Maritime systems face escalating cybersecurity threats, yet empirical research remains severely constrained by operational heterogeneity, regulatory fragmentation, and deep interconnectivity. To address this gap, this study adopts a seafarer-centric approach, conducting surveys and in-depth interviews with 21 senior maritime officers, followed by thematic coding analysis. It presents the first empirically grounded, seafarer-derived taxonomy of maritime cyber threats—identifying six high-frequency onboard threat categories, including GPS spoofing and logistics ransomware. The analysis further uncovers systemic human-factor risks: misaligned training, absence of effective detection tools, and weak security awareness. Based on these findings, the study proposes an operationally oriented improvement framework integrating training, incident response, and cross-jurisdictional regulatory coordination, yielding 12 actionable recommendations. This work provides critical empirical evidence to inform policy development by international regulatory bodies, notably the International Maritime Organization (IMO).

Maritime systems, including ships and ports, are critical components of global infrastructure, essential for transporting over 80% of the world's goods and supporting internet connectivity. However, these systems face growing cybersecurity threats, as shown by recent attacks disrupting Maersk, one of the world's largest shipping companies, causing widespread impacts on international trade. The unique challenges of the maritime environment--such as diverse operational conditions, extensive physical access points, fragmented regulatory frameworks, and its deeply interconnected structure--require maritime-specific cybersecurity research. Despite the sector's importance, maritime cybersecurity remains underexplored, leaving significant gaps in understanding its challenges and risks. To address these gaps, we investigate how maritime system operators perceive and navigate cybersecurity challenges within this complex landscape. We conducted a user study comprising surveys and semi-structured interviews with 21 officer-level mariners. Participants reported direct experiences with shipboard cyber-attacks, including GPS spoofing and logistics-disrupting ransomware, demonstrating the real-world impact of these threats. Our findings reveal systemic and human-centric issues, such as training poorly aligned with maritime needs, insufficient detection and response tools, and serious gaps in mariners'cybersecurity understanding. Our contributions include a categorization of threats identified by mariners and recommendations for improving maritime security, including better training, response protocols, and regulation. These insights aim to guide future research and policy to strengthen the resilience of maritime systems.