CSL reported zero cyber security leaks, thefts or data losses in 2025 while expanding cyber training, third-party risk controls and a Zero-Trust architecture across its fleet and shore operations. The Canadian shipowner is also tightening governance around artificial intelligence as digital tools play a bigger role in vessel operations and business systems.
Canadian shipowner CSL Group reported zero cyber security leaks, thefts or losses of data in 2025 as it stepped up investment in Zero-Trust architecture, responsible artificial intelligence governance and cyber resilience across its fleet and shore organisation. The company also recorded two substantiated privacy complaints during the year but said no data breaches were identified.
The update forms part of CSL’s 2025 Sustainability Report, which places cyber security alongside ethics, compliance and responsible sourcing as core governance priorities for the business. The report states that digital systems now support vessel monitoring, scheduling and operational decision making, making cyber resilience a business issue as well as an IT responsibility.
CSL said employee awareness remains one of its primary safeguards. Mandatory cyber security training is provided to new ship and shore staff, while quarterly phishing simulations test how employees respond to real-world attack scenarios. During 2025, 94% of shore employees and 68% of shipboard personnel completed cyber security training.
“We continue to prioritize safety, invest in our people and strengthen partnerships with our customers – advancing inclusion, improving career pathways, and developing lower-carbon, more efficient supply chain solutions,” Louis Martel, President and Chief Executive Officer at CSL.
The company also tightened oversight of suppliers by expanding its third-party cyber security assessments and introducing a centralised register that assigns a cyber risk score to each supplier. CSL said the process provides greater visibility into supply chain exposure and helps identify higher-risk relationships before they affect operations.
Artificial intelligence also received closer scrutiny during the year. CSL said every AI system is reviewed against privacy requirements, internal standards and ethical guidelines before deployment. Employees also receive dedicated training on responsible AI use, with attention given to privacy, data minimisation, transparency and accountability.
“As the use of AI expands across CSL, we have strengthened oversight to ensure privacy and ethical principles are embedded throughout the evaluation, deployment, and use of AI tools. All AI systems are subject to enhanced review processes designed to confirm alignment with applicable privacy laws, internal standards, and ethical guidelines. We also provide targeted training on responsible AI use, reinforcing privacy, data minimization, transparency, and accountability alongside our broader privacy and cyber security programs,” the report states.
CSL is adopting a Zero-Trust architecture that restricts communication between devices and approved systems across its digital environment, including vessels, servers, onboard sensors and third-party equipment. The company said documenting and monitoring those connections will help detect unusual activity more quickly while strengthening operational resilience. It is also preparing an Identity Governance and Administration programme planned for deployment during 2026 and 2027 to tighten control over access to critical systems and data.
Tags: Bulk
