Rakuten Maritime: Maritime cybersecurity readiness remains limited by industry fragmentation

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.
The maritime industry is not yet fully prepared for rapidly evolving cyber threats, as its fragmented structure makes coordinated action and faster adoption of new practices more difficult, explained Ryan Son, Managing Director, Rakuten Maritime, in an exclusive interview during Posidonia 2026, held June 1-5 in Athens.

As vessels become increasingly connected, cyber resilience is becoming a more urgent priority for shipping. However, cybersecurity awareness across the maritime sector remains at an early stage compared with other major global industries, creating the need for stronger education, more coordinated action, and a shift from basic compliance toward real protection.
Awareness before adoption
Rakuten Maritime’s positioning in the market begins with awareness. Before stakeholders can decide whether to adopt new practices or solutions, they first need to understand why cybersecurity matters and how emerging risks may affect their operations.

Before stakeholders make any decisions on whether to adopt new practices or solutions, they need to understand why it matters,

…Son said.
Without this foundation, cybersecurity may still be seen as a distant concern rather than an immediate and present risk. This is why Rakuten Maritime does not begin its client conversations by focusing only on product specifications or individual features.
“We don’t start every client conversation with product specifications,” he explained. “We start by helping stakeholders understand what kind of cybersecurity threats and risks they may face in the near future.”
This approach reflects the company’s ambition to act first as a trusted partner and advisor to the industry, rather than simply as a technology provider.
“We want to be a trusted partner and solid advisor or consultant before being just a solution provider,” Son emphasized.
Fragmentation slows coordinated action
When asked whether the maritime sector is adequately prepared for evolving cyber threats, Son was clear that the industry still has work to do. “My answer to that question is no,” he said.
A key reason is the fragmented nature of shipping. Unlike sectors such as automotive or aviation, where a small number of major players can often drive industry-wide change, the maritime ecosystem includes shipbuilders, shipowners, system integrators, ship management companies, classification societies, manufacturers and many other stakeholders.
In industries led by a few dominant companies, new regulations or security requirements can be adopted more quickly because leading players set the pace and others follow. Shipping, by contrast, is more complex and distributed.
“In the maritime industry, we have shipbuilders, shipowners, ship management companies, classification societies and manufacturers. There are so many players,” Son noted.
This diversity of stakeholders makes collective action more challenging and can slow the adoption of new cybersecurity technologies and practices.
“In this situation, coordinated action will be much more difficult, and this will often slow down the rapid adoption of new technologies and new practices,” he explained.
Cybersecurity awareness is still developing
Compared with other large-scale global industries, maritime cybersecurity awareness remains relatively immature. As a result, the first step is not only to introduce solutions, but also to help companies understand the urgency and importance of the threats they may face.
“Cybersecurity awareness in the maritime industry is still at its very early stage,” Son said.
For Rakuten Maritime, this creates a clear role in supporting stakeholders across the sector, from shipyards and shipbuilders to system integrators and other maritime companies. The aim is to help the industry recognize that cybersecurity is not a future issue, but a present operational concern.
“We believe that by helping stakeholders understand the urgency and importance of cybersecurity threats in the maritime industry, we can take the lead on these matters,” he added.
Experience from large-scale digital infrastructure
In an increasingly competitive market, Rakuten Maritime’s differentiation is not limited to specific products, features or functions. Its strength also comes from Rakuten’s wider experience as one of Japan’s leading technology and internet services companies.
Since its establishment in 1997, Rakuten has built and operated a large-scale internet services ecosystem serving more than 100 million users in Japan, covering areas such as e-commerce, credit cards, point systems, securities and mobile networks.
The company’s experience in telecommunications is particularly relevant. Rakuten has built nationwide 5G Open RAN networks in highly advanced and competitive markets, including Japan and Germany. Operating this type of infrastructure requires high standards of reliability, operational capability and cybersecurity.
“Operating a secure telecommunications infrastructure or mobile network requires extremely high standards of reliability, operational capability and cybersecurity,” Son said.
These capabilities, he argued, are directly relevant to the maritime sector, where connected vessels, digital systems and onboard technologies are increasing the importance of cyber resilience.
“Our strength not only comes from our product itself, but more importantly from our deep experience, engineering capability, operational capability and cybersecurity expertise,” he said.
Posidonia 2026 Interviews: Read in this series

From box-ticking to real protection
For Son, one of the most important changes needed in maritime cybersecurity is a shift away from treating compliance as a minimum requirement or a box-ticking exercise.
For decades, many stakeholders have focused on meeting the bare minimum of regulatory requirements rather than addressing the real objective behind them: protecting vessels, assets and people.

The focus has mostly been on meeting the bare minimum, rather than achieving the real goal behind it, which is the actual protection of your vessel, your asset and the people in the industry,

…he said.
This mindset, he warned, limits the industry’s ability to build stronger cyber resilience. Regulations remain important, but they should not be seen only through the lens of avoiding penalties.
“We need a shift in our mindset,” Son emphasized.

Regulations will always be important, but regulatory compliance should not be based on fear of penalty.

Incentives to accelerate cyber resilience
If one change could be introduced to improve cyber hygiene and resilience across shipping, Son pointed to an industry-wide incentive programme. Such a programme would reward stakeholders that act faster and more proactively in adopting new cybersecurity technologies and practices.
“If I could change one thing tomorrow for the maritime industry, I would introduce an industry-wide incentive program that rewards stakeholders who act fast and proactively in adopting new technologies and cybersecurity practices,” he said.
Possible measures could include cybersecurity rating systems, insurance premium reductions or port fast-track programmes for companies that demonstrate stronger cyber resilience.
“It could be a cybersecurity rating system, insurance premium reduction, or port fast-track programs,” he suggested.
Rather than focusing only on penalizing those who fail to comply, the industry should also encourage those that move early and take proactive action. This, Son concluded, could help accelerate adoption and strengthen cyber resilience across a sector where coordinated change remains difficult.
Explore more by watching the video interview below