Addressing the shortcomings of maritime cyber security

Thought-led article by Richard Menear, CEO of Burning Tree.

The maritime industry plays a vital role in the global economy, with shipping responsible for as much as 90% of trade worldwide.

Unfortunately, the marine sector faces a huge problem: cyber crime.

The rapid digitisation of core functions has had many benefits for seafarers and maritime authorities, but it has also created a web of vulnerabilities for cyber criminals to exploit. And with our latest data indicating a massive 400% increase in weekly cyber events, digital security will likely present significant issues for all major shipping carriers in 2023 and beyond.

So, what is behind the ever-growing list of cyber threats facing the maritime industry, and what are the key considerations for mitigating cyber risk in this sector?

Understanding the causes of maritime cyber crime

The marine sector has been quick to embrace digital transformation, deploying advanced technologies such as artificial intelligence (AI) and the internet of things (IoT) to improve efficiency, reduce carbon emissions and ensure the safety of ships and their cargo.

However, the more marine equipment becomes integrated with technology, the more there is to lose in the event of a breach. Hackers are well aware of this digital dependency and use it to wreak havoc on critical infrastructures, launching an endless barrage of phishing and ransomware attacks on vulnerable systems.

The threat to maritime cyber security has heightened in the last year following Russia’s invasion of Ukraine. Russian-based cyber criminals and state actors are working hard to improve their capabilities, sharing highly advanced cyber weaponry to disrupt communications and conduct cyber espionage across the world.

To make matters worse, the increasing interconnectedness of global supply chains presents new levels of risk. If one chink is compromised, the consequences could ripple far and wide. For example, a cyber attack on Transnet, South Africa’s major port operator, led to the shutdown of multiple port systems across the country. The breach caused weeks of downtime and cost millions of dollars.

Despite these threats, many organisations still rely on outdated, unsupported operating systems for mission-critical functions — from cargo management to navigation. And as the industrial IoT (IIoT) links high-risk devices with countless others in the same network, hackers gain new gateways to extend their reach.

In today’s tech-savvy world, almost anyone could have the power to bring cyber operations to a halt. So, there is no time to waste for marine and offshore authorities to take preventative action with a holistic approach to cyber risk management.

Renewing cyber security efforts in the marine sector

With high inflation and geopolitical tensions reducing maritime freight, many shipping carriers will avoid making cyber security investments to cut costs, leaving a concerning number of systems exposed. So, whilst the cyber security industry struggles with labour shortages, mariners and maritime organisations must assess dynamic risks and fill skills gaps to ensure the safety and continuity of sea-based operations.

The International Maritime Organization (IMO) and other regulatory bodies have enacted several legislations to improve digital security in maritime environments. For example, the IMO Resolution MSC.428(98) came into force in January 2021, requiring ship owners and managers to ensure cyber risk management is included in vessel safety management systems.

However, for these policies to be effective, mariners must begin to see cyber security as a collective responsibility. Around 80 to 90% of cyber attacks are attributed to human error, making training and awareness one of the core elements of protecting individuals, organisations and infrastructures against cyber crime.

On a broader scale, the industry requires action beyond the defence of national and organisational interests. The maritime industry needs digital policing on an international scale to cut off funding for cyber criminals and prevent them from developing malicious software — before it can pose a threat.

We are pleased that many shipping companies are collaborating with western chief information security officers (CISOs) to bring more visibility to these threats. Still, we hope to see organisations developing these relationships in new territories — whilst remaining mindful of potential threat actors in the east.

To read more news and exclusive features see our latest issue here.

Never miss a story… Follow us on:
LinkedIn Security Buyer UK
Twitter logo@SecurityBuyerUK
Facebook@SecbuyerUK

Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Ports

Addressing Physical and Cyber Threats

Joseph Clarke, Assistant Editor of Security Buyer, Simon Barnes of Genetec and Zak Doffman of Digital Barriers emphasise cyber…
Ports

5G+4L autonomous driving make smart port safer

At the end of last year, port congestion caused severe disruptions in global supply chains, leading to stock shortages in many stores
Hanwha

Hanwha Techwin and Assan Port

Protecting international shipping containers in a major port connecting the Eastern Mediterranean and Anatolia with the West.
A smarter future

A smarter future

Security Buyer Middle East takes a look at the progression of Middle Eastern ports towards a smart and AI driven security future 

Greater intelligence, safer ports

How can artificial intelligence and machine learning improve maritime and ports security both on land and sea?  

Greater intelligence, safer ports

How can artificial intelligence and machine learning improve maritime and port security both on land and sea?  
Cybercrime

Shifts in threat landscape amid cybercrime rise

Neustar Security Services has released its 2021 year-in-review “Cyber Threats & Trends Report: Defending Against A New Cybercrime Economy,”

Security teams require more advanced tools to deal with influx of threats

New technology has had a catalytic effect on cybercrime, with hackers increasingly crossing the boundary into the physical security sphere
logistics exercise

PD Ports supports army logistics exercise at Hartlepool

Hartlepool PD port played host to the British Army’s largest logistics exercise of the year, allowing soldiers to practice their readiness for deployment.

PD Ports supports army logistics exercise at Hartlepool

Hartlepool PD port played host to the British Army’s largest logistics exercise of the year, allowing soldiers to practice their readiness for deployment.
Scroll to Top