99% 70% n/a

 

Measures to strengthen cyber security

We have continued to increase our cyber security maturity during 2020. During the year, we continued with the implementation of a Wilhelmsen Cyber Security Framework building on the National Institute of Technology (NIST) Cyber Security Framework (CSF) and Center for Internet Security (CIS) Controls. 

24/7 security operations capabilities have been strengthened by hiring resources and partnering with one of Europe’s largest managed security service providers. A vulnerability assessment of all internet facing resources has been conducted and internal guidelines for secure application development put in place.

We are also focused on preparations to meet with IMO 2021 Maritime Cyber Risk Management in Safety Management Systems requirements, which came into force on 1 January 2021.

A mandatory cyber security awareness program was conducted during the year for all employees, with a 95% completion rate by year end. We have also extended the training to crew to manage the intricacies of onboard technology and report anomalies to their respective vessel IT managers.

In 2021, we will continue to strengthen our cyber security maturity by a continued focus on governance, risk management, security awareness, security architecture and security operations.

During the year, GDPR practices have been in place and managed through our internal network of personal data protection administrators. In 2021, we will conduct an audit of GDPR compliance and address findings.

Webinar

We hosted a webinar on cyber security for customers to raise their awareness on the potential cyber security threat that they may face‚Äč. The webinar was open to all employees of our customers' organizations focusing on strengthening the first level of defense against cyber attacks, which is the human element. Over 140 participants joined the webinar.

With this webinar, we hope to do our part in collectively lift the industry's defense against cyber security crime.

Continuous communication to safeguard the business and customer data

  • Cyber security wall

    In 2019, an onshore cyber resilience assessment concluded that we are on par with the rest of the maritime industry. Our 24/7/365 detection and response capabilities were increased, as well as security solutions on computers and servers. We also conducted an IT penetration test onshore and on selected groups of vessels.

  • Building a cyber safety net

    We look at Industrial Revolution 4.0 where electronic systems including unmanned vehicles, augmented reality, the Internet of Things (IoT), sensor technology, geo-spatial technology and artificial intelligence, the biggest threat to this advancement is cyber security.

    How it's done
  • Training for all

    Our cyber security awareness training is mandatory for our people to recognize unusual phishing activities and prioritize data protection. Our training also extends to crew to manage the intricacies of onboard technology and report anomalies to their respective vessel IT managers. The training empowers them with right knowledge and tools to stay vigilant. We aim to cultivate a culture where cyber security is everyone’s responsibility.

Return to Sustainability report

Back to homepage