The International Maritime Organization (IMO) has issued updated guidelines to enhance cybersecurity in the maritime sector, urging shipping companies and ports to integrate cyber risk management into their Safety Management Systems (SMS). This move comes amid rising cyber threats targeting critical shipping infrastructure, including GPS spoofing, ransomware attacks, and operational disruptions.
Why the New IMO Cyber Risk Management Guidelines Matter
Cyber threats pose a growing risk to ships, ports, and supply chains. Recent incidents—such as the 2023 ransomware attack on a major European port and GPS jamming in conflict zones—highlight the urgent need for robust cybersecurity measures.
The IMO’s latest guidance reinforces Resolution MSC.428(98), which mandates that cyber risks be addressed in compliance with the International Safety Management (ISM) Code. Companies must now ensure that:
Cyber risks are identified and mitigated in SMS documentation.
Crew members receive regular cybersecurity training.
Critical systems (navigation, propulsion, cargo ops) are protected from cyber intrusions.
Key Updates in the IMO’s Cyber Risk Guidelines
Risk Assessment – Companies must conduct regular cyber risk evaluations, including threat modeling for onboard and shore-based systems.
Incident Response Plans – Ships should have clear protocols for responding to cyber incidents (e.g., data breaches, system failures).
Third-Party Vendor Risks – Increased scrutiny on software providers, satellite communications, and port IT systems.
Training & Awareness – Crew and shore staff must be trained to recognize phishing, social engineering, and malware threats.
🔗 Download Official IMO Cyber Risk Management Documents
🚨 Iran Votes to Close Strait of Hormuz: Global Shipping on Alert
Published: June 23, 2025 Region: Strait of Hormuz / Persian Gulf
📌 Overview
In a dramatic escalation, Iran’s parliament has voted to close the Strait of Hormuz, a key chokepoint for global oil and gas exports. The decision awaits approval by Iran’s Supreme National Security Council, but even the vote alone has triggered alarm across the maritime and energy sectors.
The Strait of Hormuz handles roughly 20% of the world’s oil supply and about one-third of all seaborne crude. This move—seen as a retaliatory measure amid rising geopolitical tensions—has the potential to spike oil prices, reroute shipping, and increase insurance and freight costs.
⚠️ Impacts for Shipping and Maritime Operators
Route Disruption: Tankers may be forced to reroute via longer and more expensive paths (e.g. around Africa via the Cape of Good Hope).
Cost Increase: Tanker freight rates are already rising, and insurance premiums for transiting Hormuz are expected to surge.
Delays and Logistical Bottlenecks: Port congestion, delayed cargoes, and cascading effects on global trade are highly likely.
Security Threats: The risk of vessel seizure or electronic warfare (e.g. GPS spoofing) remains elevated.
🔐 Recommended Safety Measures
✅ For Shipowners & Operators:
Reassess Voyage Planning Avoid or minimize time spent in Iranian waters. Use UKMTO updates to plan secure passage.
Enhance Watchkeeping and Evasive Protocols Increase bridge team vigilance and readiness drills. Use non-GPS navigation techniques when GPS jamming is suspected.
Check Political Risk Insurance Verify war risk coverages and revalidate navigational clauses with underwriters.
Coordinate with Coalition Forces Register transits with UKMTO, IMSC, and EMASoH. Follow coalition naval guidance closely.
✅ For Crews:
Conduct drills for emergency procedures in case of boarding or engine shutdown.
Reinforce anti-piracy watch routines.
Keep SATCOM and emergency communication systems functional and tested.
🌍 Broader Implications
Analysts caution that Iran lacks both the legal and practical ability to fully enforce a closure—but even the threat is enough to create volatility. This situation is reminiscent of previous incidents involving the seizure of tankers, GPS spoofing, and regional naval exercises that affected maritime safety.
Oil prices have already surged to near $98/barrel. Global shipping alliances and the IMO are closely monitoring developments.
📣 Final Note
SHIP IP advises all clients operating in or near the Gulf region to review safety management systems, coordinate with naval authorities, and ensure crew readiness under high-risk conditions.
Iran’s parliament has approved a measure to close the Strait of Hormuz pending Supreme Council review, a move that could impact roughly 20% of the world’s oil supply . Such a closure, if executed, could drive oil prices above $100/barrel and severely disrupt global tradereuters.com+5washingtonpost.com+5news.com.au+5. However, analysts caution Iran lacks the capability—and legal grounds—to fully block the straiten.wikipedia.org+9washingtonpost.com+9nypost.com+9.
