At TYREX, our historical verticals are defense, energy, pharma, and transportation. And within transportation, the cruise industry holds a special place. It is probably the industry that fires us up the most.
A few weeks ago, we were exhibitors at Sea Trade Cruise Global, in Miami, one of the world’s biggest gatherings for the cruise industry, a sector that today represents more than 70 billion in annual revenue.
The occasion gave us — Christophe and Gérard — a chance to sit down and talk shop about cybersecurity in this ecosystem: the what, the why, the how. Tyrex’s positioning in a market that’s slowly maturing. And, off the record, our impressions of the show itself.
8 Takeaways (+1 Bonus)
1. USB Decontamination Stations on a Cruise Ship? Really?
The first thing Christophe insists on: onboard a cruise ship, there are two completely separate networks.
Gérard nods immediately and adds:
“On one side, the hospitality network: cabin Wi-Fi, Netflix, entertainment, guest experience management. ‘A floating Marriott, basically,’ Christophe sums it up. On the other, the network that literally moves the ship forward: engines, propellers, thrusters, navigation, boilers, HVAC, locks, alarms.”
The distinction is critical, and both founders take their time spelling it out.
“If a cabin loses Netflix, it’s annoying for the passenger but the ship keeps moving. If, on the other hand, the thruster goes down because of a virus, now we have a real problem.”
Tyrex operates exclusively on that second network, the operational network.
That said, Gérard wants to be clear: there is cyber risk on the hospitality side too, but it’s not Tyrex’s main focus.
Where does ‘tech & cyber’ fit on a cruise ship?
To properly situate Tyrex’s role in the ecosystem, Gérard offers a simple breakdown. The maritime industry boils down to two big pieces:
- The ship’s infrastructure on one side: construction, fittings, shipbuilders, equipment makers.
- The ports on the other, with their services and usage contracts.
Christophe completes the thought: within shipbuilding, the tech component has quietly become strategic in recent years. That’s exactly where Tyrex sits.
And their pitch boils down to a single sentence, he says with a smile:
“You invested a billion dollars to build your ship. Are you really going to skimp on a $15,000 station to secure all that?”
Posed like that, Gérard concludes, the math is unbeatable, isn’t it?
Our day job is making sure the question gets heard.
2. USB Scanning Kiosks vs. EDR: Still a Real Debate — Even in Maritime
On RFPs, Tyrex always runs into the same two families of competitors: a specialized player operating in the same space, and above all the EDR vendors — Endpoint Detection and Response — and traditional antivirus.
And that’s exactly where, Christophe and Gérard explain in unison, their whole pedagogical battle plays out.
Because an EDR, fundamentally, doesn’t address the same problem as Tyrex. It’s complementary, but not equivalent..
A TYREX station scans and disinfects USB devices before they’re plugged into anything. An EDR only sees the threat once a file is already executing on the endpoint.
One controls the moment a drive enters the perimeter; the other watches what happens inside. They sit at different layers, and in the air-gapped OT environments where EDRs can’t reach the cloud, that distinction becomes harder still to argue against.
The textbook illustration is an episode involving one of the global cruise industry’s heavyweights..
Two years ago, this player turned them down. The cyber lead told them, full of confidence:
“I have an EDR, I’m fine, I won’t have a problem.”
Gérard takes the thought further: the day the incident hits, the conclusion will be immediate — “our protection wasn’t the right one” — and it’ll be too late.
When Christophe is asked which client profile actually deploys Tyrex’s decontamination stations, his answer is simple:
“It’s not so much the ones who tried an EDR and failed. It’s mostly those who understood upfront that an EDR alone doesn’t cover certain attack vectors — typically, the physical USB. Tyrex’s role is to get that message across before the incident, not after.”
3. Onboard Tech on a Cruise Ship: a Genuine Floating Data Center
When you say “tech” on a ship, the general public thinks first of passenger connectivity.
For Gérard, that’s missing the point. People often fail to understand what’s happening under the hood. Everything, and we mean everything, runs on computer systems: boilers, propellers, propulsion, HVAC, navigation, cabin management, locks, alarms.
“A modern ship is a genuine onboard data center, with a central server room. And that’s exactly where Tyrex steps in.”
The reminder they systematically drop on their interlocutors
You invested billions. You have protected installations, complex architectures. And it takes one USB key plugged into the wrong place to bring all that down.
This isn’t science fiction, Christophe concludes. It’s documented. And it happens.
#DoNotTrustUnknownUSBDevice
4. How Will the Maritime Industry Face Evolving AI and Cybersecurity Threats?
We were asked the question several times during the show: how do they see this industry evolving in the face of the AI wave, on the cyber front?
Honestly, Christophe prefers to stay cautious.
His expertise in the maritime world covers a very specific area.
As Gérard puts it, a ship is a city — you can’t take a position on everything. Cargo loading and unloading, data optimization: that’s simply not their line of work. — that’s just not their job.
But within their own remit, the picture is crystal clear:
“For TYREX, a ship is a piece of industrial infrastructure that happens to float — and industrial infrastructure is what they secure.”
The real stake, they mention in unison, isn’t AI so much. It’s regulation.
The fix: more cyber regulation in maritime
And that’s where maritime is structurally behind.
Why?
Because there simply isn’t, in maritime, a regulatory authority as strong as ICAO is in aviation. There’s IMO — the International Maritime Organization — but it produces only non-binding recommendations. No one is required to follow them.
And that’s precisely the problem.
Insurers and ports: the real enforcement arm
If official regulation isn’t enough, what’s actually going to force change? Gérard’s answer is unambiguous: the insurers.
