News + Resources
Industry news, Astaara press releases & maritime cyber risk resources
Frontier AI has materially shifted the cybersecurity baseline. Business owners can no longer rely on assumptions that underpin existing cyber risk models, controls, and response plans given their validity is now challenged. Cyber Security has always been a Board Issue: the advances under AI make this responsibility all the more pressing.
In a recent Cyber Security Agency of Singapore (CSA) Advisory on Risks associated with Frontier AI Models, the cautionary tone around Frontier Artificial Intelligence (AI) models is apparent. While it can enhance cybersecurity by reducing time taken to identify vulnerabilities, the same capabilities can be misused by cyber threat actors to sharpen their attack capabilities and precision.
Frontier AI models can analyse large and complex code bases, identify hidden weaknesses and carry out cyber-attacks with limited human input at great speed. Cyber-attacks that previously required long preparation times or significant technical expertise, such as phishing, ransomware and other malware development and attack automation, can now be enabled by AI and are increasingly accessible to a broader range of threat actors.
These cyber-attacks, which are accelerating in scale, speed and sophistication, create additional pressure on ship operators managing complex and highly interconnected vessel environments, particularly where legacy systems and operational technology are involved.
At the core of cybersecurity and cyber-attacks, human behaviour remains key to both attack execution and organisational resilience. The efficacy of an organisation’s security posture depends on the ability of their workforce – encompassing beyond just IT personnel – to navigate technology safely. This means that continuous awareness and specialised training are critical for effective cyber risk management.
The bigger shift: From IT risk to board-level accountability
Leadership accountability is now explicit, because cyber risk has fundamentally changed. This shift is driven by structural changes in the threat landscape, particularly the impact of AI.
There are five key structural changes, which boards should factor into their decision-making:
| 1. AI is discovering vulnerabilities faster than organisations can fix them AI tools can now scan massive codebases and identify weaknesses at speed, dramatically reducing the time and cost required of skilled teams to find exploitable flaws. | Implication for Boards:Traditional assumptions about “time to fix” and risk exposure are no longer valid. Oversight must prioritise faster protection, detection and remediation cycles. Knowing what and where your systems and data are; keeping your systems patched and replacing them before they go out of service will significantly reduce your attack surface |
| 2. Social engineering is more personalised and convincing AI enables attackers to generate highly targeted, context-aware phishing and deception campaigns. Attacks exploit not just technical weaknesses but human trust too. | Many cyber-attacks continue to exploit human behaviour rather than just technical vulnerabilities. The responsibility for cyber risk management, which now includes workforce awareness, vigilance and continuous training, now extend deeply into people, culture, and communication systems, which are found within leadership accountability |
| 3. Multi-stage attack chains can run without human intervention Modern cyberattacks are no longer single events as automation allows attacks to scale across many targets simultaneously. | Organisations are facing persistent, adaptive threats, not isolated incidents. This requires governance-level investment in protection, detection, response, and resilience planning. |
| 4. The window between vulnerability disclosure and exploitation is shrinking fast AI accelerates the entire attack lifecycle as response windows are compressed and speed of attacks are faster. | Delayed decision-making or underinvestment in protection, detection and response capability becomes a material governance failure, not just an operational issue. |
| 5. The skill barrier to conducting sophisticated attacks is lowering AI is democratizing cybercrime, creating a larger, less predictable pool of attackers not limited to elite hackers. They are able to access tools that can generate phishing campaigns, malware, and attack paths automatically, increasing systemic risk exposure. | Organisations should ensure that personnel are trained, with tools and processes in place to identify and respond appropriately to suspicious activity and unauthorised attempts to access or modify systems. |
Cybersecurity has never just been a technical function. The risks inherent in Frontier AI confirm that cybersecurity is a core business governance responsibility tied directly to business continuity, financial risk, and organisational trust.
Maritime cyber resilience compliance another key driver
As vessels become increasingly dependent on interconnected IT, Operational Technology (OT) and communications systems, operators face growing pressure to maintain visibility, manage cyber risk continuously and coordinate response activities across ship and shore environments. This shift is reflected in IACS UR E26 and UR E27, which place greater emphasis on secure system integration, asset visibility, monitoring and lifecycle cyber resilience.
For example, a vessel today may rely on remote vendor access, integrated operational systems, cloud-connected reporting tools and third-party communications infrastructure. A disruption affecting any part of this interconnected environment can reduce operational visibility, increase workload for crew and shore teams and delay response coordination.
Maritime cybersecurity preparedness a core concern at Singapore Shipping Association
The Singapore Shipping Association (SSA) has long recognised the importance of cyber resilience, and will continue to support the maritime sector to help strengthen their cyber readiness through our programmes designed for the industry, such as:
- SCISSOR Index, or Cybersecurity Scorecard Portal, a self-assessment tool to allow users to better understand the cyber maturity, industry benchmarks and identify improvement priorities of their organisation.
- SCISSOR Insurance, underwritten by Astaara, which offers a comprehensive and broad-based risk transfer for marine cyber insurance, which is often excluded from traditional marine insurance policies.
- Maritime Operational Technology Cybersecurity Programme, alongside Maritime and Port Authority of Singapore (MPA), the Singapore Institute of Technology (SIT), and the Singapore University of Technology and Design (SUTD), to support corporate IT professionals to better understand and strengthen cyber resilience of shipboard systems, including integrating cybersecurity considerations into vessel design.
The SSA remains committed to working closely with members, government agencies and ecosystem partners to support Singapore’s broader cyber resilience agenda and strengthen Singapore’s position as a trusted, resilient and globally leading maritime hub.
The SSA continues strongly to encourage members of the industry to take cybersecurity as a top management priority, and to tap on the available resources to strengthen their organisation’s cyber resilience.
Astaara Underwriting UK Limited is an appointed representative of Davies MGA Services Limited, a company authorised and regulated by the Financial Conduct Authority under firm reference number 597301 to carry on insurance distribution activities. Astaara Underwriting UK Limited is registered in England and Wales company number 12570450. Registered office at 5th Floor 20 Gracechurch Street, London, United Kingdom, EC3V 0BG.
