Guardian360
Start free trial
← All posts

Cybersecurity

Why the shipping industry can no longer afford to ignore digital threats

By Jan Martijn Broekhof ·

The era of disconnected seas is over. A recent white paper by CYTUR Inc. paints a stark picture: “maritime cyber incidents surged by 103% in 2025, jumping from 408 to 828 recorded cases.” As ships become smarter and more connected, the attack surface has expanded dramatically — and the consequences now go far beyond data loss.

From data theft to physical destruction

What makes maritime cyber threats uniquely dangerous is their potential for real-world, physical impact. The threat landscape has evolved along two primary axes: direct attacks aimed at seizing physical control of vessels, and supply chain attacks designed to paralyze the broader maritime ecosystem.

DDoS attacks topped the charts with 386 incidents, closely followed by ransomware at 372. But the most alarming development is the rise of cyber-physical attacks — where digital breaches translate directly into navigational failures, collisions, or groundings.

The attacks that should keep you up at night

Several incidents from 2025 illustrate just how serious this has become.

VSAT satellite communication shutdown

In two waves (March and August 2025), the hacking group Lab Dookhtegan targeted Iranian VSAT satellite communication systems, effectively cutting off approximately 180 vessels from all shore-based communication. The attackers exploited a single satellite service provider to gain simultaneous access to dozens of ships — demonstrating the devastating “Single Point of Failure” risk inherent in maritime communications.

FURUNO Electric ransomware attack

In October 2025, FURUNO Electric — one of the world’s leading manufacturers of maritime navigation equipment including radar, ECDIS, and voyage data recorders — fell victim to a ransomware attack by the Rhysida group. The ripple effects were global: equipment maintenance, emergency software updates, and spare parts supply were all suspended, creating a safety vacuum for fleets worldwide.

Port of Antwerp-Bruges under siege

The Port of Antwerp-Bruges, Europe’s second-largest port, faced an intensive cyberattack attributed to APT28 (Fancy Bear) in the first half of 2025. A combined DDoS and infiltration campaign paralyzed the Terminal Operating System, stranding thousands of trucks and dozens of vessels.

These are not isolated incidents. They represent a systemic shift in how adversaries — both state-sponsored and criminal — target maritime infrastructure.

Regional threat dynamics

The nature of maritime cyber threats varies significantly by region, shaped by geopolitical tensions and economic interests.

In the Strait of Hormuz and Persian Gulf, GPS spoofing is being weaponized against oil tankers, manipulating vessel positions to create pretexts for seizure. In Asia’s Strait of Malacca, “cyber pirates” hack into shipping networks to identify high-value cargo with surgical precision. Across the Baltic and Black Sea, electronic interference has become a daily reality — with over 1,000 vessels per day affected by signal disruption in the Red Sea alone. And at major hub ports like Rotterdam, Los Angeles, and Busan, ransomware targeting Terminal Operating Systems can trigger bottlenecks across the entire global supply chain.

What 2026 holds: AI agents, supply chain pivots, and regulatory pressure

The outlook for 2026 introduces several escalating risks.

AI-driven autonomous attacks are becoming reality. As demonstrated by the China-linked group GTG-1002 in 2025, “AI agents can now perform up to 90% of the attack lifecycle — from vulnerability analysis to data exfiltration — without human intervention.” This dramatically lowers the barrier to entry for sophisticated attacks.

Attackers are increasingly targeting supply chain “choke points” rather than individual vessels. Telecommunication providers, OEM equipment manufacturers, and software update channels are becoming the preferred entry points — one compromised provider can infect thousands of vessels simultaneously.

Meanwhile, regulatory pressure is intensifying. With IACS UR E26/E27 now fully in force, cybersecurity has become a fundamental prerequisite for vessel delivery and operation. 2026 marks the transition from paper compliance to practical verification — cybersecurity is no longer a checkbox but a “License to Sail.”

Five priorities for maritime organizations

  1. Adopt Maritime-Specific Cyber Threat Intelligence (MCTI). Generic IT-based threat intelligence cannot account for maritime-specific protocols (NMEA, AIS), satellite communication constraints, or the unique OT environments found on vessels. Organizations need intelligence that speaks the language of the sea.

  2. Implement threat modeling across the vessel lifecycle. From design to decommissioning, every IT and OT asset must be mapped, and potential attack vectors must be simulated — particularly for high-risk assets with external connectivity such as autonomous navigation systems and remote maintenance channels.

  3. Conduct regular security testing. Mandatory penetration testing before delivery for newbuilds, and vulnerability scanning plus satellite communication security audits at least annually for vessels in service. Human factors — crew errors, unauthorized USB usage — must be part of the testing scope.

  4. Establish a Cyber Security Management System (CSMS). Based on international standards like ISO/IEC 27001 or the NIST Framework, with maritime-specific adaptations. Shipyards should prioritize protecting engineering blueprints and production line OT systems; shipping lines need fleet-wide remote monitoring and incident response capabilities.

  5. Strengthen supply chain security. Every piece of software and hardware installed on a vessel must be supplied in a security-verified state. Equipment manufacturers must provide Software Bills of Materials (SBOMs) and embed security throughout the product development lifecycle, in compliance with IACS UR E27.

The bottom line

Maritime cybersecurity has evolved from a technical IT concern to a matter of physical safety, national security, and global supply chain resilience. The data is unambiguous: threats are doubling year over year, attacks are becoming more sophisticated through AI automation, and the consequences of inaction now include loss of vessel control, environmental disasters, and supply chain paralysis.

The maritime industry must embrace three core transformations: maritime-specific intelligence, security by design, and a genuine focus on cyber resilience — the ability to anticipate, withstand, and rapidly recover from attacks.

The question is no longer whether your organization will face a maritime cyber threat. It’s whether you’ll be prepared when it happens.

This article is based on findings from the Maritime Cyber Threat White Paper 2026, published by CYTUR Inc. on February 19, 2026.