Odd Arne Kristengård is the CEO of Maritech, a provider of software and analytic tools to the seafood industry based in Molde, Norway. Eldar Lorentzen Lillevik is a cyber partner at PwC, an international professional services firm.
The global seafood industry’s global revenue thus far amounts to USD 544.2 billion (EUR 517.6 billion). That enormous value makes the industry more attractive than ever – as a target for cybercriminals.
In response, more seafood companies must put security high on the agenda – both in daily operations and in the context of the board.
One in four companies in the world have been hacked, and 46 percent have experienced some form of fraud or economic crime during the last 24 months, according to PwC’s Global Economic Crime and Fraud Survey 2022. The survey found 1,296 executives across 53 countries agreed there is a rising cyber-security threat from external perpetrators – bad actors quickly growing in strength and effectiveness.
According to the survey, cybercrime poses the biggest threat across all organizations. Organized criminals are emerging with greater financial muscles and broader networks than before.
So far, there have been few known, serious attacks in the global seafood industry. But this can cause a false sense of security, especially for many small and medium-sized companies with few or no dedicated IT resources.
"No one can think anymore that this is not happening to us,” Maritech CEO Odd Arne Kristengård said. “In our daily work at Maritech, we experience that many companies are proactive and take action to reduce the risk of attacks. At the same time, we see the need to remind even more people to prioritize this – both in terms of planning, mapping possible incidents, system evaluations, and raising the awareness of employees. As a software supplier to large parts of the industry, we see, for example, that there is great variation in the requirements and questions customers ask us. We therefore want to challenge even more people to discuss security in the future, both internally and with us and other partners. With the volumes and tight time margins that are in the seafood value chain, it goes without saying that the consequences of, for example, downtime, sabotage, espionage, or extortion can quickly become dramatic.”
According to Eldar Lorentzen Lillevik, a cyber partner at PwC, said many seafood companies lack the internal resources to adequately protect themselves.
"The seafood industry is used to investing in growth and taking good care of its values. At the same time, they have never been as exposed as they are now. The threat picture is becoming more and more complex, there is big money involved, and many companies are highly visible and have a high degree of international transactions. Seafood CEOs and owners are sober and hardworking, they want good, robust, and secure goods and services, including digital ones. But many do not have the skills they need to protect their business and are vulnerable due to lack of competence among employees, and great competition for professional resources,” he said.
"There are also many companies who still operate their systems themselves, locally, who should rather switch to the cloud and benefit from security and application support from, for example, Microsoft. This is something we see in most industries," he said. "There is no single answer to how to solve IT operations, but it is all the more important that you make a thorough evaluation of what you think is as right and secure as possible for the company you lead. And this is a managerial responsibility, which cannot lie with the IT department or operations managers alone. Cyber security must be an issue for both management and the board.”
Lillevik has the following recommendations for the seafood industry:
Do a risk assessment: Set aside some time and discuss which digital events can inflict extra pain on your business. Will our smolt die? What about the logistics? What happens in the event of a breakdown in the freezing plant?
Ask your suppliers: How do you work with security? Here, the supplier should be able to confidently detail how they work, how they test themselves, and whether they have attestations and certifications.
Practice: Focused training for incidents that are particularly serious, such as fraud, attacks on operating facilities, ransomware attacks that lock all systems, or theft of sensitive information.
Photos courtesy of PWC, Maritech
