Why Ports and Shipping Companies Need Stronger Cybersecurity
As shipping companies continue to digitalise, their risks of falling prey to cyberattacks increase dramatically. Ports and shipping companies are vital links in global trade, meaning bad actors working on behalf of state-sponsored hacking organisations, for example, use them as prime targets to disrupt rivals. The importance of strong cybersecurity in the industry is now at an all time high.
Statistics show that 31% of maritime professionals report at least one cyberattack in the space of a year, a significant increase from the start of the decade. As the supply chain evolves to rely on technology, attack surfaces grow in size, meaning port companies on the chain need to be more vigilant than ever regarding potential threats.
The stakes: one cyber incident can stall global trade
Ports and shipping companies are vital connection points between global companies supplying, importing, and exporting all over the world. With a simple flaw in networking or code, a hacker could break in and bring multiple trade lanes to a standstill.
For example, consider an auto manufacturing firm that is reliant on importing parts via seaports. If hackers were to disrupt the shipping companies involved on that trade route, their operations could be frozen, data may be stolen, and downtime may escalate.
Not only is the manufacturer left waiting for supply, but end buyers are unable to sell cars, and consumers are left without new models and lose faith in brands and manufacturers.
A solid real-world example is the ransomware attack launched against JAS Worldwide in August 2024. This attack resulted in a central operations outage, with end users unable to track their shipments, and serious logistics confusion building.
All these issues show why so many port and shipping companies are taking steps to work with cybersecurity companies and to regularly run penetration tests to find flaws unseen by the naked eye.
Why risk is rising: digital ports, OT/IT convergence, and geopolitics
Modern ports thrive on interconnected devices, automation, and GPS navigation. Such digitalisation has helped to make global trade more productive and efficient, however, with increasing numbers of systems being added to networks, attack surfaces are growing larger.
Thanks to the Internet of Things (IoT), physical devices via operational technology (OT) increasingly communicate with information technology (IT). In the shipping sector, this might mean that certain tools are connected and controlled by computer programs and smart devices.
That, however, also means that anything affecting IT could, in theory, travel to OT, thus bringing physical hardware to its knees.
There is currently an ongoing crisis regarding a specific port disruption method – GNSS spoofing and jamming. These are, in layman’s terms, attack vectors or broadcasts that effectively blindside GPS devices. They can interfere with onboard trackers, therefore blocking signals and preventing vessels from being tracked.
In 2025, in particular, there are growing trends in the Strait of Hormuz and the Persian Gulf where maritime operations are regularly facing jamming issues, with ships getting redirected.
This is, as many experts suggest, a strategic, malicious trend that is likely stemming from geopolitical tension, with state-sponsored agents using cyberattacks as a cost-effective way to hobble rivals.
What regulators now expect
As a result of the very real threats facing shipping companies and the wider supply chain, industry regulators now demand that companies make cybersecurity a priority.
The International Maritime Organisation, or IMO, for example, requires companies to embed detailed cyber risk strategies into their safety management systems, or SMSes.
The UK Department for Transport has published a Cyber Security Code of Practice for Ships, providing guidance that encourages shipping companies operating under the UK flag to embed cyber risk measures into safety management systems. Furthermore, the NIS2 Directive, largely affecting European Union businesses, has also extended its cybersecurity regulation scope to cover incident reporting and executive liability recording for the shipping and transport sectors.
Crucially, these measures are being established to ensure that any businesses operating in shipping and maritime take cybersecurity immensely seriously. Although it may not seem immediately likely that shipping could be disrupted by hacking or jamming, as discussed above, it is eminently possible.
Where to fortify first: pragmatic controls mapped to NIST CSF 2.0 + IEC 62443
Understanding how and where to start setting up a cybersecurity plan is not as straightforward as it may seem. Therefore, many shipping companies rely on frameworks designed for the industry that they can work to as high-level templates, making adjustments to suit their individual needs.
In many cases, port companies should consider following either NIST CSF 2.0 and/or IEC 62443 for a reliable template to build strategies upon.
- NIST CSF 2.0 is widely used across multiple industries as a five-point process of Identify, Protect, Detect, Respond, and Recover. By following these points of action, shipping owners can take simple but significant steps to track, lock, and protect their assets.
- IEC 62443 is highly recommended for shipping companies, too, because it outlines a workable, protective strategy for automation and control systems, ideal for supporting the IT/OT convergence.
By following either framework/template, port businesses can start taking stock of their asset inventories, lock them down with firmer protective strategies (such as multi-factor authentication or MFA), and draft incident response plans to “rehearse” for the worst-case scenarios.
A 90-day action plan & KPIs for ports and lines (prove progress fast)
Ultimately, supply chain executives and industry regulators want proof now that port businesses are taking cybersecurity seriously (especially as threats evolve in volume and sophistication).
Therefore, it’s wise for companies to create a three-month plan and foundation to prove their progress, and to show executives they intend to maintain security standards.
They could, for example, work in key performance indicators (KPIs) such as the percentage of assets they lock down and inventory, the time taken to respond to attacks in practice scenarios, and the percentage of systems protected by additional measures such as MFA.
To conclude, here’s a quick summary of how a shipping company might roll out cybersecurity measures within this suggested three-month window:
- In the first month, assess inventory and lock it down, identify gaps with the help of cybersecurity professionals, and choose a solid framework.
- In the second month, take immediate steps to remedy flaws and apply protective measures, logging and monitoring issues as they arise.
- Then, in the final month, produce a robust incident response plan that outlines security responsibilities and proactively informs executives of steps taken.
Unfortunately, there will always be cyber threats affecting shipping and port businesses. But by following these steps, even those who are starting from scratch can start to lock down assets and data with greater confidence.
Author -Tyler Owen
LinkedIn: https://www.linkedin.com/in/owentl/
Bio: Tyler serves as the Sr. Director of Product Management for Managed Security Services at VikingCloud. His extensive experience encompasses the entire lifecycle of Information Security infrastructure projects, from pre-sales and planning through to implementation, daily maintenance, and management. Tyler’s expertise includes overseeing people, processes, policies, budgets, and resources, ensuring comprehensive security measures that protect and enhance IT infrastructures.