Safety/Shipping Impact:
Urgent need for rerouting strategies and safety contingency plans
Spike in tanker freight rates and maritime risk premiums
Increased vigilance required by insurers and P&I clubs
📣 Final Note
SHIP IP advises all clients operating in or near the Gulf region to review safety management systems, coordinate with naval authorities, and ensure crew readiness under high-risk conditions.
The U.S. Coast Guard is set to publish this week its final rule covering maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, outer continental shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents.
In a final rule scheduled for publication in the Federal Register, the Department of Homeland Security through the Coast Guard aims to enhance cybersecurity within the marine transportation system. The proposal includes mandates to create and uphold a Cybersecurity Plan, appoint a Cybersecurity Officer, and implement various strategies to ensure cybersecurity is maintained. Additionally, the Coast Guard is inviting feedback on a possible extension for the implementation timelines for U.S.-flagged vessels.
The final rule aims to protect the marine transportation system from cybersecurity threats by establishing minimum cybersecurity requirements. These requirements are designed to detect, respond to, and recover from risks that could lead to transportation security incidents (TSIs). The rule specifically targets risks arising from the increased interconnectivity and digitalization of the marine transportation system, addressing current and emerging cybersecurity threats to maritime security.
The Coast Guard noted that with this final rule, it has to finalize the requirements that were proposed in the notice of proposed rulemaking (NPRM), ‘Cybersecurity in the Marine Transportation System,’ published last February 22. The agency also responded to the public comments that we received to the NPRM and made several clarifications regarding the regulatory framework.
The Cybersecurity Plan must include seven account security measures for owners or operators of a U.S.-flagged vessel, facility, or outer continental shelf facility enabling of automatic account lockout after repeated failed login attempts on all password protected IT systems; changing default passwords (or implementing other compensating security controls if unfeasible) before using any IT or operational technology (OT) systems; and maintaining a minimum password strength on IT and OT systems technically capable of password protection.
It also covers implementing multi-factor authentication on password-protected IT and remotely accessible OT systems; applying the principle of least privilege to administrator or otherwise privileged accounts on both IT and OT systems; maintaining separate user credentials on critical IT and OT systems; and removing or revoking user credentials when a user leaves the organization.
The U.S. Coast Guard outlined that the Cybersecurity Plan also must include four device security measure requirements. They are developing and maintain a list of any hardware, firmware, and software approved by the owner or operator that may be installed on IT or OT systems; ensure that applications running executable code are disabled by default on critical IT and OT systems; maintain an accurate inventory of network-connected systems including those critical IT and OT systems; and develop and document the network map and OT device configuration information.
Additionally, the Cybersecurity Plan must include two data security measure requirements that ensure that logs are securely captured, stored, and protected and accessible only to privileged users, and deploy effective encryption to maintain confidentiality of sensitive data and integrity of IT and OT traffic when technically feasible.
The U.S. Coast Guard prescribed that owners or operators of U.S.-flagged vessels, facilities or outer continental shelf facilities must also prepare and document a Cyber Incident Response Plan that outlines instructions on how to respond to a cyber incident and identifies key roles, responsibilities, and decision-makers amongst personnel.
Furthermore, owners or operators must also designate a Cybersecurity Officer (CySO) who must ensure that U.S.-flagged vessel, facility, or outer continental shelf facility personnel implement the Cybersecurity Plan and the Cyber Incident Response Plan. The CySO must also ensure that the Cybersecurity Plan is up-to-date and undergoes an annual audit. The CySO must also arrange for cybersecurity inspections, ensure that personnel have adequate cybersecurity training, record and report cybersecurity incidents to the owner or operator, and take steps to mitigate them.
The Coast Guard estimates that this final rule creates costs for industry and government of about US$1.2 billion total and $138.7 million annualized, discounted at 2 percent (2022 dollars). This increased estimate from the NPRM is primarily driven by increases to our estimates of costs related to cybersecurity drills, exercises, and penetration testing. Cost estimates are also increased due to updated affected population data.
The final rule also notes that its benefits include reduced risk and mitigation of cyber incidents to protect impacted entities and downstream economic participants, and improved protection of marine transportation system business operations to build consumer trust and promote increased commerce in the U.S. economy. Additional benefits include improved minimum standards of cybersecurity to protect the marine transportation system, which is vital to the nation’s economy and national security, and to avoid supply chain disruptions.
The U.S. Coast Guard also requires owners and operators of U.S.-flagged vessels, facilities, and outer continental shelf facilities to segment their IT and OT networks, and log and monitor connections between them. Based on information from CGCYBER, CG-CVC, and NMSAC, network segmentation can be particularly difficult in the marine transportation system, largely due to the age of infrastructure in the affected population of U.S.- flagged vessels, facilities, and outer continental shelf facilities. The older the infrastructure, the more challenging network segmentation may be.
