Strategic Importance of Cybersecurity in Maritime Industry

Operational Impact of Digitalization

Digitalization is driving a significant transformation in the maritime sector. Traditional operational methods and next-generation digital applications are now used in tandem, as the industry continues its adaptation process.

However, while this transformation enhances operational efficiency, it simultaneously creates a critical risk area. Global analyses for the 2025–2026 period indicate that cyberattacks targeting critical infrastructures such as maritime and logistics have increased by 30% to 40% over the last two years. Positioned at the center of the global supply chain, the maritime sector has become a strategic target for cybercriminal groups and advanced persistent threat actors.

Integrated Systems and Increasing Cyber Risks

A modern vessel is no longer only a mechanical structure; it is also considered a highly digitalized and interconnected “floating data platform.”

Critical processes such as route optimization, condition-based maintenance (CBM), remote access systems, and intelligent energy management are operated through these digital networks.

This highly connected structure expands the attack surface and increases potential risks. Cyber threats are no longer limited to data integrity or system access; in some scenarios, they may directly impact operational continuity and navigational safety.

Critical Distinction Between IT and OT Systems

A fundamental aspect of maritime cybersecurity is the distinction between IT (Information Technology) and OT (Operational Technology) systems:

• IT Systems: Cover data management, commercial processes, financial operations, and communication infrastructure. Risks mainly include data breaches, financial losses, and reputational impact.

• OT Systems: Cover systems that control the physical operation of the vessel, including navigation (ECDIS/AIS), machinery control systems, and power management infrastructure.

Sectoral analyses show that a significant portion of maritime cyber incidents can impact OT systems or IT-OT integrated environments.

Data Security and Attacks on Navigational Systems

As of 2025, cyber threats have evolved into more organized, targeted, and operationally impactful forms:

• Ransomware: Increasingly affecting port operations and vessel management systems, leading to operational disruptions and cascading effects across the supply chain.

• Supply Chain Attacks: Rising attempts to infiltrate systems through software providers and third-party services.

• GPS Spoofing / Jamming: Observed particularly in strategic waterways, these attacks can mislead positioning systems and threaten navigational safety.

IACS UR E26 & E27 and IMO Requirements

Cybersecurity is no longer an option but a requirement to be considered in newbuilding processes.

• IMO (International Maritime Organization): Encourages the integration of cyber risk management into the Ship Safety Management System (SMS). Mandatory implementation may vary depending on flag state regulations.

• IACS UR E26 & E27: These standards, effective as of mid-2024, require vessels to be cyber resilient from the design and construction stage. These requirements cover not only operators but also shipyards and all onboard equipment.

Türk Loydu, as a full member of IACS and a Recognized Organization (RO), provides internationally recognized survey, audit, and certification services.

Cybersecurity has also become an increasingly critical component of ISM (International Safety Management) audits.

Türk Loydu’s Audit Approach

As of 2023, Türk Loydu is a full member of IACS and is among the selected classification societies that class more than 90% of the world fleet. This membership ensures that audits are conducted in accordance with IACS QSCS (Quality System Certification Scheme) standards.

IACS Membership and Quality Standard

Türk Loydu operates under the international QSCS framework as an IACS member classification society. QSCS ensures the consistency and continuity of the organization’s quality management system at an international level.

Survey and audit requirements:

• Audits are based on internationally accepted technical rules and standards

• IACS Unified Requirements are used as reference

• Applications cover technical compliance and safety requirements at vessel and system level

This structure treats the quality management system and technical survey/audit processes as separate but complementary pillars, strengthening global compliance.

Integration of Cybersecurity into ISM

As of 2021, under IMO MSC.428(98), cyber risk management has become a mandatory element to be addressed within the Ship Safety Management System (ISM/SMS). The scope of implementation and the audit approach may vary depending on flag state and classification society requirements.

Current ISM audits have expanded to cover not only physical safety but also digital risks.

• In line with IMO MSC.428(98), cyber risk management is integrated into the SMS

• Compliance with IACS UR E26 & E27 requirements is assessed in newbuilding projects

• Cyber resilience measures such as access control, network segmentation, and incident response processes are reviewed within operational procedures

Value Added by Audits

Türk Loydu’s survey and audit activities conducted across vessel, equipment, and operational stages provide not only compliance verification but also a system development perspective.

• Early identification of risks through a continuous improvement approach

• Ensuring compliance with evolving international regulations

• A holistic audit approach contributing to operational continuity

The maritime sector is evolving into a structure where digitalization brings emerging risks such as cybersecurity to the forefront. In this new structure, cybersecurity is no longer a classical IT issue but a direct component of navigational safety and operational continuity.

As an international classification society and Recognized Organization, Türk Loydu contributes to the maritime industry by ensuring technical compliance and reliable audit processes throughout this transformation process.