Julian Panter, CEO of SmartSea, writes for Splash today.
With recent cyberattacks crippling major retailers and exposing the personal data of millions, cybersecurity is once again front-page news. Retailers and financial institutions have been pouring billions into digital defences but in the shipping industry, the same urgency is still lacking. Shipping may not be able to afford this unwillingness to act for much longer.
As vessels become more connected, they’re also becoming more vulnerable. Digitalisation has brought tremendous benefits to maritime operations, from real-time cargo tracking, satellite navigation and predictive maintenance for starters, but it has also left us more exposed to cyber threats. A breach at sea wouldn’t just be a matter of stolen data. It could disrupt global supply chains, compromise vessel safety, endanger the lives of crew members and even spark environmental disasters.
The Maersk incident in 2020 should have been a wake-up call. That single event cost them hundreds of millions and disrupted operations worldwide. And yet, here we are in 2025, and many operators still haven’t moved beyond the basics of cybersecurity.
That cyber-attack, caused by the NotPetya malware, wiped out thousands of Maersk’s systems, from booking to port operations. Recovery took weeks. But that was five years ago. Since then, the cyber-risk landscape has got much worse, with the rise of AI-powered attacks, increasingly sophisticated ransomware gangs, and growing geopolitical tensions driving cyber aggression.
My message to the industry is that cybersecurity is no longer just an IT issue. It’s a safety issue, an environmental issue, and a business continuity issue. Despite this, right now many vessels are still running outdated operating systems, using default passwords, and lacking any real-time monitoring or response capabilities.
Ports, platforms, and shipping lines are tempting targets for cyber criminals. They operate critical infrastructure yet are often underprepared. In some cases, systems are not even segmented properly, meaning that if an attacker gets in through an innocuous email or a virus-infected USB stick, they can potentially access navigation systems or engine controls.
Whilst you can’t always have a dedicated IT team on board a ship, many companies now offer smart, lightweight solutions that can be deployed easily, even on legacy systems.
What’s needed now is a shift in industry mindset. We shouldn’t be waiting for another crisis to start taking this seriously as the cost of prevention is always lower than the cost of recovery, no matter what industry you are in.
For the maritime industry, shipowners need to view cybersecurity as a core part of safety management, not just a regulatory checkbox. This means training crew, conducting regular risk assessments and investing in systems that offer both visibility and resilience.
As ransomware increasingly targets land-based logistics firms, it’s not hard to imagine a future where shipping is the next target. The difference here is that the impact of a successful maritime attack could ripple across the entire global economy, sadly oceans don’t offer safe harbour from cybercrime.
In today’s digital era, it’s no longer the wind and waves that pose the greatest threat to the maritime industry, it’s the invisible forces hidden in lines of code. Cyber risks are growing more dangerous by the day, and the future will not wait. The time to act is now, because sailing into tomorrow without robust cybersecurity is like navigating blind through a storm.
We give you energy news and help invest in energy projects too, click here to learn more
