The maritime industry has seen remarkable progress towards digitalization and modernization over the past decade. But along with the benefits, the increased digital connectivity has brought a new set of cyber risks that span across both digital and physical domains.
According to a recent survey, one in five shipping companies experienced a cyber-attack at some point over the last two years, with nearly one-third of maritime professionals reporting a cyber intrusion in the past year – 31% in 2024, up from just 17% in 2023. Attacks ranged from ransomware crippling shipping lines, to sophisticated GPS spoofing that throws vessel navigation off course. The global importance of maritime cyber threats was also underscored during the United Nations Security Council’s high-level open debate on May 20, 2025, which focused on strengthening maritime security through international cooperation. The Council highlighted emerging technological threats, including cyberattacks and the malicious use of AI, as critical risks to international shipping, global trade stability, and the safety of seafarers and maritime infrastructure. The debate called for enhanced cooperation, information sharing, and coordinated international efforts to address these challenges.
While progress toward digitalization has been made, the escalation of cyber-attacks is also fueled by a perfect storm of outdated IT systems aboard many ships, the growing interconnection between corporate IT and operational technology (OT) on vessels and at ports, and the enormous financial and geopolitical value at stake.
In recent years, cyber threat actors have infiltrated shipping company networks, spoofed navigation signals, and even shut down port terminals, underscoring that cyber risks are no longer a theoretical concern but a clear and present danger to global trade. Maritime executives and security experts warn that as the industry undergoes rapid digitalization, from autonomous ships to “smart” ports, the cyber threat landscape in 2025 is more perilous than ever. Geopolitical tensions have further elevated risks, as state-affiliated hackers and military electronic warfare introduce new dangers to vessels operating in conflict-prone regions.
CYBER THREAT TRENDS AND PATTERNS
Recent data shows a mix of criminal and state-sponsored tactics targeting maritime operations:
Nearly half of the observed maritime cyber incidents in 2024 were linked to phishing schemes (48%), which often serve as an entry point for malware.
Over a third (36%) targeted operational technology (OT) such as navigation or engine control systems.
60% of vessel cyber incidents involve malware and in 77% of those cases, malware was introduced via infected USB sticks or similar removable media used by crew and contractors.
These patterns underscore that crew members, whether through malicious intent or unintentional mistakes, are frequently the vector for cyber incidents onboard vessels. At the same time, the overall volume of cyberattack attempts is rising, with security providers reporting a large increase in the number of cyber alerts related to cyber incidents on vessels.
Several headline-grabbing cyberattacks have exposed the maritime sector’s vulnerability to cyber security incidents in recent years. Perhaps the most infamous being the NotPetya malware attack of 2017, which crippled Maersk, the world’s largest container shipping line. The attack shut down Maersk’s global IT systems within minutes, leaving the company unable to identify cargo in its containers and forcing port operators to revert to manual, paper-based processes. Maersk staff resorted to WhatsApp messages and handwritten notes to keep goods moving. The disruption rippled across ports worldwide and ultimately cost Maersk up to USD 300 million in lost business and recovery expenses.
Not all cyber incidents make headlines, however, as some firms quietly pay ransoms or hide breaches. But the trend is unmistakable. Global port authorities report millions of intrusion attempts each month. The Port of Los Angeles, for example, now fends off some 40 million cyber attacks in a typical month, double the volume seen before the pandemic. These attacks, ranging from ransomware and malware to spear-phishing, largely originate from criminal gangs and even state-aligned hackers in Europe and Russia, according to the port executives. The motives vary from financial extortion to geopolitical disruption, but the message to maritime leaders is clear: cyber threats have arrived on the waterfront, and they are escalating.
GPS SPOOFING AND AIS MANIPULATION
Cyber threats are increasingly targeting the navigation and communication systems upon which maritime safety relies. Modern vessels depend on satellite-based positioning (GPS/GNSS), the Automatic Identification System (AIS), and electronic chart displays (ECDIS). These systems, once considered reliable, are proving alarmingly susceptible to interference.
In recent years, electronic warfare has become a feature of geopolitical conflicts, with civilian shipping caught in the crossfire. In late 2023, over 100 cargo ships suddenly appeared at Beirut airport on AIS tracking systems, an impossible scenario attributed to widespread GPS spoofing in the Eastern Mediterranean during the Israel–Hamas conflict. These disruptions not only compromise navigational safety but also erode trust in vessel-tracking systems vital to sanctions enforcement and smuggling detection.
Equally concerning is the manipulation of AIS data, which broadcasts a vessel’s identity, position and movement. Security researchers have demonstrated how attackers can create fake AIS messages, simulate “ghost ships,” or even hijack real ship transponders remotely. In one verified incident, phantom naval vessels were injected into European AIS feeds, mimicking NATO warships; a possible state-backed disinformation tactic. Such fabrications, while not always posing a direct collision risk, reflect a growing trend of information warfare at sea.
AUTOMATION AND IOT: NEW WEAK SPOTS ON SMART SHIPS AND PORTS
The maritime industry’s rapid adoption of smart technologies, from AI-enabled terminals to networked ship systems, brings undeniable efficiency. But it also increases exposure to cyber-attacks. Today’s vessels are essentially floating data centers, equipped with interconnected engines, bridge systems, navigation units, and crew networks. Onshore, smart ports deploy digital twins, automated cranes, IoT sensors, and real-time logistics platforms. These innovations come with risk. Ethical hackers have shown that shipboard systems often operate with default passwords shared across users, outdated software, and inadequate segmentation. In one demonstration, a researcher accessed a vessel’s satellite terminal (VSAT) remotely and reconfigured the ECDIS to subtly shift GPS coordinates. A minor offset in theory, but potentially catastrophic in narrow channels or poor visibility.
