DNV
Company Details
Linkedin ID:
dnv
Website:
Employees number:
22,456
Number of followers:
615,328
NAICS:
92219
Industry Type:
Homepage:
dnv.com
IP Addresses:
0
Company ID:
DNV_1524730
Scan Status:
In-progress
DNV Company CyberSecurity Posture
dnv.com
DNV is the independent expert in risk management and assurance, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry benchmarks, and inspires and invents solutions. Whether assessing a new ship design, optimizing the performance of a wind farm, analyzing sensor data from a gas pipeline or certifying a food company’s supply chain, DNV enables its customers and their stakeholders to make critical decisions with confidence. Driven by its purpose, to safeguard life, property, and the environment, DNV helps tackle the challenges and global transformations facing its customers and the world today and is a trusted voice for many of the world’s most successful and forward-thinking companies. DNV uses cookies. For more information, please visit https://www.dnv.com/privacy/change-cookie-settings.html
DNV A.I CyberSecurity Scoring
DNV Risk Score (AI oriented)Between 700 and 749
DNV
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DNV Global Score (TPRM)XXXX
DNV
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DNV Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
DNV
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In January 2023, Oslo-based DNV a leading global maritime classification society and risk management provider fell victim to a ransomware attack on January 7, forcing the shutdown of IT servers linked to its ShipManager system. The incident disrupted operations for 70 customers, impacting approximately 1,000 vessels reliant on the system for navigation, safety, and compliance management. DNV initiated daily communications with affected clients, providing updates from ongoing forensic investigations. While the attack caused significant operational disruptions potentially halting vessel management, logistical coordination, and regulatory compliance the company did not confirm whether sensitive customer or proprietary data was exfiltrated. The shutdown of critical IT infrastructure posed risks to maritime safety, supply chain continuity, and DNV’s reputation as a trusted industry authority. Recovery efforts focused on restoring systems while mitigating further propagation of the ransomware.
DNV Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DNV
Incidents vs Public Safety Industry Average (This Year)
No incidents recorded for DNV in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for DNV in 2026.
Incident Types DNV vs Public Safety Industry Avg (This Year)
No incidents recorded for DNV in 2026.
Incident History — DNV (X = Date, Y = Severity)
DNV cyber incidents detection timeline including parent company and subsidiaries
DNV Company Subsidiaries
DNV is the independent expert in risk management and assurance, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry benchmarks, and inspires and invents solutions. Whether assessing a new ship design, optimizing the performance of a wind farm, analyzing sensor data from a gas pipeline or certifying a food company’s supply chain, DNV enables its customers and their stakeholders to make critical decisions with confidence. Driven by its purpose, to safeguard life, property, and the environment, DNV helps tackle the challenges and global transformations facing its customers and the world today and is a trusted voice for many of the world’s most successful and forward-thinking companies. DNV uses cookies. For more information, please visit https://www.dnv.com/privacy/change-cookie-settings.html
Loading...
DNV Similar Companies
TÜV Rheinland Group
Neutral, independent third party For more than 150 years, TÜV Rheinland has stood for ensuring quality, safety, and efficiency in conjunction with people, the environment, and technology. As a neutral, independent third party, we test, accompany, develop, promote and certify products, plants, proc
TÜV SÜD
TÜV SÜD is the trusted partner of choice for safety, security and sustainability solutions. Our community of experts is passionate about technology and united by the belief that technology should better people’s lives. We work alongside our customers to anticipate and capitalize on technological d
DEKRA
For 100 years, DEKRA has been a trusted name in safety. Founded in 1925 with the original goal of improving road safety through vehicle inspections, DEKRA has grown to become the world's largest independent, non-listed expert organization in the field of testing, inspection, and certification. Today
.png)
DNV CyberSecurity News
September 15, 2025 07:00 AM
DNV details ‘SteganoAmor’ malware campaign used against Iranian oil and gas traders, extends to maritime operators
CyberOwl, a DNV company, uncovered a sophisticated phishing and malware campaign targeting Iranian oil and gas trading organizations,...
July 15, 2025 07:00 AM
NIS2: A catalyst for improving maritime cybersecurity
The new EU Cybersecurity Directive (NIS2) strengthens cyber resilience across critical infrastructure and mandates operators to maintain an...
May 09, 2025 07:00 AM
Cybersecurity: European solar power plants under pressure
A report by the European solar association SolarPower Europe highlights the cybersecurity challenges of PV installations in the European Union.
May 01, 2025 07:00 AM
ESMC Warns of Cybersecurity Risks in Europe’s Solar Infrastructure Due to Chinese Inverters
The European Solar Manufacturing Council (ESMC) urges immediate EU action to address cybersecurity threats posed by Chinese-made PV...
