Cybercrime: ‘Superyachts are in the infancy of cybersecurity’

“Cybersecurity is a real concern for superyachts,” warns Immarsat’s Peter Broadhurst.

Time spent on a superyacht is time to switch off. If you are sailing away from the pressures of land into familiar waters with a trusted crew, it is hard to imagine a situation where you could feel safer. But what about the growing threat of cybercrime?

“Cyber risks are a very real concern for superyachts,” is the warning from  Peter Broadhurst, Immarsat’s senior vice president safety & security, yacht and passenger. “Superyachts are in the infancy of cybersecurity,” Broadhurst told Superyacht Investor’s London 2020 conference last week.

Not only are superyachts a demonstrable sign of wealth and an obvious target, they are generally some of the easiest targets for cybercrime. “There are probably more cybersecurity measures in this hotel than on most yachts,” said Campbell Murray, Blackberry’s technical director, who joined Broadhurst on the conference panel ‘Stopping cyber attacks’.

So, does the vessel moored 100m from your luxury yacht’s starboard side pose any risk. Could cybercriminals aboard her seize control of all your navigation systems within 30 minutes? This is certainly one of the biggest risks superyachts face, panellists agreed.

Seize control of all navigation systems

The question is, how do you ensure your yacht is safe? Sadly, there is no one right answer. Broadhurst explains: “Every yacht is built differently, so you have to identify what your specific risks are on board.”

This can range from a basic firewall protecting the on-board server from being easily breached to someone intercepting data from a crew member’s iPhone with a simple phishing email. And the software used to achieve this is cheap, with good ransomware being available online for about $25. Considering the net worth of people aboard a superyacht, this seems like a good investment.

Whilst there are basic legal requirements for yacht cybersecurity, the panel urged delegates to have their systems properly assessed.

Have the systems properly assessed

Keith Campbell of CyberPrism said: “It only takes a few days to establish a good security system, it is not enough just to be compliant with regulation. Don’t wait for the regulations to become more stringent, start now and implement good cyber security.”

Malcom Taylor, ITC Secure director cyber security, highlighted the difference between compliance and security. “Compliance and security are two different things,” he said. “In corporate environments, people achieve accreditation then put their feet up saying we are done. People now use these requirements as a guide, not a basis.”

Superyacht Investor’s London 2020 conference took place at The Landmark London between February 5th and February 6th.

Meanwhile, superyachts are “prime targets” for cyber criminals, according to research conducted by business data security firm Specops Software.