At ports, the story is similar. In 2023, state-sponsored groups reportedly planted covert malware in European cargo-handling equipment, aiming to exfiltrate data or enable future sabotage. With port ecosystems linked across shipping lines, customs, trucking and rail, a single compromised node can ripple through global supply chains. The increasing use of AI and automation for scheduling, routing, and maintenance introduces further concerns: if predictive algorithms are corrupted, critical workflows could be skewed, leading to cargo delays or misrouting.
SAFEGUARDING VESSELS FROM CYBER ATTACKS: BEST PRACTICES
Maritime organizations are increasingly aware that cyber risk needs to be managed as rigorously as safety or pollution risks. The International Maritime Organization (IMO) now requires cyber risk to be addressed in vessels’ safety management systems, and industry groups like The Baltic and International Maritime Council (BIMCO) have published guidelines on cybersecurity onboard ships.
To protect commercial vessels, operators should implement a layered approach that combines technology, process, and people-focused measures. Key best practices include:
- Crew Training and Awareness: Invest in regular cybersecurity training for both onboard crew and onshore support staff. Drills and tabletop exercises can help prepare for scenarios like navigation systems failure or ransomware lockdowns.
- Network Segmentation and Access Control: Separate the ship’s networks so that a breach in one zone (e.g. the crew Wi-Fi or administrative network) cannot easily spread to critical control systems. Also, limit remote connections into the vessel – and when remote access is needed for maintenance, use strong authentication (VPNs, multi-factor logins) to prevent unauthorized entry.
- Secure Handling of Removable Media: Implement strict policies for USB drives, CDs/DVDs, and laptops that connect to ship systems. Provide officially scanned and approved media for tasks like ECDIS chart updates or loading equipment firmware. Technicians and surveyors coming aboard with laptops or USB sticks should be required to virus-scan their devices (on a standalone computer) before connecting to ship networks.
- Maintain and Update Critical Systems: Apply security patches and software updates to all onboard systems whenever possible – especially navigation systems, communication gear, and PLCs that control engines or cargo machinery. Regular maintenance should include cyber maintenance; revoking unused user accounts, changing default passwords on equipment, and disabling unused services that could be pathways for attackers.
- Continuous Monitoring and Incident Response: Just as the bridge team maintains a 24/7 lookout for hazards, the company should maintain a digital lookout. This could mean using intrusion detection systems and network monitoring appliances onboard that alert the master or company IT department to suspicious activities. Some large fleet operators now contract maritime Security Operations Centers (SOCs) that watch vessel networks in real time and can advise crews if something odd is detected. Having an incident response plan is equally important – crews should know how to isolate infected systems, how to switch to manual backups if needed, and who to call on shore immediately.
- Defense Against Signal Interference: For vessels operating in regions prone to GPS jamming or spoofing, additional precautions are warranted. Mariners should not rely solely on one source of navigational data. Be aware of the signs of spoofing – if your AIS shows you on land or your GPS speed is implausible, assume something is wrong with the signal. Report such incidents to authorities. Consider carrying alternative navigation tools like inertial navigation or the capability to use eLoran if available as a backup. Ensuring bridge teams are trained to handle sudden loss of GPS will reduce panic and error if it happens unexpectedly.
- Follow Industry Guidelines and Share Information: Stay updated with the latest maritime cybersecurity guidelines. Resources such as the IMO guidelines on maritime cyber risk management, the BIMCO “Guidelines on Cyber Security Onboard Ships”, and classification society rules (e.g. ABS, DNV, Lloyd’s Register all issue cyber rules) provide frameworks for securing vessel systems. It is also valuable to share information: if your vessel or company experiences a cyber incident, report it to the appropriate bodies (flag State, coastal authorities, and information-sharing forums). The more the industry learns from each incident, the better prepared everyone can be.
The consequences of a cyber incident, from misrouted cargo to safety-critical failures, can ripple far beyond the affected ship or port, disrupting supply chains and undermining global trade. Awareness across the industry is growing, and standards like the IMO’s cyber risk requirements and BIMCO’s operational guidance are fostering more structured, proactive approaches. But guidelines alone are not enough. True resilience demands cultural change – embedding cybersecurity into everyday practice from the bridge to the boardroom. Shipping companies, port authorities, regulators, and vendors must collaborate to close the security gaps that adversaries continue to exploit.
Related
Tags
Intelligence Analysis
Asian Nations Face Intensifying Typhoon Impacts in the Northwestern Pacific Basin
Explore how climate change intensifies typhoons in Asia, impacting infrastructure and necessitating better preparedness for businesses and communities.
By Elizabeth Yin
July 15, 2025
Intelligence Analysis
Synthetic Reality Attacks Pose Rising Operational Risks to International Firms and Travelers
Synthetic reality attacks are emerging as a challenging risk to global corporate operations and international travel.
July 7, 2025
Intelligence Analysis
Impact of Cuts to Forecasting Services Uncertain During Above-Average US Hurricane Season
The 2025 Atlantic Hurricane season is forecast to see above-average levels of storm activity and recent cuts to services may impact the ability of forecasters.
By Charles Hogger
June 30, 2025
Intelligence Analysis
Evolving North Korean Ghost Worker Threat Underscores Global Dynamic Risk Environment
North Korean “ghost workers” use fake identities and documents to secure remote IT jobs, posing legal, financial, and reputational risks to organizations.
By Jonathan Vincent
June 25, 2025