[[{“value”:”
Jamie Jones, chief operating officer at GTMaritime, writes for Splash today.
Cyber attacks are getting smarter. Email security tools are getting noisier. And crew are stuck in the middle – expected to spot sophisticated phishing attempts while juggling operational duties, limited bandwidth, and an inbox full of warning messages that all sound the same.
This is the problem no one’s talking about: alert fatigue.
Maritime operators have invested heavily in security. Training programmes, warning systems, malware filters – they’re all in place. But it’s not working as it should, because we’ve reached a tipping point where the noise is drowning out the signal. Crew are getting so many alerts that they’ve stopped paying attention. And when that happens, even the most sophisticated security system becomes meaningless.
New research from Mimecast shows that 95% of organisations still expect email security challenges to persist into 2025. That alone is worrying. But 61% believe those challenges will have a negative business impact – and when you look at the current setup, it’s not hard to see why. Security tools are generating so many warnings that users are desensitised. It’s like a smoke alarm going off every time someone makes toast – eventually, you just stop listening.
In shipping, this has real-world consequences. Email remains the backbone of vessel-shore communication: operational updates, compliance documents, crisis coordination, vendor contracts. Everything flows through email, especially with asynchronous connectivity at sea. If the inbox becomes a battlefield of constant alerts and false positives, it doesn’t just impact productivity – it creates serious risk.
We’ve seen examples where phishing emails, disguised as messages from port agents or technical suppliers, slip through unnoticed among the numerous other security alerts. This leads to user uncertainty—when a legitimate warning appears, it may not receive the prompt attention it needs. In these moments of hesitation, system vulnerabilities can be exploited, resulting in security breaches.
And this isn’t a training issue alone. Yes, 87% of organisations say they’re training staff to spot threats – but are they training the right people, in the right way? In shipping, the workforce is constantly rotating. Many crew don’t have English as a first language. They’re operating in high-stress environments where tech isn’t always intuitive, and distractions are everywhere. A quarterly awareness session or an online module just isn’t enough.
What’s needed now is a reset in how we think about email security. Less noise, more intelligence. Security systems that do more of the work quietly, in the background. Tools that filter out low-priority clutter and only raise the alarm when it actually matters. Because if everything is urgent, then nothing is.
According to SpamTitan, even the most sophisticated phishing campaigns typically fool only 1-2% of users. However, GTMaritime’s own phishing simulations reveal a higher vulnerability within the maritime sector: 15% of tested users clicked on malicious links, and 7% submitted personal data. Even a single compromised user, especially someone with high-level access or during a critical moment in the voyage cycle, could lead to significant damage. With AI-generated phishing emails becoming increasingly convincing and context-aware, distinguishing genuine communications from threats is becoming more challenging than ever.
Trust in these systems is starting to erode. Crew see constant warnings, they click to dismiss, they stop believing what their tools are telling them. That’s when the real damage starts – not with the malware, but with the mindset.
It’s no longer enough to tell people to “stay vigilant.” We need to build systems that are smart enough to know when not to cry wolf. Because when the wolves really do show up, they’ll be counting on us to be too tired, too distracted, or too desensitised to stop them.
The post Email security is broken – and crews are paying the price appeared first on Energy News Beat.
“}]]