Cyberattacks targeting the global maritime sector rose by 103% in 2025, according to the 2026 Maritime Cyber Threat White Paper published by CYTUR Inc. The report shows incidents increasing from 408 in 2024 to 828 in 2025, highlighting a sharp escalation in cyber risks affecting shipping operations.
Rapid Rise In Targeted Attacks
Data collected through CYTUR-TI, the company’s maritime threat intelligence platform, highlights growing exposure linked to the digitalization of vessels. As ships integrate satellite communications with onboard operational technology (OT), threat actors are increasingly targeting systems that directly influence vessel operations rather than focusing only on data theft. The shift marks a broader change in risk, moving cyber incidents closer to core operational functions.
Follow THE FUTURE on LinkedIn, Facebook, Instagram, X and Telegram
Operational Technology Under Siege
Recent incidents have affected systems beyond traditional IT networks, including ballast water management, propulsion controls, Integrated Automation Systems, ECDIS, and AIS navigation tools.
Disruptions to these systems can create safety and navigational risks, as compromised operational technology may interfere with vessel stability, propulsion, or route data. Industry analysts note that the impact of cyber incidents is increasingly measured not only in financial terms but also in operational and safety exposure.
Satellite Communication Vulnerabilities
The growing use of satellite connectivity onboard ships has introduced new points of risk. VSAT links, widely used for monitoring and predictive maintenance, are becoming key targets for attackers.
The report highlights vulnerabilities in satellite management software that can create single points of failure. One 2025 case study cited in the white paper described coordinated attacks that disrupted communications across more than 100 vessels simultaneously.
Supply Chain Risks And Industry-Wide Implications
Cyber risks are also expanding across the maritime supply chain. Attackers increasingly target shipyards, equipment manufacturers, and software providers, creating the potential for malicious code to spread through vendor updates. Ransomware incidents involving maritime electronics suppliers demonstrate how disruptions at a single manufacturer can delay maintenance and safety-related upgrades across fleets. Researchers also report growing activity on dark web forums involving vessel access credentials and leaked technical data.
Regulatory Pressure And Compliance Shifts
Regulatory frameworks are tightening as cyber risk becomes a core operational issue. Under the International Association of Classification Societies’ Unified Requirements UR E26 and UR E27, cybersecurity controls must now be incorporated during vessel design and construction.
The International Maritime Organisation also requires cyber risk management within safety management systems under Resolution MSC.428(98), while the EU’s revised NIS2 Directive extends cybersecurity obligations to critical transport operators.
Together, these measures signal a shift from documentation-based compliance toward operational verification and resilience.
Regional Focus: Cyprus As A Maritime Cyber Hub
Cyprus, home to more than 220 shipping-related companies and one of the largest merchant fleets in the EU, is increasingly exposed to these risks as fleet operations become more digital.
Shipping Deputy Minister Marina Hadjimanolis said in an interview that digital transformation remains central to competitiveness, while cybersecurity is becoming a necessary condition for operational continuity.
Looking Ahead: The Path To Enhanced Resilience
Yong-hyun Cho, CEO of CYTUR Inc., said that data from 2024 and 2025 reinforce the view that maritime cybersecurity is no longer optional but a core requirement for vessel operations. The white paper aims to provide stakeholders with practical insights for navigating evolving cyber threats and an increasingly complex regulatory environment.
