The international maritime organization BIMCO emphasized in its newly published research report that shipowners should stop viewing cybersecurity solely as a technical issue and instead consider it an integral part of geopolitical risk management.

According to the report titled 'Managing Geopolitical Cyber Security Risks,' prepared by BIMCO Regulatory Affairs Intern Aude Chocard, the maritime sector's increasing reliance on connected systems, external service providers, cloud technologies, and artificial intelligence applications brings along new security risks stemming from political developments.

Politics is as decisive as technology.

The report states that today, the cybersecurity risks of ships are no longer determined solely by firewalls, strong passwords, or software updates. Factors such as the country from which the technologies are sourced, the legal system governing the data, the influence of states on technology providers, and how these relationships could result in consequences during potential geopolitical crises are also significant factors in risk assessment.

Cyberattacks are rapidly increasing.

BIMCO pointed out that while digitalization enhances operational efficiency on ships and in ports, it also amplifies cyber threats.

The report referenced data from the CYTUR Maritime Cyber Threat White Paper 2026, noting that cyber incidents targeting the maritime sector increased by 103% in 2025 compared to the previous year.

Among the main threats are:

Ransomware,

Malware,

Phishing attacks,

Attacks on operational technology (OT) systems,

GNSS/GPS signal jamming,

AIS manipulation.

The Maersk attack remains the most significant example.

The report highlighted that the NotPetya attack, which paralyzed Maersk in 2017, continues to serve as a crucial warning for the maritime sector.

The global spread of the attack, originally targeting Ukraine, demonstrated that maritime companies could suffer significant damage as a 'side effect' of cyber wars, even if they are not direct targets.

BIMCO also noted that the recent increase in GPS jamming and spoofing incidents around the Strait of Hormuz, along with cyberattacks affecting Iranian-linked vessels, indicates that cyber threats in maritime operations are increasingly moving in parallel with geopolitical tensions.

Dependencies in the supply chain should be examined.

The report advises shipowners to conduct a detailed analysis of critical components used in information technology (IT), operational technology (OT), software, hardware, cloud storage, and artificial intelligence systems.

According to BIMCO, companies should evaluate not only whether their systems are secure but also:

The country in which the technology providers are located,

The legal system to which these companies are subject,

The likelihood of being affected by state pressure or sanctions.

The organization warned that many maritime companies are dependent on numerous suppliers operating in different countries, and that these suppliers may also be linked to other companies or state-controlled systems, creating a chain risk.

Cloud systems and artificial intelligence are new risk areas.

The report emphasized that in cloud storage services, attention should be paid not only to the country where the servers are located but also to the legal structure to which the service provider is subject.

It was noted that access to cloud services could be disrupted due to geopolitical crises, sanctions, or government interventions, and the use of multi-storage solutions and external backup systems was recommended to ensure business continuity.

The report stated that artificial intelligence technologies are also heavily reliant on existing software, hardware, and cloud infrastructures, particularly in the context of technological competition between the US and China, where AI solutions sourced from different countries may pose new risks in terms of data security, control, and compliance.

Two key questions in risk assessment.

BIMCO suggests that companies focus on two key questions when assessing their geopolitical cyber risks:

How reliable is the relationship?

How dependent is the company on this technology?

According to the report, companies with reliable relationships and that maintain strategic independence are at lower risk, while those with high levels of external dependence and that could be affected by political tensions face much higher cyber risks.

Continuously updated risk management.

The report concludes that cybersecurity assessments should not be limited to one-time audits.

BIMCO emphasizes that threats, international relations, regulations, and supply chains are constantly changing, and that shipowners need to integrate geopolitical analyses into their cybersecurity policies and clearly define acceptable risk levels.

Source: SeaNews Türkiye