Washington, United States. Cyberattacks targeting the global maritime industry rose 103% in 2025 to 828 incidents, up from 408 in 2024, according to the 2026 Maritime Cyber Threat White Paper published in February by CYTUR Inc. The report says attackers increasingly moved beyond data breaches to target vessels’ core operational systems.
Report findings and incident types
The white paper is based on data collected through CYTUR-TI, the company’s maritime-specific threat intelligence platform. It concludes that rapid digitalisation of ships, particularly the integration of satellite communications with onboard Operational Technology (OT), has significantly widened the industry’s attack surface.
Ransomware, Distributed Denial of Service (DDoS) and malware infections accounted for most of the recorded incidents.
Shift from corporate IT to vessel OT
The report says attacks are increasingly penetrating vessel OT systems rather than remaining confined to corporate IT networks. Systems cited include ballast water management, engine and propulsion controls, Integrated Automation Systems (IAS), ECDIS and AIS.
It adds that this shift gives cyber incidents direct navigational and safety implications. According to the paper, compromised OT systems can manipulate chart data, distort positioning information, or interfere with propulsion and stability controls.
Satellite connectivity as a primary target
The report says accelerated adoption of shipboard satellite connectivity has introduced new vulnerabilities as vessels rely more on VSAT links for real-time monitoring, predictive maintenance and fleet management.
It details how weaknesses in satellite communication management software can create a “single point of failure,” enabling attackers to disrupt communications across multiple vessels simultaneously. A 2025 case study cited in the paper describes two waves of coordinated attacks that paralysed communications on more than 100 ships, severing ship-to-shore connectivity and halting operational reporting.
Supply chain exposure
The report says supply chain exposure is emerging as a parallel risk.
What measures do you think maritime operators should prioritise to reduce cyber risks to vessel operational systems?