The document also laid down that it will require owners and operators of U.S.-flagged vessels, facilities, and outer continental shelf facilities to limit physical access to IT and OT equipment; secure, monitor, and log all personnel access; and establish procedures for granting access on a by-exception basis.
Last July, the DHS’ Office of Inspector General (OIG) published a final report identifying that the U.S. Coast Guard has made progress in enhancing the cyber posture of the marine transportation system by establishing maritime cybersecurity teams over the past two years, in line with statutory requirements. Based on its findings, the report proposes four recommendations to improve the Coast Guard’s cyber readiness and precautions to secure the U.S. supply chain. The DHS has concurred with four recommendations.
As Industry 4.0 continues to redefine operations, the lines between Information Technology (IT) and Operational Technology (OT) systems are increasingly blurred. Marine terminals now face unique cybersecurity risks to both types of systems, each requiring tailored defenses.
IT Systems: Protecting Data and Networks
IT systems manage critical business data and communication infrastructure. Cybersecurity risks for IT systems include malware, phishing attacks, and data breaches. Employing strong network security protocols, regular software updates, and staff training are essential for safeguarding sensitive data.
OT Systems: Securing Operational Processes
OT systems, which control equipment and automation at marine terminals, face distinct risks. These include attacks on Industrial Control Systems (ICS) and vulnerabilities in legacy systems. Protecting OT involves ensuring real-time monitoring, regular upgrades, and physical security to prevent unauthorized access.
Best Practices for Marine Terminals:
For IT systems: Implement multi-factor authentication, regularly update software, and train employees to spot phishing attempts.
For OT systems: Maintain an inventory of all assets, update outdated systems, and ensure secure remote access.
With both IT and OT systems now interconnected, a unified approach to cybersecurity is crucial. Protecting these systems is not just about safeguarding data but also ensuring the continued safe operation of critical infrastructure.
Modern commercial ports are a critical infrastructure which is highly dependent on information systems. The security of a port thus relies on the integrity of both physical and cyber assets. Despite evidence that ports are becoming targets for hackers, whose attacks can affect both cyber and physical assets and halt operations, too many ports have inadequate cybersecurity. Physical threats, incidents, and accidents to the physical assets (e.g., terminals, gates, buildings) of the maritime infrastructures or cyber threats and attacks to the cyber assets (e.g., Port Community Systems, navigation systems) can jeopardise the maritime operations, disrupt supply chains and destroy international trade and commerce.
The Europe maritime cybersecurity market is projected to reach $3.49 billion by 2033 from $972.3 million in 2023, growing at a CAGR of 13.64% during the forecast period 2023-2033
Protecting digital assets and networks in the maritime industry from online threats is the main goal of maritime cybersecurity in Europe. As maritime operations depend more and more on digital technologies, cybersecurity has become crucial to ensuring efficiency, safety, and risk mitigation. These dangers range from widespread cyberattacks like viruses and scams to more complex attacks that target shore-based infrastructure and vessel systems. Serious repercussions, including interruptions in business operations, monetary losses, harm to the environment, and even death, can result from cybersecurity breaches. Shipping firms, port authorities, regulatory agencies, and trade associations are important participants in the European maritime cybersecurity market.
Techniques like risk assessment, access control, incident response planning, and continuous employee training are necessary for effective cybersecurity management. Global rules, like those established by the International Maritime Organization (IMO) and the International Ship and Port Facility Security (ISPS) Code, provide frameworks for improving cybersecurity within the maritime sector. Collaboration between public and private sectors, along with technological innovation and information sharing, is crucial to address cyber threats effectively. As the maritime industry continues its digital transformation, robust cybersecurity measures will be vital for ensuring resilience and sustainability across European maritime operations.
Market Introduction
The maritime sector’s growing dependence on digital technologies for communication, navigation, and operations is driving a notable expansion in the European maritime cybersecurity market. Strong cybersecurity is crucial to protecting ships, ports, and associated infrastructure because of the increased susceptibility to cyberattacks that comes with this increased digitization. These dangers can cause operational disruptions, monetary losses, environmental harm, and threats to human safety. They range from viruses and phishing scams to more sophisticated attacks that target vital systems.
