Classification society DNV has acquired CyberOwl, a UK-based cyber security firm, in a move aimed at reassuring shipping companies that security is being taken seriously.
The acquisition, for an undisclosed sum, aims to strengthen DNV’s ability to offer security analytics services and demonstrates the changing role of class in integrating digital solutions into their safety framework.
Shipping already has rules from the International Maritime Organization on cyber security management, and the International Association of Classification Societies has developed unified rules which its members, including DNV, are now enforcing.
All vessels contracted after January this year need to meet new requirements on the resilience of the ship, as well as rules focused on the resilience of onboard systems and equipment.
The requirements put pressure on shipowners and managers to identify, respond to and recover from cyber incidents.
There is also the NIS2 Directive, the European Union cyber-security legislation, which increases pressure on businesses in critical sectors to report incidents instead of staying silent.
DNV said 56% of maritime professionals are confident in their ability to meet cyber-security regulatory requirements. It said that a typical vessel could experience between two and three attacks or cyber incidents a year.
Remi Eriksen, DNV group president and chief executive, said: “Digital technologies must continue to scale for a safer, more efficient and greener maritime industry.
“The benefits of digitalisation and automation cannot be realised without a robust approach to cyber security.”
DNV is no stranger to attacks. Last year, it suffered a ransomware attack that disabled its FleetManager service, with reports that over 1,000 vessels were left without ship management tools.
This is not DNV’s first foray into acquiring cyber-security expertise. Last year, it spent $83m on the acquisition of Finnish firm Nixu.
Nor is it the first class society to buy cyber-security expertise. In 2018, Lloyd’s Register acquired UK cyber-security firm Nettitude.