During a recent CN Talks interview with Antonia Saratsopoulou, Managing Editor of Container News, Vlassis Papapanagis, CCO of Tototheo Global, discussed how increasing vessel connectivity, digitalisation and evolving cyber threats are reshaping risk management across the maritime industry.
From GPS spoofing and data integrity to cyber resilience and operational continuity, Papapanagis argued that shipping must move beyond traditional cybersecurity models and adopt a more holistic approach that combines technology, processes and people.
Cybersecurity is no longer just an IT issue
The maritime industry has embraced digital technologies at an unprecedented pace. Satellite communications, cloud platforms, IoT devices, advanced analytics and increasingly connected vessels are transforming how ships operate.
According to Papapanagis, these technologies are delivering significant benefits in efficiency, safety, sustainability and regulatory compliance. At the same time, however, they are creating new cyber risks that extend far beyond traditional IT systems.
Historically, vessels operated in relatively isolated environments. Today, ships have become highly connected ecosystems where operational technology (OT), information technology (IT), navigation systems and communications infrastructure are closely interconnected.
As a result, cyber incidents can affect vessel operations, navigation, cargo handling and business continuity, making cybersecurity a broader operational concern rather than a purely technical one.
The industry is moving towards a more holistic approach
Papapanagis noted that shipping companies have made considerable progress in securing their IT environments. However, operational technology and vessel systems have not always received the same level of attention.
That is gradually changing.
Growing awareness, combined with regulatory requirements and increasing connectivity, is encouraging shipowners and operators to view cybersecurity through a wider operational lens.
Rather than managing IT and OT as separate security silos, companies are increasingly recognising that both environments are interconnected and must be protected through a unified strategy.
For Tototheo Global, cybersecurity should be treated as an operational business issue that directly affects safety, performance and commercial operations.
Technology, processes and people remain the industry’s biggest challenge
Asked where the industry’s greatest vulnerabilities lie, Papapanagis highlighted three equally important factors: technology, processes and human decision-making.
Modern vessels rely on complex networks of interconnected systems, often supplied by multiple vendors. Managing these environments can be particularly challenging for operators with limited internal resources.
At the same time, organisations must maintain effective governance around asset inventories, access control, software updates and incident response planning.
Yet despite advances in technology, Papapanagis stressed that people remain one of the most important components of cyber resilience.
Crew members and shore-based personnel must understand potential threats, recognise suspicious activity and know how to respond when incidents occur.
Training and awareness programmes therefore remain essential investments for shipping companies seeking to strengthen their cyber posture.
GPS spoofing and jamming are changing the risk landscape
The growing number of GPS spoofing and jamming incidents is further blurring the line between cyber risk and navigational risk.
According to Papapanagis, these risks can no longer be viewed as separate challenges.
Modern vessels depend on continuous data exchange between ECDIS, AIS, bridge equipment, fleet management platforms and onboard communications systems. When one data source is compromised, the consequences can spread across multiple systems.
A spoofing event, for example, could affect a vessel’s positioning data, creating navigational challenges, operational disruption, delays and additional fuel consumption.
As shipping becomes increasingly data-driven, protecting the integrity of information is becoming just as important as protecting the systems themselves.
Data integrity is becoming a strategic priority
One of the key messages from the discussion was that cybersecurity is no longer focused solely on system availability.
Organisations must also ensure that the information flowing through their networks remains accurate and trustworthy.
A compromised data source can introduce false information into interconnected systems, potentially affecting operational decisions, vessel performance and navigational safety.
To reduce these risks, shipping companies should focus on improving visibility across connected systems, validating critical information from multiple sources and securing communications throughout the vessel’s digital ecosystem.
As vessels continue their digital transformation journey, data integrity is becoming a strategic requirement rather than simply a technical consideration.
From cyber protection to cyber resilience
Papapanagis believes the industry is entering a new phase in its approach to cybersecurity.
While strong defensive measures remain necessary, the conversation is increasingly shifting towards resilience.
The reality, he explained, is that cyber incidents will occur. The critical question is no longer how to prevent every attack, but how to maintain safe and effective operations when disruption happens.
Cyber resilience therefore focuses on preparedness, response and recovery.
It requires organisations to identify threats quickly, contain incidents effectively and restore operations with minimal impact on safety and business continuity.
For shipping companies, resilience is built through a combination of technology, processes and trained personnel working together as part of a coordinated strategy.
What does a resilient vessel look like?
According to Papapanagis, a resilient vessel is not one that assumes every cyber incident can be prevented.
Instead, it is a vessel that can continue operating safely and effectively when faced with cyberattacks, communication outages, GPS interference or system failures.
Resilience begins with visibility. Operators must understand which assets are connected, how systems interact and where critical dependencies exist.
It also requires contingency planning, backup communications, alternative operating procedures and personnel who are prepared to respond when digital systems become unavailable.
Hybrid connectivity is becoming increasingly important in this environment, ensuring vessels are not dependent on a single communications pathway.
Importantly, resilience extends beyond individual vessels. It must also include fleet operations and shore-based teams, enabling coordinated responses and faster recovery across the organisation.
Building resilience for the future
As digitalisation continues to accelerate across shipping, cyber resilience is becoming a fundamental element of operational excellence.
For Papapanagis, the future lies in combining secure connectivity, robust processes and well-trained personnel to create organisations capable of adapting to an increasingly complex risk environment.
Rather than viewing cybersecurity as a standalone technical function, shipping companies must embed resilience into every stage of their digital transformation journey.
Those that successfully balance innovation, connectivity and resilience will be best positioned to navigate the challenges of the maritime industry’s increasingly connected future.
Watch the full CN Talks interview with Vlassis Papapanagis, CCO of Tototheo Global, conducted by Antonia Saratsopoulou, Managing Editor of Container News, here.
