Enhancing Cybersecurity in Finnish Cruise Shipbuilding: Meyer Turku's Digital and Operational Resilience

Abstract

This thesis examines cybersecurity in the Finnish shipbuilding industry, focusing on Meyer Turku and its cruise ship outfitting process. It explores key cybersecurity challenges such as unauthorized access, data breaches, and the growing complexity of digital systems in shipbuilding. The study applies the CIA triad principles (Confidentiality, Integrity, and Availability) to assess their role in securing both digital and physical operations at the shipyard. The significance of this research lies in the rapidly evolving cybersecurity landscape of the maritime industry where the protection of sensitive design, operational, and contractual data is critical for operational efficiency, maintaining customer trust and regulatory compliance. Stakeholder management, including the roles of subcontractors and turnkey contractors, is highlighted as a key part in addressing cybersecurity risks. A mixed-methods survey was conducted to understand how Meyer Turku employees and external stakeholders perceive cybersecurity, their awareness levels, and existing challenges. The results highlight gaps in cybersecurity training and differences in stakeholder priorities, offering insights into areas needing improvement. Based on these findings, the study proposes practical recommendations such as role-based training, secure data-sharing protocols, and collaborative audits. These measures aim to strengthen cybersecurity strategies within Meyer Turku’s stakeholder network while contributing to broader discussions on maritime cybersecurity resilience.