April 17, 2025 07:00 AM
AI could enhance or harm the wind industry’s cybersecurity
The wind industry is undergoing a digital transformation to optimise energy production, reduce costs and enhance operational efficiency.
April 05, 2025 01:30 AM
Energy cyber priorities for 2025
DNV's annual survey and analysis finds that even as the energy industry becomes more mature in its cybersecurity posture, it needs to continue to strengthen...
March 28, 2025 07:00 AM
DNV reports half of critical infrastructure firms lack supply chain visibility, exposing them to cyber threats
New research from DNV identified that half of critical infrastructure organizations are not sure where their supply chain is,...
March 27, 2025 07:00 AM
Moxa Network and Communication Devices Certified With DNV Type Approval of Security Profile 2 and IEC 61162-460
Moxa Network and Communication Devices Certified With DNV Type Approval of Security Profile 2 and IEC 61162-460.
January 22, 2025 08:00 AM
DNV report highlights increased OT cybersecurity investment in energy sector due to escalating threats
DNV report highlights increased OT cybersecurity investment in energy sector due to escalating threats.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DNV CyberSecurity History Information
Official Website of DNV
The official website of DNV is https://www.dnv.com.
DNV’s AI-Generated Cybersecurity Score
According to Rankiteo, DNV’s AI-generated cybersecurity score is 745, reflecting their Moderate security posture.
How many security badges does DNV’ have ?
According to Rankiteo, DNV currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has DNV been affected by any supply chain cyber incidents ?
According to Rankiteo, DNV has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does DNV have SOC 2 Type 1 certification ?
According to Rankiteo, DNV is not certified under SOC 2 Type 1.
Does DNV have SOC 2 Type 2 certification ?
According to Rankiteo, DNV does not hold a SOC 2 Type 2 certification.
Does DNV comply with GDPR ?
According to Rankiteo, DNV is not listed as GDPR compliant.
Does DNV have PCI DSS certification ?
According to Rankiteo, DNV does not currently maintain PCI DSS compliance.
Does DNV comply with HIPAA ?
According to Rankiteo, DNV is not compliant with HIPAA regulations.
Does DNV have ISO 27001 certification ?
According to Rankiteo,DNV is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of DNV
DNV operates primarily in the Public Safety industry.
Number of Employees at DNV
DNV employs approximately 22,456 people worldwide.
Subsidiaries Owned by DNV
DNV presently has no subsidiaries across any sectors.
DNV’s LinkedIn Followers
DNV’s official LinkedIn profile has approximately 615,328 followers.
NAICS Classification of DNV
DNV is classified under the NAICS code 92219, which corresponds to Other Justice, Public Order, and Safety Activities.
DNV’s Presence on Crunchbase
Yes, DNV has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/dnv.
DNV’s Presence on LinkedIn
Yes, DNV maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dnv.
Cybersecurity Incidents Involving DNV
As of January 24, 2026, Rankiteo reports that DNV has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
DNV has an estimated 2,093 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at DNV ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does DNV detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with shut down it servers connected to shipmanager system, and communication strategy with daily updates to 70 affected customers on forensic investigation findings..
Incident Details
Can you provide details on each incident ?
Title: DNV Ransomware Attack (January 2023)
Description: In January 2023, Oslo-based DNV – one of the world’s largest maritime organizations – was hit with ransomware on the evening of January 7 and was forced to shut down the IT servers connected to their ShipManager system. DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total, around 1000 vessels are affected.
Date Detected: 2023-01-07
Date Publicly Disclosed: 2023-01-07
Type: Ransomware
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware DNV905092125
Systems Affected: ShipManager system
Operational Impact: 1000 vessels affected; IT servers shut down
Which entities were affected by each incident ?
Incident : Ransomware DNV905092125
Entity Name: DNV
Entity Type: Organization
Industry: Maritime
Location: Oslo, Norway
Customers Affected: 70
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware DNV905092125
Incident Response Plan Activated: True
Containment Measures: Shut down IT servers connected to ShipManager system
Communication Strategy: Daily updates to 70 affected customers on forensic investigation findings
Data Breach Information
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by shut down it servers connected to shipmanager system and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware DNV905092125
Data Encryption: True
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware DNV905092125
Investigation Status: Ongoing (as of January 2023 disclosure)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Daily updates to 70 affected customers on forensic investigation findings.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware DNV905092125
Customer Advisories: Daily updates provided to 70 affected customers
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Daily updates provided to 70 affected customers.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-01-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-01-07.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was ShipManager system.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Shut down IT servers connected to ShipManager system.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (as of January 2023 disclosure).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Daily updates provided to 70 affected customers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
Azure Entra ID Elevation of Privilege Vulnerability
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Risk Information
cvss4
Base: 2.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dnv' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
