Managing Security Risks at Sea: A Challenge for the Shipping Industry

Hans Liwång, (Swedish Defence University), Karl Sörenson (Swedish Defence University) and Cecilia Österman (Linnaeus University)

Cross_ocean_big_ship_strandedShip security measures are often the first and only measures preventing criminal acts at sea. At the same time ship operators have had problems defending the quality of their ship security analysis when it is challenged. Ship security management is today prescribed to be risk-based which has two objectives: to effectively reduce the security risk to acceptable levels, and to create a security culture in the organization that supports effective ship operation on an everyday basis. Handling the organizational culture is especially challenging because of the subjective nature of risk perception. Another challenge is that risk analysis often suffers from a too narrow perspective when it comes to identifying threat, hazards and consequences. In a recently published article in the WMU Journal of Maritime Affairs, the authors identify challenges for ship operators when preparing for security threats. The study investigated the methodology for risk analysis. It focuses on two central aspects: understanding the threat and understanding how a security threat can affect the crew and operation of the ship. These two areas were chosen because they are not assumed to be a natural part of a ship operator’s organizational knowledge although they are crucial for successful risk mitigation.

Maritime risk-based approaches

Approaches for ship security outlined in the International Ship and Port Security (ISPS) code and Best Management Practices for Protection against Somalia Based Piracy (BMP4) for ship security are risk-based. The results of a risk analysis must always be weighed against risk tolerability levels as well as other operational parameters, such as financial considerations, requested reliability and possible operational gain. Generally, higher risks are tolerable if the possible operational gain is high.

The risk based approach for ship security is limited in respect to descriptions on how the analysis should be performed and on how adequate quality can be achieved. The challenges in respect to the security risk management process are therefore

  • the process is applied to an area (security) for which risk management is not as tested and there are relatively few tools developed aiding the ship operator in the analysis,
  • in comparison to safety risk management, the statistics on relevant phenomena is limited,
  • there are no specific risk acceptance criteria for maritime security risks, and
  • there is no discussion on how to define and achieve sufficient quality in the analysis.


The complexity of the maritime security environment

In order to understand the complexity of the maritime security environment, the study uses the waters around the African continent to describe how security threats can be viewed in relation to security and political conditions on land as well as international political agendas. While piracy, smuggling and trafficking have been realities for the African coastal communities for a long time during the last decade, they have resurfaced on an international level bringing in new actors and alerting international stakeholders. Consequently, there is a gap between local demands and international priorities.

With regard to extent and costs, Somali piracy has been the main maritime security challenges in Eastern Africa. However, viewed as an illegal activity taking place in the Eastern African region, piracy is but one among many threats that affect the effectiveness of the ship operator’s security measures. Smuggling, illegal fishing and waste dumping all occur to some extent in the waters off the coast of Eastern Africa and will have a direct or indirect impact on ship security. Many of the problems found in Eastern African waters can also be located along the West and Central African coasts where piracy has been and remains an issue. However, piracy off West Africa poses a more a diverse challenge to ship operators since its causes are to some extent the communication of grievance and frustration, as well as to make fiscal gains.

African security challenges are in sum characterized by:

  • heterogeneity: there are many different activities that can affect ship security, such as piracy, smuggling, trafficking, illegal fishing and antagonistic threats,
  • variability: while some activities pose a direct threat to the shipping community, such as piracy, others are part of the general maritime picture, such as smuggling, which create a threatening environment, and
  • diversity: while one area can unambiguously suffer one of the listed problem, in an adjacent area there can be other types of challenges.

There is also a variety of activities aimed at addressing those very problems which the individual ship operator also need to be aware of, such as:

  • the presence of security forces, such as a convoy, an ongoing police raid in the harbor or a naval exercise, may all impact on the planning of a route,
  • failing to adhere to the counter-piracy operations recommendations and, while transiting, to communicate with such an operation may expose one even more to a piracy attack.


Understanding the crews’ role in security efforts

The crew is one of the most important contributory aspects to the causation of safety incidents. Interviews with ship operators show that the most important driver for implementing security measures is the crew’s perception of security. It is therefore important to understand the situation onboard and how the perception of security risks affects the crew in terms of health, well-being and performance. However, there are extensive gaps in the literature regarding the effects of security threats such as piracy on the health and performance of the crew.

In order to implement security changes correctly it is vital that both management and crew are well trained and adhere to sound processes. In this context human factors research is essential for understanding these needs.

