Company Details
dnv
22,456
615,328
92219
dnv.com
0
DNV_1524730
In-progress


DNV Company CyberSecurity Posture
dnv.comDNV is the independent expert in risk management and assurance, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry benchmarks, and inspires and invents solutions. Whether assessing a new ship design, optimizing the performance of a wind farm, analyzing sensor data from a gas pipeline or certifying a food company’s supply chain, DNV enables its customers and their stakeholders to make critical decisions with confidence. Driven by its purpose, to safeguard life, property, and the environment, DNV helps tackle the challenges and global transformations facing its customers and the world today and is a trusted voice for many of the world’s most successful and forward-thinking companies. DNV uses cookies. For more information, please visit https://www.dnv.com/privacy/change-cookie-settings.html
Company Details
dnv
22,456
615,328
92219
dnv.com
0
DNV_1524730
In-progress
Between 700 and 749

DNV Global Score (TPRM)XXXX

Description: In January 2023, Oslo-based DNV a leading global maritime classification society and risk management provider fell victim to a ransomware attack on January 7, forcing the shutdown of IT servers linked to its ShipManager system. The incident disrupted operations for 70 customers, impacting approximately 1,000 vessels reliant on the system for navigation, safety, and compliance management. DNV initiated daily communications with affected clients, providing updates from ongoing forensic investigations. While the attack caused significant operational disruptions potentially halting vessel management, logistical coordination, and regulatory compliance the company did not confirm whether sensitive customer or proprietary data was exfiltrated. The shutdown of critical IT infrastructure posed risks to maritime safety, supply chain continuity, and DNV’s reputation as a trusted industry authority. Recovery efforts focused on restoring systems while mitigating further propagation of the ransomware.


No incidents recorded for DNV in 2026.
No incidents recorded for DNV in 2026.
No incidents recorded for DNV in 2026.
DNV cyber incidents detection timeline including parent company and subsidiaries

DNV is the independent expert in risk management and assurance, operating in more than 100 countries. Through its broad experience and deep expertise DNV advances safety and sustainable performance, sets industry benchmarks, and inspires and invents solutions. Whether assessing a new ship design, optimizing the performance of a wind farm, analyzing sensor data from a gas pipeline or certifying a food company’s supply chain, DNV enables its customers and their stakeholders to make critical decisions with confidence. Driven by its purpose, to safeguard life, property, and the environment, DNV helps tackle the challenges and global transformations facing its customers and the world today and is a trusted voice for many of the world’s most successful and forward-thinking companies. DNV uses cookies. For more information, please visit https://www.dnv.com/privacy/change-cookie-settings.html


Neutral, independent third party For more than 150 years, TÜV Rheinland has stood for ensuring quality, safety, and efficiency in conjunction with people, the environment, and technology. As a neutral, independent third party, we test, accompany, develop, promote and certify products, plants, proc

TÜV SÜD is the trusted partner of choice for safety, security and sustainability solutions. Our community of experts is passionate about technology and united by the belief that technology should better people’s lives. We work alongside our customers to anticipate and capitalize on technological d

For 100 years, DEKRA has been a trusted name in safety. Founded in 1925 with the original goal of improving road safety through vehicle inspections, DEKRA has grown to become the world's largest independent, non-listed expert organization in the field of testing, inspection, and certification. Today
.png)
CyberOwl, a DNV company, uncovered a sophisticated phishing and malware campaign targeting Iranian oil and gas trading organizations,...
The new EU Cybersecurity Directive (NIS2) strengthens cyber resilience across critical infrastructure and mandates operators to maintain an...
A report by the European solar association SolarPower Europe highlights the cybersecurity challenges of PV installations in the European Union.
The European Solar Manufacturing Council (ESMC) urges immediate EU action to address cybersecurity threats posed by Chinese-made PV...
The wind industry is undergoing a digital transformation to optimise energy production, reduce costs and enhance operational efficiency.
DNV's annual survey and analysis finds that even as the energy industry becomes more mature in its cybersecurity posture, it needs to continue to strengthen...
New research from DNV identified that half of critical infrastructure organizations are not sure where their supply chain is,...
Moxa Network and Communication Devices Certified With DNV Type Approval of Security Profile 2 and IEC 61162-460.
DNV report highlights increased OT cybersecurity investment in energy sector due to escalating threats.

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of DNV is https://www.dnv.com.
According to Rankiteo, DNV’s AI-generated cybersecurity score is 745, reflecting their Moderate security posture.
According to Rankiteo, DNV currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, DNV has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
According to Rankiteo, DNV is not certified under SOC 2 Type 1.
According to Rankiteo, DNV does not hold a SOC 2 Type 2 certification.
According to Rankiteo, DNV is not listed as GDPR compliant.
According to Rankiteo, DNV does not currently maintain PCI DSS compliance.
According to Rankiteo, DNV is not compliant with HIPAA regulations.
According to Rankiteo,DNV is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
DNV operates primarily in the Public Safety industry.
DNV employs approximately 22,456 people worldwide.
DNV presently has no subsidiaries across any sectors.
DNV’s official LinkedIn profile has approximately 615,328 followers.
DNV is classified under the NAICS code 92219, which corresponds to Other Justice, Public Order, and Safety Activities.
Yes, DNV has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/dnv.
Yes, DNV maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dnv.
As of January 24, 2026, Rankiteo reports that DNV has experienced 1 cybersecurity incidents.
DNV has an estimated 2,093 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with shut down it servers connected to shipmanager system, and communication strategy with daily updates to 70 affected customers on forensic investigation findings..
Title: DNV Ransomware Attack (January 2023)
Description: In January 2023, Oslo-based DNV – one of the world’s largest maritime organizations – was hit with ransomware on the evening of January 7 and was forced to shut down the IT servers connected to their ShipManager system. DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total, around 1000 vessels are affected.
Date Detected: 2023-01-07
Date Publicly Disclosed: 2023-01-07
Type: Ransomware
Common Attack Types: The most common types of attacks the company has faced is Ransomware.

Systems Affected: ShipManager system
Operational Impact: 1000 vessels affected; IT servers shut down

Entity Name: DNV
Entity Type: Organization
Industry: Maritime
Location: Oslo, Norway
Customers Affected: 70

Incident Response Plan Activated: True
Containment Measures: Shut down IT servers connected to ShipManager system
Communication Strategy: Daily updates to 70 affected customers on forensic investigation findings
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by shut down it servers connected to shipmanager system and .

Data Encryption: True

Investigation Status: Ongoing (as of January 2023 disclosure)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Daily updates to 70 affected customers on forensic investigation findings.

Customer Advisories: Daily updates provided to 70 affected customers
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Daily updates provided to 70 affected customers.
Most Recent Incident Detected: The most recent incident detected was on 2023-01-07.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-01-07.
Most Significant System Affected: The most significant system affected in an incident was ShipManager system.
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Shut down IT servers connected to ShipManager system.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (as of January 2023 disclosure).
Most Recent Customer Advisory: The most recent customer advisory issued was an Daily updates provided to 70 affected customers.
.png)
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Azure Entra ID Elevation of Privilege Vulnerability
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.

Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.