Maritime Cyber Security Is Too Weak

Uploaded on 2025-06-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Despite increasing digital integration the maritime sector remains very vulnerable to cyber threats and attacks. Indeed, there are widespread concerns that even the most advanced ships with cutting-edge green tech are too often connected to weak IT infrastructures that are vulnerable to exploitation, espionage and sabotage.

Now, Simon Fotakis, Director of Technology Sales at SmartSea, has called on the maritime industry to not forget the importance of cyber security.

“The truth is, cyber security still lags behind where it needs to be,” said Fotakis.  “We’re seeing advanced ships with cutting-edge green tech but often connected to weak IT infrastructures that are vulnerable to exploitation, espionage and sabotage.” According the Foatkis, many in the maritime industry still treat cyber security as a checkbox instead of a core capability. "It’s a dangerous disconnect from reality as a single intrusion could cripple a fleet and erase years of progress, Fotakis says.

Despite increasing digital integration, the maritime sector remains highly vulnerable to cyber threats, many of which target poorly protected onboard IT systems rather than core navigation or propulsion infrastructure.

According to the Baltic and International Maritime Council (BIMCO), one of the largest of the international shipping associations representing shipowners, over 80 percent of shipowners have experienced a cyber attack in the past three years, and the average cost of a maritime cyberattack is estimated at $3.1 million. Despite this, only 31 percent of maritime companies say they have a high level of cybersecurity preparedness and phishing remains the top attack vector, responsible for 91 percent of successful breaches in the industry.

SmartSea calls for deeper collaboration between shipping companies, insurers and cybersecurity providers to tackle the growing threat of cyber espionage and nation-state attacks. “There is a need for real-time intelligence sharing across the maritime supply chain, joint incident response planning with live scenario testing, and insurance models that reward genuine cyber maturity rather than ticking compliance boxes,” said Fotakis.

Fotakis advocates developing secure-by-design technologies from the outset rather than retrofitting security measures.

Protecting maritime assets from espionage and long-dwell intrusions,requires  a layered cyber security framework and trains crew and staff to spot phishing and social engineering tactics. It also implements strict access control and multi-factor authentication, and deploys email and endpoint security solutions and performs cyber maturity assessments to uncover hidden vulnerabilities.

SmartSea   |   Cruise Industry News  |  Ship Mgt Intl  |  CyberExperts  |   Newsbreak  

Image: Unsplash

You Might Also Read: 

Hackers Target Maritime Facilities With Malware:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Jony Ive Partners With OpenAI To Redefine AI Hardware
Major Cybersecurity Risks In 2025 & How VPNs Help Defend Against Them »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

AI Security Institute (AISI)

AI Security Institute (AISI)

The AI Security Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Gcore

Gcore

Gcore is an international leader in public cloud and edge computing, content delivery, hosting, and security solutions.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.

Legion Security

Legion Security

Complement your SOC team with an AI agent that observes your best analysts' investigations, learns their unique workflows, and scales them.