Preparing for and responding to cyber threats
The maritime industry is exposed to a wide range of threats, from piracy and armed conflict to espionage, hybrid warfare, influence operations and increasingly, cyber attacks.
A 2025 survey by the Norwegian Shipowners’ Association of its membership shows that cyber threats remain the greatest security risk affecting shipowner operations.
As an industry, shipping has always been faced with unpredictable situations that have required ability to adapt and willingness to change, says the NSA. In recent years, as the conflict environment has become more acute and complex, most shipping companies have implemented security measures based on threat assessments.
Almost nine out of ten shipping companies surveyed have introduced digital security measures in response to increasing cyber threats. Furthermore, six out of 10 NSA member companies have implemented measures to further operational security.
Taking action on cyber risk and the threats within it comprises two distinct approaches; proactive and reactive measures.
Proactive measures comprise work that companies can do to increase awareness of cyber threats and use this information to improve their cyber security posture.
This typically includes conducting, vulnerability assessments, penetration testing, creating phishing and awareness programs, undertaking compliance and gap assessments and performing general risk management.
Reactive measures comprise more traditional software/hardware-led approaches. These include protection at device level using Endpoint Detection, network level protection using Unified Threat Management, a global network of Security Operations Centres, and Network Detection and Response to detect unusual behaviour within the network that may indicate an existing or emerging threat.
Cyberattacks have become more common, more advanced and more costly, which is driving the need for a comprehensive cybersecurity strategy
Marlink’s recently formed Cyber company was created meet these customer requirements, delivering services and solutions across Cyber Security Professional Services, Infrastructure and Endpoint Security and a Cyber Security Defence Centre.
Together they provide a complete suite using the insights and assessments from proactive measures to implement and run a holistic cyber defence program with reactive means offering a comprehensive response when threats occur.
Regulation of cyber risk in the maritime industry is growing, with new rules from IACS in force and incoming from the US Coast Guard and International Maritime Organization. EU wide rules for industry will also levy potentially heavy fines for non-compliance with protection measures.
However, Marlink believes that the growing nature of cyber risk implies that in order to stay protected, organisations need to go much further than the baselines required by regulation.
Central to every security strategy is a detection and response capability which catches threats that have circumvented traditional security measures
Cybersecurity solutions such as UTM Unified threat management, EDR Endpoint Detection and Response and MDR Managed Detection and Response are the minimum requirements for operators who want a starting point for cyber protection and this approach should scale to a full vulnerability assessment and penetration testing, to enable users to understand and act on the true threat picture.
Please refer to the full report in Maritime Outlook by the Norwegian Shipowners' Association
How can we help you?
Get in touch
Contact us to find out how we can help you create new possibilities for your operations.
Insights
Read about our latest insights and explore the forefront of digital protection through our curated selection of news, articles, and expert blogs.