The increasing use of cloud computing, automation, and Internet of Things (IoT) devices in the maritime industry is propelling the market. In order to adhere to international standards like the ISPS Code and the regulations of the International Maritime Organization (IMO), major industry participants, including shipping companies, port authorities, and regulatory bodies, are concentrating on fortifying their cybersecurity frameworks. Furthermore, tackling changing cybersecurity challenges requires cooperation between the public and private sectors, improvements in threat detection, and continual staff training. The need for efficient cybersecurity solutions is anticipated to increase as Europe continues to embrace digital transformation in the maritime industry, guaranteeing safer and more robust operations.
How can this report add value to an organization?
Product/Innovation Strategy: The product segment helps the reader understand the different types of services available for deployment and their potential in Europe region. Moreover, the study provides the reader with a detailed understanding of the Europe maritime cybersecurity market by products based on solution, service, and threat type.
Growth/Marketing Strategy: The Europe maritime cybersecurity market has seen major development by key players operating in the market, such as business expansion, partnership, collaboration, and joint venture. The favored strategy for the companies has been partnerships to strengthen their position in the Europe maritime cybersecurity market
Competitive Strategy: Key players in the Europe maritime cybersecurity market analyzed and profiled in the study involve maritime cybersecurity products and service offering companies. Moreover, a detailed competitive benchmarking of the players operating in the Europe maritime cybersecurity market has been done to help the reader understand how players stack against each other, presenting a clear market landscape. Additionally, comprehensive competitive strategies such as partnerships, agreements, and collaborations will aid the reader in understanding the untapped revenue pockets in the market.
Companies Featured
SAAB AB
Thales
Leonardo S.p.A.
Airbus SE
BAE Systems
Terma
Westminster Group Plc
Kongsberg Digital
Smiths Group plc
Nettitude Ltd.
HGH
Key Attributes:
Report Attribute
Details
No. of Pages
73
Forecast Period
2023 – 2033
Estimated Market Value (USD) in 2023
$972.3 Million
Forecasted Market Value (USD) by 2033
$3490 Million
Compound Annual Growth Rate
13.6%
Regions Covered
Europe
Key Topics Covered:
1 Markets
1.1 Trends: Current and Future Impact Assessment
1.1.1 Artificial Intelligence and Machine Learning in Cybersecurity
1.1.2 Increased Connectivity
1.1.3 Zero Trust Architecture (ZTA)
1.2 Supply Chain Overview
1.3 Regulatory and Environmental Considerations
1.3.1 Regulatory Implications
1.4 Ecosystem/Ongoing Programs
1.4.1 Series of Assessments, including Threat Modeling and Open-Source Intelligence, Performed by NCC Group
1.5 Startup Funding Summary
1.6 Market Dynamics Overview
1.6.1 Business Drivers
1.6.1.1 Increasing Cyber Threats and Attacks
1.6.1.2 Digitalization of Maritime Operations
1.6.1.3 Global Supply Chain Reliance on Maritime Transport
1.6.2 Business Challenges
1.6.2.1 Lack of Trained Personnel
1.6.2.2 Complex Regulatory Environment
1.6.3 Business Opportunities
1.6.3.1 Cybersecurity for Autonomous Vessels
1.6.3.2 Integration of Internet of Things (IoT) and Operational Technology (OT) Security
2 Regions
2.1 Regional Summary
2.2 Drivers and Restraints
2.3 Europe
2.3.1 Regional Overview
2.3.2 Driving Factors for Market Growth
2.3.3 Factors Challenging the Market
2.3.4 Application
2.3.5 Product
2.3.6 U.K.
2.3.7 Application
2.3.8 Product
2.3.9 Germany
2.3.10 Application
2.3.11 Product
2.3.12 France
2.3.13 Application
2.3.14 Product
2.3.15 Rest-of-Europe
2.3.16 Application
2.3.17 Product
3 Markets – Competitive Benchmarking & Company Profiles
3.1 Next Frontiers
3.2 Geographic Assessment
3.2.1 Overview
3.2.2 Top Products/Product Portfolio
3.2.3 Top Competitors
3.2.4 Target Customers
3.2.5 Key Personnel
3.2.6 Analyst View
3.2.7 Market Share, 2022
About ResearchAndMarkets.com
ResearchAndMarkets.com is the world’s leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.
Optimising vessel operations has become crucial for the industry to achieve sustainability and decarbonisation goals. In the long term, large investments will focus on building ships ready for alternative fuels, but in the meantime, owners and operators are turning to digitalisation technologies to save fuel and emissions by becoming more energy efficient.
Owners and operators are also using faster low-latency satellite communications to tackle the challenges of retaining and retraining crew, and to keep track of growing fleets and changing trading patterns. Communications, digital applications and electronic hardware help to tackle these issues, enabling owners to offer career development pathways, almost limitless communications, and technology to make seafarer’s lives easier.
