ABSTRACT
Cyber-breach is a real risk to all businesses, whether the businesses are large or small, marine or non-marine. If cyber-risk management is adopted as a central tenant of corporate culture, the resultant network structuring decisions and risk-mitigation protocols can (most likely will) have an impact on service delivery. Viewing cyber-risk as simply an information technology issue is as misguided as considering the safe operation of a ship as simply a main engine issue. Increased awareness of cyber-risk does not always translate into action. This is not necessarily because boards do not want to grasp this issue, rather that cyber-risk management has not traditionally been a core business governance function in the same way that finance, sales or marketing has been. Risk can remain and emerge despite significant investment in cyber-risk management tools. Complacency can set in; investing in the Cyber Risk Management is the beginning, not the end, of the journey.
