In 2025, the maritime sector faces escalating cyber threats that can lead to massive financial losses, operational disruptions, and even safety risks.
The maritime industry, a cornerstone of global trade responsible for over 90 percent of international commerce, has increasingly become a target for cybercriminals. Cyber incidents have plagued civilian vessels and infrastructure, leading to tangible financial hits. For instance, in the first half of 2024 alone, it was reported that there were 23,400 malware detections and 178 ransomware attacks across 1,800 vessels, resulting in operational standstills and recovery costs running into millions. Ransomware has been particularly devastating; cases documented in the Maritime Cyber Attack Database (MCAD) include ships being “bricked” – rendered inoperable – due to encrypted systems, forcing vessels to anchor for days while IT teams scrambled to restore functionality.
One of the most vivid illustrations of the economic fallout from maritime disruptions – though not directly cyber-related – is the 2021 blockage of the Suez Canal by the container ship Ever Given. This incident halted traffic through a vital artery for global trade, causing an estimated $9.6 billion in daily losses to the world economy, with ripple effects on supply chains, fuel prices, and the availability of consumer goods. While mechanical and human factors were at play, it underscores how a single vessel’s downtime can cascade into billions of dollars in damages, a scenario increasingly replicable through cyberattacks.
Civilian GPS jamming, a growing maritime cybersecurity threat, has been increasingly exploited by state and non-state actors to disrupt vessel navigation, often with severe economic and safety implications. In 2024-2025, incidents of GPS spoofing targeting civilian ships have surged, for instance, in geopolitically sensitive regions like the Black Sea and the Persian Gulf, where signals were jammed to mislead vessels into territorial waters, triggering legal disputes and insurance claims.
The Maritime Cyber Attack Database records cases where commercial ships experienced spoofed GPS signals, causing navigational errors that delayed operations and incurred costs for rerouting or recovery. These attacks exploit vulnerabilities in vessels’ reliance on satellite-based navigation, especially when these systems lack fallback mechanisms like compasses or astrolabes. As ships increasingly integrate with connected systems, the absence of secure-by design protocols amplifies risks, underscoring the need for robust countermeasures like encrypted navigation signals and crew training to detect and respond to jamming attempts.
Where attacks can strike: Critical nodes on vessels
Modern vessels, particularly those under 25 years old, are akin to floating factories with extensive automation present onboard, blending information technology (IT) and operational technology (OT) systems. Approximately 50 percent of a ship’s digital infrastructure is IT-based – office networks, captain’s computers, and data-sharing setups – while the other 50 percent comprises OT, mirroring industrial control systems found in factories. Protecting these nodes is paramount, as breaches can compromise navigation, propulsion, or cargo operations.
At the core of this infrastructure are the OT layers. For instance, the upper level on the bridge manages propulsion, engines, and steering; the lower level in the engine room handles machinery; and mid-level systems, like SCADA for cargo operations, monitor pressure, ballast tank levels, and specialized maritime functions absent in land-based industries. Industrial Internet of Things (IIoT) devices permeate all levels, enabling real-time monitoring but expanding the attack surface. Shipowners increasingly demand 24/7 metrics on fuel, water, and
other resources via “connected vessel” systems, which collect data unidirectionally for dashboards and reports but do not control the ship. However, these systems heighten risks by linking to external networks, potentially allowing malware ingress.
Port infrastructure compounds vulnerabilities, exchanging data with vessels – such as oil discharge rates from tankers or navigational updates like weather and pilotage info. Multiple owners access vessel data through ports, making them critical for safety, but also prime targets for attackers. Attacks often occur via communication channels: Starlink connections, cellular modems effective within 10-12 miles of shore, or port Wi-Fi networks. Documented cases include ransomware spreading through port connections, immobilizing ships for days.
Infection vectors are diverse and often human-enabled. Nautical charts, updated biweekly, are typically downloaded to officer laptops and transferred via USB to navigation computers – a practice that risks malware propagation across IT and OT boundaries. Without malware scanning, these drives become a source of threats. GPS jamming can lure vessels into sandbanks or other obstacles, and also into territorial waters for legal disputes, triggering insurance payouts and operational halts. Emerging unmanned civilian vessels, trialed on shuttle routes like ferries, introduce AI-driven risks, including predictive failures in navigation or propulsion, further necessitating robust defenses. In “smart ports,” IIoT integration demands regulatory-compliant security to prevent cascading failures.
Regulatory bodies and certification for cybersecurity solutions on maritime infrastructure
As threats evolve, regulatory frameworks have matured to enforce cybersecurity in maritime operations. Each maritime nation maintains its own shipping registry, overseeing vessel compliance. Since July 2024, major registries have adopted documents mandating cyber-protected systems, with secure-by-design principles effective from January 2024. Software and hardware solutions must undergo certification to operate on vessels, ensuring they meet safety standards.
The International Maritime Organization (IMO) leads globally, providing high-level guidelines. Its Guidelines on Maritime Cyber Risk Management offer recommendations for integrating cyber defenses into risk processes, addressing cyber risks in safety management systems under the ISM Code. In April 2024, IMO issued a circular on risk assessment, emphasizing proactive evaluations – though no specific 2025 update is noted, ongoing revisions stress emerging threats like AI in unmanned ships.
The International Association of Classification Societies (IACS) issues technical requirements, such as Recommendation 166 and Unified Requirements E26, E27, for cybersecurity in ship construction. The Oil Companies International Marine Forum (OCIMF) focuses on tankers, via the Tanker Management and Self-Assessment (TMSA) and Ship Inspection Report Programme (SIRE), promoting continuous safety enhancements.
Cybersecurity vendors are entering this market, certifying solutions to registry standards. Crew training programs, addressing human factors like USB misuse, are also integral to reduce risks through awareness and cyber-hygiene practices.
Embracing Secure by Design in digital maritime solutions
In 2025, the maritime sector stands at a crossroads: digitize securely or risk amplified losses. Modern digital solutions – from connected vessels to autonomous systems – must adopt “secure by design” from inception, embedding cybersecurity into hardware, software, and processes rather than bolting it on later. This approach, mandated by recent regulations, minimizes vulnerabilities like unpatched legacy systems on older vessels, which rarely see updates due to design change implications.
Stakeholders – shipowners, ports, and vendors – should prioritize IIoT hardening, unidirectional data flows, and regular audits. They must also invest in crew education to curb human errors, integrate predictive analytics for failure detection, and leverage insurance policies that are tailored to cyber risks – which have now been available for two years. By heeding IMO, IACS, and national frameworks, the industry can fortify against threats like ransomware. Secure by design is not optional – it’s essential for safeguarding global trade, preventing economic shocks, and ensuring safe seas.
Alexander Nikolaev is a Kaspersky Industrial Cybersecurity Expert.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Featured image: Nathan Cima on Unsplash