By
Alex Smith |
Maritime technology specialist SmartSea is calling on the shipping industry to invest more heavily in cybersecurity, highlighting the high rate of attacks and their associated costs.
According to the Baltic and International Maritime Council, more than 80 per cent of shipowners have experienced a cyberattack in the past three years and the average cost of a maritime cyber attack is estimated at $3.1 million. Despite this, only 31 per cent of maritime companies say they have a high level of cybersecurity preparedness. Phishing remains the most effective attack vector, responsible for 91 per cent of successful breaches in the maritime industry.
“The truth is, cybersecurity still lags behind where it needs to be,” said Simon Fotakis, director of technology sales at SmartSea. “We’re seeing advanced ships with cutting-edge green tech but often connected to weak IT infrastructures that are vulnerable to exploitation, espionage, and sabotage. Many in the maritime industry still treat cybersecurity as a checkbox instead of a core capability. It’s a dangerous disconnect from reality as a single intrusion could cripple a fleet and erase years of progress.”
SmartSea suggests that automation, email systems, laptops, onboard servers and business software are potentially easy targets for attack. These systems are typically connected to onshore networks, providing entry points for attackers.
“Attackers don’t always go for the bridge,” says Fotakis. “They go for the inbox!”
To protect maritime assets, Smartsea employs a layered cybersecurity framework. Its Managed Detection and Response service includes Extended Detection and Response agents across vessel and onshore infrastructure, with all logs centralised into an AI-powered Security Information and Event Management system. These tools feed into a dedicated Security Operations Center.
Smartsea is also able to defend clients against state sponsored actors by training crew and staff to spot phishing and social engineering tactics, as well implementing strict access control and multifactor authentication. This is combined with the deployment of email and endpoint security solutions and the performance of cyber maturity assessments that uncover hidden vulnerabilities onboard and onshore.
“There is a need for real-time intelligence sharing across the maritime supply chain, joint incident response planning with live scenario testing, and insurance models that reward genuine cyber maturity rather than ticking compliance boxes”, says Fotakis. “Cybersecurity isn’t just an IT issue, it’s a business and reputational risk. As the industry goes green and more digitally-focused, we must also be more protective of our IT systems onboard or risk losing it all.”