Maritime Security Consulting

Security Assessment

Security assessments are in-depth technical reviews of an organization’s security posture, policies, processes and technology/systems Security assessments use the knowledge and expertise of the assessor to categorise and classify findings and identify improvements and recommendations based on industry best practices and standards.

The output from a security audit is normally a prioritised list of recommendations and improvements to be implemented in order to be better prepared against cyber threats.

Penetration Testing

Penetration testing is a systematic process of identifying, assessing and exploiting vulnerabilities in applications, systems and networks. It is a controlled form of hacking in order to to find weaknesses and vulnerabilities that that cyber criminals can exploit.

The output from an penetration testing is a report of identified vulnerabilities, including a prioritised list of recommendations and improvements to be implemented in order to be better prepared against cyber threats.

Security Audit & Review

Security audits measure the organisation against applicable regulations and requirements. A security audit will review the policies, guidelines and processes that are implemented in order to establish how well the organisation complies with the applicable regulations. Conducting security audits are not only important, but also very effective in order to identify and mitigate any issues within your company’s policies, guidelines and procedures.

Security audits are an effective way to measure compliance with regulatory requirements and identify  and mitigate weaknesses in order to be better prepared against potential cyber threats.

GAP Analysis

An Information security GAP analysis presents a comparison of the current state security posture compared to a desired target state based on the laws and regulations applicable to the  organisation. The analysis will identify the organisation’s cyber security risks, advise where to focus the budget, and to prioritise projects and tasks that will raise the organisation’s cyber security.

The GAP analysis recommendations will improve the level of cyber security maturity in the organisation.

Project Management & Advisory

Project management and advisory services help maritime organisations to establish IT governance framework, developing policies and processes and advising on people, processes and technologies.

We help with security technology implementation projects, investment recommendations and advice, compliance planning and implementation (IMO, BIMCO, GDPR,, PCI-DSS, NIS) and general advisory about anything regarding security, privacy or compliance in maritime environments.


Training and cyber security awareness is crucial to the whole organisation.  

Deductive Labs assists with training programs, seminars and workshops for the complete organisation – from on-board personnel, office and port, to company management, and OT and IT departments.

We know the Maritime Business

The Maritime business is facing huge challenges with managing Cyber Security in their environments. The maritime regulator, International Maritime Organization IMO, has identified these challenges in their efforts to regulate the maritime environment and has updated their regulations and guidelines to include cyber risk management onboard ships mandatory as of 1 January 2021.

Maritime organisations need to assess risks in both traditional information technology(IT) and Operational Technology(OT) environments in order to establish appropriate controls against cyber security incidents. In many cases, IT and OT is managed by different teams without established standards, shared knowledge and minimal collaboration, leaving IT uninformed about the OT technologies on ships and OT uninformed about the cyber threats and risks in traditional IT environments. Deductive Labs has the knowledge and experience that can help bridge the gap between IT and OT, aligning the areas with business goals, operational processes and security requirements.

Deductive Labs provide our customers with professional security services in order to improve their cyber security posture and fulfil current and upcoming requirements and regulations.

We combine our security- and penetration testing methodologies with our 15+ years of security knowledge and experience. Penetration testing methodology based on industry best practices from PTES standard, OWASP Testing Guide. ISO27001, IEC 62443, NIST Cyber Security Framework as information Security frameworks.

Read More

Trusted by important players

A personal and professional commitment to our customers is at the heart of our engagements, with focus on trust, responsiveness and quality in our work. Our business is based on our local markets. Services are geographically independent and delivered globally.

Marcus Björk, Deductive Labs CEO.