Piracy can lead to risks so high that they, according to the International Maritime Organization, are tolerable only if risk reduction is not practicable or is disproportionate to the benefits achieved. Therefore, there is a need for reducing ship security risks in relation to antagonistic threats such as piracy.The aim of this study is to identify challenges for ship operators when developing their ship security management. Furthermore, this study also investigates two central aspects in the analysis; understanding the threat and understanding how a security threat affects the crew and operation of the ship.It is clear from the analysis that the importance of subjective aspects beyond a ship operators' direct control is high. This seems to be the fact for all aspects of the risk management process. The situation is also dynamic as the security risk, as well as the risk perception, can change dramatically even though there are no actual operational changes. As a result, the ship security management process is highly iterative and depends on situations on board as well as conditions out of the ship operator's control.In order to make ship security manageable the risk management has to put particular focus on methodological understanding, relevant system understanding and well defined risk acceptance criteria as well as on including all levels of the organization in the risk reduction implementation and on a continuous monitoring.