The maritime industry is racing to embrace digitalisation, but the cyber awareness of its workforce has not kept pace, creating a dangerous gap that AI-powered attacks are increasingly able to exploit. According to Kris Vedat, CEO of SmartSea, writing for Splash247, seafarers now enter an industry more connected than ever, yet cyber awareness and digital resilience remain largely absent from the mandatory training that underpins maritime safety.
The Training Gap
While the US has introduced a requirement for seafarers on US-flagged vessels to carry out cyber security training as part of their STCW (Standards of Training, Certification and Watchkeeping) certification, Vedat noted that a global standard is still waiting to be implemented. He argued that cyber security should be a mandatory element of STCW Basic Training and that the International Maritime Organization (IMO) should formally table this issue as a priority for global maritime training standards.
"The industry can no longer treat cyber resilience as an optional company-led initiative or a specialist IT function," Vedat wrote. As AI makes cyberattacks faster, more convincing and harder to detect, every seafarer needs a basic level of cyber awareness from the start of their career.
AI-Enabled Threats in Practice
SmartSea is seeing a clear increase in phishing attempts and cyberattacks targeting maritime organisations, according to Vedat. The trend should concern everyone across the industry because AI tools are now enabling cybercriminals to make attacks faster and more convincing. Past incidents affecting DP World Australia, the Port of Nagoya, and DNV's ShipManager platform have demonstrated how disruptive cyber incidents can be to operations. While those attacks were not necessarily driven by AI, Vedat said the pathways already exist; AI is simply making cyberattacks faster, more scalable and significantly harder to stop.
For an industry built on trust, communication and time-critical decision-making, this presents a serious challenge. Every day, seafarers and shore personnel receive instructions, process documentation, respond to requests and interact with digital systems. A superintendent sends a message, an agent requests paperwork, a supplier changes banking details or a crew member receives a login prompt. Increasingly, AI can be used to make fraudulent communications appear legitimate, whether through convincing emails, cloned voices, manipulated videos or realistic digital identities.
The Human Element
Vedat emphasised that cyber resilience is no longer solely a technology issue — it is a people issue. Crews are often the first line of defence against suspicious activity, but they can only do so if they have been trained to understand what to look for. Introducing cyber awareness at the beginning of a seafarer's career would help establish a consistent global baseline of digital competence across the industry. It would also reduce the significant variations that currently exist between companies, where cyber training often depends on individual budgets, priorities or levels of maturity.
Call for Collaboration
Building a more cyber-resilient industry will require a higher level of collaboration, according to Vedat. Shipowners and managers must continue investing in training and awareness programmes. Technology providers must design systems that are secure and user-friendly. Regulators and industry bodies must work together to ensure standards keep pace with technological change.
"AI-assisted cyberattacks will continue to evolve and the maritime industry cannot rely solely on technology. Its strongest defence will always be a well-trained workforce capable of recognising threats, questioning suspicious activity and responding appropriately," Vedat wrote. The shipping industry has continually adapted its training standards to reflect changing risks. As digital technologies become more embedded in vessel operations, cyber awareness should be considered part of that same evolution. Preparing seafarers for the future means giving them the skills to identify and respond to digital threats from day one.
Sources:
