The UAE's maritime sector is foundational to the country's role as a global trade hub. Jebel Ali Port, operated by DP World, is the world's largest man-made port and one of the busiest container terminals globally. Khalifa Port in Abu Dhabi, operated by AD Ports Group, is the region's first semi-automated port. Together with smaller specialist ports, the UAE's maritime infrastructure handles an enormous share of global containerized trade — serving as the transshipment hub through which goods flow between Asia, Africa, and Europe. The UAE Cyber Security Council has repeatedly designated critical national infrastructure — including ports and logistics — as a tier-one protection priority.
This strategic importance makes UAE maritime infrastructure a high-value cyber target. The 2017 NotPetya attack on Maersk — which brought global container shipping operations to a halt and cost the company hundreds of millions of dollars — demonstrated exactly what a sophisticated cyber attack on maritime operations can achieve. UAE port operators, shipping companies, logistics firms, and maritime service providers cannot treat this threat as hypothetical.
The Maritime Cyber Threat Landscape
Ransomware targeting port operations. Port operating systems — terminal operating systems (TOS), gate management systems, vessel scheduling systems, and berth management platforms — are high-value ransomware targets. A port that cannot process incoming or outgoing containers loses revenue by the minute and creates cascading supply chain disruption affecting thousands of businesses. The defensive playbook for ports mirrors the one outlined in ransomware prevention employee training — rehearsed reporting, segmented backups, and crew that recognises the staging behaviours before encryption fires.
OT attacks on port automation systems. Modern UAE ports are highly automated — using automated stacking cranes, automated guided vehicles (AGVs), and computerized terminal management. The OT systems controlling this automation are increasingly IP-connected, creating attack surfaces that were not present in older manual port operations. An OT attack that disables automated cranes or misroutes container movements creates operational disruption that cannot be quickly remediated. A parallel IT/OT convergence challenge appears in cybersecurity awareness for UAE aviation, where airside automation and ground systems face the same vendor-access and patching pressure as port automation.
Cargo manifest and customs fraud. Port workers with access to cargo management systems are targeted by social engineering attacks designed to manipulate cargo manifests — either to facilitate smuggling (concealing contraband within legitimate shipments) or to steal cargo (misdirecting high-value container deliveries). These insider-enabled attacks can be initiated through external phishing or through the recruitment of compliant insiders, which is why an insider threat awareness training program belongs in every port operator's security baseline.
GPS and navigation spoofing. Vessels approaching UAE ports rely on GPS navigation data. GPS spoofing attacks — which transmit fake GPS signals that displace vessel position readings — have been documented in the Arabian Gulf, with vessels receiving false position data. While not exclusively a port sector issue, awareness of navigation system manipulation is relevant for maritime operations staff.
Supply chain and logistics phishing. The logistics ecosystem surrounding UAE ports — freight forwarders, customs brokers, shipping agents, warehousing operators — is extensively targeted through phishing. Logistics staff receive fake shipping instructions, fraudulent bill of lading requests, and spoofed communications from carriers and port authorities. The complexity of international trade documentation makes it easy to insert fraudulent documents that appear legitimate — a pattern documented in detail in our analysis of business email compromise trends in the GCC for 2026.
Freight payment diversion. Maritime and logistics companies handle large-value payments for freight charges, port dues, and customs fees. Attackers compromise the email accounts of shipping agents or freight forwarders and insert fraudulent payment instructions into genuine transaction flows — diverting freight payment to attacker-controlled accounts. The verification protocols covered in business email compromise prevention training — out-of-band callback on every bank-detail change, no exceptions for "urgent" requests — are the single highest-leverage control against this loss vector.
Flag state and IMO regulatory impersonation. UAE-flagged vessels and maritime businesses registered with UAE maritime authorities receive communications from flag state administrations and the International Maritime Organization (IMO). Attackers impersonate these regulatory bodies to deliver phishing attacks that exploit the authority and compliance imperative of regulatory correspondence.
IMO Maritime Cyber Risk Management Requirements
The International Maritime Organization (IMO) Resolution MSC-FAL.1/Circ.3 on Maritime Cyber Risk Management provides guidance on cyber risk management for the maritime sector. IMO Resolution MSC.428(98) required shipping companies to incorporate cyber risk management into their Safety Management Systems (SMS) under the ISM Code by January 2021.
These requirements mean that UAE-flagged vessels, ship managers, and shipping companies registered in the UAE must incorporate cyber risk management — including crew cybersecurity awareness — into their operational safety frameworks. Security awareness training for seafarers and maritime operations staff is not a voluntary initiative; it is part of the international maritime safety regulatory framework.
UAE maritime authorities — the Federal Transport Authority (FTA) and the UAE Maritime Authority — align with IMO requirements and expect UAE-registered maritime entities to demonstrate compliance.
Security Awareness for Different Maritime Roles
Port operations staff (terminal operators, crane operators, gate staff). This workforce interacts with terminal operating systems, gate management interfaces, and cargo scanning systems. Security awareness for this group should focus on: recognizing suspicious USB devices or hardware connected to workstations; not sharing login credentials; recognizing unusual system behavior that may indicate malware; and reporting suspicious requests from individuals claiming to be IT support or vendor maintenance staff. Reporting is the choke point — building a phishing reporting culture on the apron and in the gate house is what turns a single observation into containment.
Logistics and documentation staff (shipping agents, customs brokers, freight forwarders). This group handles the documentation and payment flows that are most directly targeted by phishing and BEC attacks. Security awareness must cover: recognizing phishing emails impersonating carriers, port authorities, and customs bodies; verification protocols for payment instruction changes; secure handling of bill of lading and customs documentation; and the specific social engineering tactics used in maritime trade finance fraud.
Maritime IT and OT staff. Staff responsible for maintaining port operating systems, vessel management systems, and OT infrastructure need awareness of the specific risks at the IT/OT boundary — particularly the risks of connecting IT devices to OT networks, allowing remote vendor access without proper controls, and the implications of delayed OT patching for connected port systems.
Seafarers and vessel crew. Crew members aboard vessels operate in an environment with satellite-based internet connectivity that creates both communication risks (phishing through crew email) and navigation security risks (GPS and AIS manipulation). Crew security awareness should address: recognizing phishing on crew email accounts, social engineering targeting crew for cargo and route intelligence, physical security aboard vessels at UAE ports, and the importance of reporting navigation anomalies that may indicate spoofing. The distributed-workforce playbook in social engineering training for remote teams translates well to a crew that is rarely in the same physical office as the security team.
Executive and commercial leadership. C-suite and commercial leadership in UAE maritime companies face targeted executive phishing, whale phishing, and business email compromise attacks. Leadership-level security awareness should focus on verification protocols for high-value transactions, the specific BEC risks in maritime trade finance, and the reputational and regulatory consequences of cyber incidents.
The IT/OT Convergence Challenge in UAE Ports
UAE's modern, highly automated ports face a specific security challenge at the intersection of information technology and operational technology. As port automation systems increasingly use IP-based networks, cloud connectivity, and integrated data platforms, the traditional air gap between port IT and OT systems has narrowed or disappeared.
Security awareness for employees working at this IT/OT boundary should address:
Why OT security is different. OT systems in ports control physical operations — cranes, vehicles, gates, and berths. A security incident affecting an OT system does not just mean data loss; it means physical operational disruption with safety implications. The urgency of maintaining OT system availability is different from IT system availability.
Vendor and contractor access risks. Port OT systems are maintained by specialist vendors who require remote access for monitoring and maintenance. Employees need to understand the risks of unauthorized remote access, the importance of vendor access logging, and the verification procedures for remote vendor sessions.
USB and removable media in OT environments. USB drives used to transfer configuration data to OT systems are a common malware vector in industrial environments. Port employees who work with OT systems need clear guidance on the use — and prohibition — of removable media in operational technology environments.
Building a Maritime Security Awareness Program
Align with IMO and ICS guidance. The International Chamber of Shipping (ICS) and IMO have published specific guidelines on maritime cybersecurity. UAE maritime sector security awareness programs should be aligned with these frameworks, using the same language and categories that maritime professionals recognize from their regulatory environment. The structural foundations covered in how to build a security awareness program from scratch — audience segmentation, behavioural measurement, continuous reinforcement — apply directly to the multi-role maritime workforce.
Use realistic maritime scenarios. Generic phishing simulations using generic corporate email lures are less effective for maritime employees who face highly specific, trade-document-based phishing. Develop or commission phishing simulations using maritime-specific lures: fake port arrival notifications, spoofed customs authority emails, fraudulent freight invoice requests. Tune the cadence to operational rhythm — guidance on how often to run phishing simulations helps avoid both fatigue and recency-driven false confidence.
Include physical security in maritime contexts. Maritime physical security — vessel access control, container inspection, port perimeter security — intersects with cyber security in important ways. Training should address how physical security failures can enable cyber attacks and vice versa.
Partner with UAE maritime authorities. Engage with the Federal Transport Authority (FTA), AD Ports Group, DP World, and UAE maritime authorities on security awareness requirements and best practices. These bodies have an active interest in improving maritime cybersecurity and may be able to provide guidance, resources, or recognition for organizations with strong security awareness programs.
Key Takeaways
UAE maritime infrastructure is critical to global trade — and is actively targeted by cybercriminals and, potentially, state-sponsored actors seeking to disrupt supply chains. The combination of IT/OT convergence, international trade complexity, and the specific social engineering vectors of the maritime environment creates a security awareness challenge that requires maritime-specific training. Organizations that build security awareness programs aligned with IMO requirements, tailored to the specific roles and threat vectors of the maritime sector, will be significantly more resilient to the cyber threats that are growing in sophistication and frequency across the global maritime industry.
PhishSkill is built for high-consequence environments where security awareness is not a formality — it is an operational necessity. Our platform delivers role-segmented phishing simulations, targeted awareness modules, and behavioural risk scoring calibrated to the specific threats facing UAE port operators, shipping lines, freight forwarders, and maritime service providers. Whether you are protecting a terminal control room, a customs brokerage, or a vessel crew on satellite link, PhishSkill gives you the tools to build a security culture that matches the stakes. Request a demo to see how we work with critical infrastructure teams.
Related Reading
- Cybersecurity Awareness for UAE Aviation: Protecting Airports, Airlines, and Critical Air Infrastructure
- Business Email Compromise in the GCC 2026: How the Attacks Have Evolved
- Insider Threat Awareness Training: Building a Program That Protects Without Eroding Trust
- Ransomware Prevention Through Employee Training: Why the First Click Is the Attack
More from the Blog
View all blog articles
Cybersecurity Awareness for UAE Law Firms and Legal Professionals: Protecting Privilege and Client Confidentiality
UAE law firms in DIFC, Abu Dhabi, and across the Emirates hold privileged communications and M&A intelligence that make them prime cyberattack targets. Build security awareness programs that protect attorney-client privilege and satisfy professional obligations.
Security Awareness Training Completion Rate Benchmarks: What Percentage of Employees Actually Finish Your Modules?
Completion rate is the metric everyone tracks but few optimize. 95 percent completion with poor engagement produces worse outcomes than 75 percent completion with genuine attention — module design wins.
Phishing Statistics 2026: 40 Numbers Every Security Team Needs to Know
Phishing remains the most common entry point for data breaches, ransomware, and fraud. These 40 statistics tell the real story of where the threat stands in 2026 — and what the data means for your program.
Ready to stop phishing attacks?
Run realistic phishing simulations and high-impact security awareness training with PhishSkill's automated platform.