Their position, as he sums it up, is clear:
“You don’t want to align? Fine. We’ll just say that we won’t secure your ship, with a billion in cargo on board, if it doesn’t reach a certain cybersecurity threshold.”
Same mechanism on the ports side, Christophe extends: we already see port authorities setting their conditions. Your ship carries 4,000 people? If it isn’t at the expected cyber level, it doesn’t dock. Because a compromised vessel is a direct risk to the port hosting it.
The pivotal date to keep in mind in France, Gérard points out: February 2025.
All ships built worldwide from that date forward, if they want to be insured by the major players — AXA and the others — will have to meet a series of cybersecurity criteria.
For both founders, that’s a real turning point.
When do we get equivalent provisions in the United States?
5. Flags of Convenience: THE Structural Brake on Maritime Cybersecurity
Christophe points out the elephant in the room: there’s a maritime quirk holding all of this back. Gérard picks it up without hesitation — flags of convenience.
It exists nowhere else. Certainly not like this.
He takes a moment to explain.
In aviation, you have blacklists: airlines that aren’t allowed to fly or land in certain airspaces. In maritime, it’s the exact opposite — shipowners go shopping for countries with weaker regulation and keep sailing the world under that flag.
These, he says, are floating risk bombs.
For Christophe, that’s precisely what blocks the industry’s evolution.
Otherwise, fundamentally, there’s no reason a ship carrying 7,000 people should be less demanding on cybersecurity than a Boeing — the technical complexity is comparable.
So what will actually move the lines?
As in every industry, sadly, there’ll be two or three major accidents. At some point, the ecosystem just can’t absorb the risk anymore. Today, they conclude, we can take some comfort: there hasn’t been a major, headline-grabbing incident.
But we know one is coming. Alas, it’s just a matter of time.
6. How Mature is Maritime Cyber Compared to Other Industries?
Gérard puts the question to Christophe head-on: if we ranked all the industries Tyrex operates in, which would be the most mature on cyber?
On the European side, the answer comes without hesitation.
By a long shot — defense. Both buyers (government bodies) and suppliers.
Then finance, at a very high level of protection.
Then the energy industries broadly speaking: gas, nuclear, oil, electricity.
And transport?
Christophe ranks them with a sharp internal hierarchy: aviation way out front, then rail, then automotive. And right at the bottom — really the bottom — maritime.
On the U.S. side, Gérard takes over:
“Same ranking exactly. With one notable difference: pharma. That sector is actually very aware of cyber risks and treats them actively.”
More broadly, Gérard adds, all manufacturing industries know they’re targets, and they operate accordingly.
Shared conclusion from both founders: maritime sits at the bottom of the transport ranking.
And that’s precisely why there’s everything left to do.
7. IT vs. OT: Why USB Stays Critical in a Maritime Environment
One last point we absolutely have to spell out, Christophe insists: why does USB remain a hot topic in maritime when it’s nearly disappeared in finance? For Gérard, the answer fits in two letters: OT. Or more precisely: IT vs. OT — Information Technology versus Operational Technology.
Clients buying Tyrex have OT budgets. That’s essential to grasp. IT, everyone knows: office productivity, business servers, applications. OT is a different world — different teams, different budgets, different logics. We’re talking physical systems: production lines, engines, thrusters.
And the big difference, Christophe explains, is that an OT environment can’t be tested virtually. You can’t buy a second production line just to run tests. It’s too expensive. It’s often physically impossible. In finance, conversely, everything is virtualized: Citrix, remote environments, virtual desktops. When they want to simulate an incident, they spin up a virtual trading room and run their tests. On a ship? Just impossible.
“Or it’s a billion dollars to run tests,” Gérard slips in.
That impossibility of virtualization, Christophe concludes, is exactly what creates the durable need for a solution like Tyrex in maritime. USB is still in use because there’s no alternative for intervening directly on real equipment. So it has to be secured.
That’s Tyrex’s job, in one sentence.
Bonus — Off the record: what we thought of the Sea Trade format
Before wrapping up, Christophe suggests one last topic to Gérard, hotter off the press: the show itself.
Christophe, who has about twenty maritime shows under his belt — Greece, Denmark, Germany, France, Cyprus — lays out the observation:
“All these shows run more or less the same way: conferences and exhibitions intertwined, with a natural circulation effect between the two. Fifteen minutes before a conference, the announcement goes out, visitors head over. Twenty-minute break afterwards, coffee in the aisles, return to the stands — especially the sponsors. It’s a tested system.”
At Sea Trade, the organization is radically different: day 1 is reserved for conferences with the exhibition closed, then days 2 to 4 are dedicated to the exhibition, with no conferences. No bridge between the two.
The show is high quality. Its reputation is established.
But as exhibitors, we have plenty of suggestions that we have already flagged to the organizers in writing. Hopefully, they will take some of them on board for next year!.
And for 2027, they’re considering another approach: being speakers themselves, to take part both on the conference side and to capture the foot traffic on their stand.
In Conclusion
Maritime is lagging on cyber compared to other transport industries and especially compared to aviation.
The trigger for improved cybersecurity will probably come from insurers and ports before international regulators land their punch, with February 2025 as the first pivotal date for new builds.
Flags of convenience remain a structural brake.
And USB remains a key attack vector across the entire OT universe.
That leaves the equation simple: our stations represent barely 0.001% of the construction cost of a $1.3 billion vessel to help secure a major industrial asset, its operations, and its crew.
Posed like that, it’s convincing, don’t you think?
Now we just have to make it heard.
We’re working on it.
Actively.