Hence, in order to analyse and implement ship security management effectively in terms of operator health and performance, ship operators face three major challenges:

  • in order to capture the security performance of the organization, the risk analysis must include the state on board with regard to education and training, coping strategies, usability of technical and administrative systems, and systems for providing for both seafarer and family,
  • it is crucial for success of implementation of safety and security routines that the implementation includes all levels of the organization, and
  • the security management must be committed and sound in respect to human factors on board.


Implications for security management

An effective and successful security risk management process poses many challenges to the ship operator. This is a result of the lack of guidance in combination with a complex and diverse situations beyond the control of the ship operator. While the analysis is prescribed to be risk-based, the process of the analysis itself is ungoverned. There is a lack of explicit discussion on how the ship operator could:

  • estimate how different threats (and other external aspects) interact with the crew’s risk perception (and resulting effectiveness) in order to assess the utility of different control options, and
  • estimate and validate probability approximations, especially given the tight coupling between the threat’s intent, the crew’s preparedness and the chosen controls.

Changes in safety risks are often a result of changes by the ship operator or in the onboard environment. However, for security risks the situation can change dramatically even though there are no changes in the ship operation. As a result the ship security management process is highly iterative and depends on situations both on board and beyond the ship operator’s control. There are also interdependencies between the processes, the situation on board and the political, economic and social situation in the areas transited and visited. Ship security management is, however, not insurmountable, but in order to make it manageable and effective there has to be a focus on the critical aspects stated below.

In the risk assessment the ship operator must put particular focus on:

  • methodological understanding beyond what is described in the guidelines, especially in relation to how to achieve an output that is valid and effective,
  • collecting relevant system understanding from a relevant combination of experts with knowledge about the particular external conditions (such as threats and their respective incentives as well as security initiatives) and internal conditions (such as education, training and usability of technical and administrative systems), but also about how the external and internal conditions interact, and
  • using well defined and communicated risk acceptance criteria that also include stressors to the crew and are based on a sound understanding on human factors.

In the risk reduction and control the ship operator must put particular focus on:

  • inclusion of all levels of the organization in the risk reduction implementation based on a human factors understanding,
  • continuous and broad awareness when monitoring different activities that can directly or indirectly affect ship security, and
  • the necessity to flexibly adapt countermeasures accordingly during the voyage.

While the understanding of safety (hazard-based) risks may come from objective historical accident statistics, the security (threat-based) risks must rely on expert judgements based on knowledge and experience as well as objective data. The process is complicated in that the link between consequences, evaluation criteria, risk control measures and crew preparedness is strong, but not intuitive.


Further readings

Liwång, H. (2015). Survivability of an ocean patrol vessel – Analysis approach and uncertainty treatment. Marine Structures, 43, 1-21.

Liwång, H., Ericson, M. & Bang, M. (2014). An examination of the implementation of risk based approaches in military operations. Journal of Military Studies, 5(2), 1-27.

Österman, C. & Rose, L. (2015). Assessing financial impact of maritime ergonomics on company level: a case study . Maritime Policy & Management.

Liwång, H., Sörenson, K., & Österman, C. (2015). Ship security challenges in high risk areas: Manageable or insurmountable? WMU Journal of Maritime Affairs.

Liwång, H., Ringsberg, J. W. & Norsell, M. (2013). Quantitative risk analysis: Ship security analysis for effective risk control options. Safety Science, 58, 98-112.

Sörenson, K. & Widen, J.J. (2014). Irregular Warfare and Tactical Changes: The Case of Somali Piracy. Terrorism and Political Violence, 26(3).


About the authors

Hans Liwång, is a lecturer the Swedish Defence University, Military Technology Division. Hans Liwång holds a Ph.D. in Shipping and Marine Technology from Chalmers University of Technology and a Master of Science in Naval Architecture from the Royal Institute of Technology. His research is on maritime security and ship survivability. More from Hans Liwång can be found on the blog Risky business at sea. He can be contacted at

Karl Sörenson is a researcher at the Swedish Defence University, War Studies Division and a PhD-candidate at the Royal Institute of Technology (KTH), Department of Philosophy. Karl Sörenson holds a Maîtrise in Philosophy from Sorbonne University in Paris, France, and a Master in Computer Sciences at the Royal Institute of Technology/Stockholm University, Stockholm, Sweden. His research is on decision and epistemological perspectives of asymmetric conflicts. He can be contacted at

Cecilia Österman is a senior lecturer in maritime science at the Kalmar Maritime Academy at Linnaeus University. Cecilia Österman holds a Ph.D. in Shipping and Marine Technology from Chalmers University of Technology and a Master of Science in Ergonomics from Linköping University. She has held positions such as HSEQ specialist, work environment inspector, 1st Engineer and safety engineer within the maritime industry and Swedish government. Her research is on ergonomics and human factors. She can be contacted at