Jones Walker Hero Banner

US Ports and Terminals Sustain Increased
Cybersecurity Attacks 

Jones Walker LLP Releases Results of Third Cybersecurity Survey

Heather Hughes Quote

NEW ORLEANS, October 4, 2022 — Jones Walker LLP today publicly released the findings of its 2022 Ports and Terminals Cybersecurity Survey, examining cybersecurity preparedness in US-based ports and terminals. The report outlining the results of the survey is authored by four of the firm’s attorneys and the findings will be presented by two of them, Jim Kearns and Andy Lee, during the Inland Rivers, Ports & Terminals (IRPT) conference in Tulsa, Oklahoma at 2:30 pm Central Daylight Time today.

The economic effects of the COVID-19 pandemic, the war in Eastern Europe and other geopolitical events, supply chain disruptions, labor shortages, rising inflation, and rapidly escalating energy prices have brought increased focus on this key industry. The results of the 2022 survey reflect the responses of 125 senior executives of blue- and brown-water and terminals across the United States and confirm that cybersecurity is a growing concern for owners and operators of ports and maritime terminals.

This survey is the national law firm’s third on the topic of cybersecurity for infrastructure-related industries. In 2018, the firm’s first survey focused on the greater maritime industry. The second survey, in 2020, focused on the midstream oil and gas sector, another critical infrastructure industry.

Capt Andy Meyers Quote

CAPT ANDY MEYERS, U.S. Coast Guard, Chief of the Office of Port and Facility Compliance

View More Commentary

Key findings of the Jones Walker Ports and Terminals Cybersecurity Survey, include:

  • Confidence Is High in a Threat Rich Environment
    Despite 90% of port and terminal respondents reporting preparedness, 74% of respondents indicated that their systems or data had been the target of an attempted or successful breach within the past year.
  • Take a Clear-Eyed View of Potential Threats
    Fear of ransomware appears to be outpacing actual ransomware events. Although 45% of survey respondents named ransomware as the biggest perceived threat, only 20% of respondents whose organizations had been victimized by a cyber attack cited ransomware as the primary attack vector. For actual cyber attacks, survey participants primarily directed blame at solo hackers and organized criminal groups as the top threat actors facing the ports and terminals sector, with nation-state affiliated groups as a close third.
  • Make a Plan, Test the Plan, Update the Plan
    Although 73% of respondents reported having a written Incident Response Plan (IRP), only 21% noted that their IRP had been updated within the past year. Similarly, 50% of respondents said that their facility conducted IRP tabletop exercises irregularly or not at all.
  • People and Communication are Key 
    When asked about the frequency of cybersecurity training, the annual industry standard was met by only 57% of the blue-water respondents, and by only 25% of the brown-water respondents.

At its core, cybersecurity is a human challenge and leaders in this sector have a strong commitment to protecting this essential element of our nation’s maritime transportation infrastructure. Law enforcement and other government agencies, industry associations, and other public and private entities offer tools — many of them at little to no cost — to guard against, prepare for, and recover from cyber-attacks from any source.

The 2022 Ports and Terminals Cybersecurity Survey is available for download on the Jones Walker website.

Analysis and Commentary from the Jones Walker LLP authors:

Seventy Four Percent Quote

74% of respondents indicated that their systems or data had been the target of an attempted or successful breach within the past year

FSP Chart Infographic

27%, or more than one-fourth, of all blue-water and brown-water facilities reported that they do not yet address cybersecurity in their facility security plans

Ransomeware Chart

Only 20% of respondents whose organizations had been victimized by a cyber-attack reported that ransomware was the primary attack vector.

Andy Lee, partner and head of Jones Walker’s Privacy & Data Security team:
“The need for cybersecurity at the nation’s ports and maritime terminals is more pressing than ever. This industry is critical to the country’s economic health and is an enticing target for threat actors seeking to disrupt critical infrastructure.”

Ford Wogan, partner in Jones Walker’s Maritime Practice Group:
“What’s most surprising is that, despite 90% of respondents reporting they’re prepared to withstand cybersecurity threats in 2022, this year’s survey uncovered a significant increase from 2018 in terms of reported cyber-attacks amongst maritime industry stakeholders – from 43% in 2018 to 74% in 2022.”

Jim Kearns, special counsel in Jones Walker’s Maritime Practice Group: 
“It is concerning to learn that 27%, or more than one-fourth, of all blue-water and brown-water facilities reported that they do not yet address cybersecurity in their facility security plans. For ports and terminals to be cyber secure – not just ‘cyber-aware’ -- it’s critical that they have up-to-date plans, train their people, and communicate effectively both internally and with others in their industry.”

Ilsa Luther, associate in Jones Walker’s Maritime Practice Group:
“A lot of resources and attention are focused on ransomware as one of the primary cyber threats. However, we uncovered that only 20% of respondents whose organizations had been victimized by a cyber-attack reported that ransomware was the primary attack vector.”

About Jones Walker
Jones Walker LLP (joneswalker.com) is among the largest 135 law firms in the United States. With offices in Alabama, Arizona, the District of Columbia, Florida, Georgia, Louisiana, Mississippi, New York, and Texas, we serve local, regional, national, and international business interests. The firm is committed to providing a comprehensive range of legal services to major multinational public and private corporations, Fortune® 500 companies, money center banks, worldwide insurers, and emerging companies doing business in the United States and abroad.

The firm’s Maritime Practice Group provides cross-spectrum transactional, regulatory, and dispute-resolution counsel to clients across the industry spectrum, from traditional blue water, offshore, and inland markets. The team represent ports and terminal clients, as well as vessel owners, cargo interests, and shippers engaged in domestic and international shipping and offshore drilling, transport, production activities, and onshore and port-related activities. With one of the largest groups of maritime-focused attorneys in the United States, the team is nationally ranked and recognized in marine finance, litigation, and regulatory as a leading law firm by national and international publications such as Chambers USA and The Legal 500 United States.

The firm’s Privacy & Data Security team is committed to helping companies become cyber-ready and to identify, prevent, and respond to the full spectrum of data-breach and privacy risks. The team works with clients to develop and audit data security policies and provides guidance to help clients achieve or enhance their cyber resilience, as well as in cyber breach recovery and remediation. The team has published three national cybersecurity surveys examining the nation’s critical infrastructure’s cyber resilience.

**The Jones Walker sources quoted in this news release are available for interviews and private briefings. Please follow a discussion about our 2022 Ports and Terminals Cybersecurity Survey on social media: #JonesWalkerCyberSurvey and #PortCyberSurvey.

Contact:
Savannah Kirk
225.248.3435
[email protected]

Mary Margaret Gorman
504.473.333
[email protected]