Shipping has turned to digital applications, low-latency connectivity, cloud-based solutions, artificial intelligence and machine learning, while tackling cyber risks with enhanced security.
New LEO constellations overtake established GEO
One company run by an established billionaire, who will soon be part of Trump’s new US administration, has transformed maritime satellite communications during 2024 with owners installing new technology to keep up.
Elon Musk’s SpaceX’s Starlink low Earth orbit (LEO) satellite constellation has revolutionised maritime and offshore communications, providing fast connectivity with low latency to vessels, for crew welfare services and operational applications.
LEO satellite communications has taken the maritime sector to new heights in terms of providing connectivity and welfare support to seafarers. Starlink has become popular with the masses with shipmanagers, owners and operators increasing its deployment across fleets. Whereas two years ago, flat-panel antennas for Starlink were only just being tested, now it is difficult to find a ship without Starlink on board.
Another LEO constellation gaining traction is Eutelsat OneWeb, albeit at a slower pace, with early adoption on offshore vessels, drilling and production facilities. As this global coverage is implemented, more cruise and commercial ships will consider this as a viable alternative. Marella Cruises is investing in OneWeb to operate alongside Starlink on its cruise ships.
Despite the rise of LEO, there is still demand for reliable geostationary orbit (GEO) satellite communications and very small aperture terminal (VSAT) connectivity, but distributors are integrating these services into hybrid smart solutions, where connections will take the cost-efficient, secure pathways. There is also still a need for L-band through Inmarsat, Iridium and Thuraya for maritime safety and security communications.
As the maritime industry adopts more digitalisation applications and ships become more connected, they come under greater risk of cyber attacks. Therefore, enhancing cyber resilience and security is essential to ship operators, owners and builders.
In 2024, the International Association of Classification Societies (IACS) introduced unified requirements (URs) for cyber security and outlined how to demonstrate compliance with them. These URs, E26 and E27, are seen as new benchmarks for shipping’s response to its growing exposure to cyber attacks.
UR E26 is aimed at ensuring the secure integration of both operational technology (OT), information technology (IT) and equipment in a vessel’s network, during the design, construction, commissioning and operational life of the ship.
This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response and recovery.
UR E27 is written to support manufacturers and OEMs of onboard operational systems and equipment in evaluating and improving their cyber resilience. This has led to suppliers and system integrators introducing upgrades to ensure cyber resilience. It also encouraged classification societies to develop and introduce their own interpretations of these URs.
Introducing IACS requirements and raising awareness and demand for enhanced cyber security has led to a trend of class societies acquiring companies with these skills. One of the main deals in 2024 was DNV’s acquisition of CyberOwl, which regularly reports on the shipping industry’s risks and responses to cyber attacks.
According to a study led by CyberOwl published in Q4 2024, a typical fleet of 30 cargo vessels now experiences an average of 80 cyber incidents a year. The study found the average cost of unlocking computer systems in the maritime sector reached US$3.2M.
We can expect more advanced and integrated solutions to be unveiled and new innovative cyber threats to emerge in 2025.
Lloyd’s Register (LR) is partnering COSCO Shipping Heavy Industry on the development of an 82,500 dwt bulk carrier design that will meet Unified Requirement (UR) E26, which governs the cyber resilience of ships.
As explained, issued by the International Association of Classification Societies (IACS), the UR comes into force on 1 July 2024. The new IACS Requirements aim to secure integration of both operational and information technology equipment onboard a ship throughout the vessel’s lifecycle. The UR applies to aspects of a vessel and its operations, including equipment identification, protection, attack detection, response, and recovery.
The partnership is LR’s first JDP focussed on E26 compliance.
Cyber security has become an increasing concern for shipowners and this JDP represents an important milestone to support cyber resilience of vessels. In partnership with COSCO Heavy Industry, Lloyd’s Register will create its first vessel design in line with the new IACS UR E26 requirement.
… said Sau Weng Tang, Commercial Manager Greater China
Key facts about the EU NIS2 Directive regarding cybersecurity
LR approves five VLGC designs by Deltamarin and Jiangsu
To remind, OTESAT_MARITEL and Bureau Veritas (BV), have recently joined forces to certify two cybersecurity solutions, IRIS and s@tGate, according to IACS UR E27 Rev.1 requirements on the cyber resilience of on-board systems and equipment.
To resolve shipowner’s concerns on UR E26, we worked with LR and achieved the first E26 approval from LR. The upgrade on UR E26 compliance enables our yards, designing department, and system vendors to be fully prepared when UR E26 come into force. It ensures shipowners can reduce their cyber risks.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
