To address the delayed detection of cyberattacks and the lack of systematic reviews in maritime IT/OT convergence environments, this study conducts a Systematic Literature Review (SLR) following the PRISMA protocol, synthesizing relevant research from 2010 to 2023. Leveraging bibliometric analysis, thematic clustering, and taxonomy development, it establishes— for the first time—the first comprehensive classification framework for maritime cybersecurity monitoring research. The analysis identifies six critical gaps, including insufficient publicly available datasets and inconsistent evaluation metrics, while mapping prevailing technical approaches and tracing thematic evolution. This work fills a significant scholarly void by providing a rigorous theoretical foundation and practical guidance for designing monitoring architectures, selecting algorithms, and standardizing evaluation methodologies in maritime OT/IT integrated environments.

In recent years, many cyber incidents have occurred in the maritime sector, targeting the information technology (IT) and operational technology (OT) infrastructure. One of the key approaches for handling cyber incidents is cyber security monitoring, which aims at timely detection of cyber attacks with automated methods. Although several literature review papers have been published in the field of maritime cyber security, none of the previous studies has focused on cyber security monitoring. The current paper addresses this research gap and surveys the methods, algorithms, tools and architectures used for cyber security monitoring in the maritime sector. For the survey, a systematic literature review of cyber security monitoring studies is conducted following the Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) protocol. The first contribution of this paper is the bibliometric analysis of related literature and the identification of the main research themes in previous works. For that purpose, the paper presents a taxonomy for existing studies which highlights the main properties of maritime cyber security monitoring research. The second contribution of this paper is an in-depth analysis of previous works and the identification of research gaps and limitations in existing literature. The gaps and limitations include several dataset and evaluation issues and a number of understudied research topics. Based on these findings, the paper outlines future research directions for cyber security monitoring in the maritime field.