Cyber Security and Data Protection
We have continued to increase our cyber security maturity during 2020. During the year, we continued with the implementation of a Wilhelmsen Cyber Security Framework building on the National Institute of Technology (NIST) Cyber Security Framework (CSF) and Center for Internet Security (CIS) Controls.
24/7 security operations capabilities have been strengthened by hiring resources and partnering with one of Europe’s largest managed security service providers. A vulnerability assessment of all internet facing resources has been conducted and internal guidelines for secure application development put in place.
Ship Management also focused on preparations to meet with IMO 2021 Maritime Cyber Risk Management in Safety Management Systems requirements, which comes into force on 1 January 2021.
A mandatory cyber security awareness program was conducted during the year for all employees, with a 95% completion rate by year end. Ship Management also extends training to crew to manage the intricacies of onboard technology and report anomalies to their respective vessel IT managers.
In 2021, we will continue to strengthen our cyber security maturity by a continued focus on governance, risk management, security awareness, security architecture and security operations.
During the year, GDPR practices have been in place and managed through our internal network of personal data protection administrators. The global data protection officer processed 30 enquiries and incidents, approximately half of the previous year. In 2021, we will conduct an audit of GDPR compliance and address findings.
Target 2020 |
Result 2020 |
Target 2021 |
Establish cyber security framework based on NIST CSF and CIS controls |
Framework in place |
Continuous improvement in cyber security maturity |
100 % completion rate for cyber security awareness training |
95% onshore |
95% completion rate for cyber security awareness training |