The maritime sector is sailing into stormy waters, and it’s not just about the weather. Despite a surge in digital integration, the industry remains a sitting duck for cyber threats. Many of these threats aren’t even targeting the big, flashy systems like navigation or propulsion. No, they’re going for the low-hanging fruit: poorly protected onboard IT systems. It’s like leaving your front door wide open while you’re out at sea.
Mr. Fotakis, a voice of reason in this digital maelstrom, doesn’t mince words. “The truth is, cybersecurity still lags behind where it needs to be,” he asserts. We’re seeing ships with all the bells and whistles, cutting-edge green tech, but often connected to IT infrastructures that are about as secure as a sieve. It’s a dangerous disconnect, and a single intrusion could send a fleet into a tailspin, erasing years of progress.
Let’s talk numbers. According to BIMCO, over 80% of shipowners have experienced a cyberattack in the past three years. The average cost of a maritime cyberattack? A cool $3.1 million. Yet, only 31% of maritime companies say they have a high level of cybersecurity preparedness. It’s like knowing there are sharks in the water but not bothering to learn how to swim.
Phishing remains the top attack vector, responsible for 91% of successful breaches in the industry. It’s not the high-profile systems that are the real soft targets. It’s the email systems, laptops, onboard servers, and business software. These systems are often directly connected to shore-side networks, providing threat actors with a convenient entry point. As Mr. Fotakis puts it, “Attackers don’t always go for the bridge. They go for the inbox!”
So, what’s the solution? SmartSea is employing a layered cybersecurity framework. Their Managed Detection and Response (MDR) service includes Extended Detection and Response (XDR) agents across vessel and shore-side infrastructure. All logs are centralised into an AI-powered Security Information and Event Management (SIEM) system. These tools feed into a dedicated 24/7/365 Security Operations Center (SOC), capable of detecting even the most sophisticated “low-and-slow” attacks that evade traditional defences.
But technology is only half the battle. SmartSea also focuses on training crew and staff to spot phishing and social engineering tactics. They’re implementing strict access control, multifactor authentication, and deploying next-generation email and endpoint security solutions. They’re even performing cyber maturity assessments to uncover hidden vulnerabilities.
However, Mr. Fotakis believes the industry needs to go further. He’s calling for deeper collaboration between shipping companies, insurers, and cybersecurity providers. “There is a need for real-time intelligence sharing across the maritime supply chain, joint incident response planning with live scenario testing, and insurance models that reward genuine cyber maturity rather than ticking compliance boxes,” he says.
He also advocates for the development of secure-by-design technologies from the outset, rather than retrofitting security measures. “Cybersecurity isn’t just an IT issue, it’s a business and reputational risk,” he warns. As the industry goes green and more digitally-focused, we must also be more protective of our IT systems onboard. Otherwise, we risk losing it all.
This news should serve as a wake-up call for the maritime industry. It’s time to stop treating cybersecurity as a checkbox and start treating it as a core capability. The future of the industry depends on it. So, let’s roll up our sleeves, tighten our cybersecurity belts, and set sail into the digital age with our eyes wide open. The sharks are out there, but we can outsmart them if we work together.