Iran-backed cyber incidents drive shipping to rescan onboard systems

Ships are increasingly vulnerable to online threats through hardware being linked to constellations of low, medium and geostationary orbiting satellites, and companies using cloud-based programmes.

“Shipping is far more exposed than it was even a few years ago,” said CSM Greece managing director, Gregory Spourdalakis. “The volume of data moving between vessels and shore has increased significantly, and that creates more entry points for potential threats.”

Additional threats mean shipping companies need to identify vulnerabilities, reinforce IT systems with tougher firewalls and train shore and onboard teams to prevent cyber breaches.

“Resilience today is not about a single system or solution. It comes down to how well organisations monitor activity, how quickly information is shared internally, and whether people know how to respond when something does not look right,” said Mr Spourdalakis.

“Crew and shore-based staff are the first line of defence. If awareness is not there, the risk increases, regardless of how advanced the systems are.”

Cyber risk response

Heightened cyber risks were exposed earlier in 2026 in a new report from South Korea-headquartered Cytur. Its Maritime Cyber Security Standard Response Guide: From Framework to Action provided a maritime-specific checklist, particularly for chief information security officers, for monitoring, incident response and post-incident recovery.

Cytur said this guide helps ship operators and owners, shipyards and equipment makers to comply with the International Association of Classification Societies Unified Requirement (UR) E26 and E27.

It also provides time-sequenced protocols and guidance for ships impacted by GPS jamming and spoofing, data thefts, ransomware and attacks by artificial intelligence-backed software.

Cytur identified a 103% year-on-year surge in threats targeting the interface between IT and shipboard operational technology between 2024 and 2025.

“Maritime cyber security is no longer an option, but a matter directly linked to a vessel’s right to operate,” said Cytur chief executive Cho Yong Hyun.

He highlighted the rise of supply chain attacks and asset forgery, where attackers exploit vulnerabilities in onboard software to paralyse multiple vessels.

2026 will be a significant year in the evolution of maritime cyber security as vessels contracted after the UR E26 and E27 regulations came into force begin to be delivered.

“Failure to meet these cyber-security standards during sea trials may render ship delivery impossible,” said Mr Hyun.

Cyber threats exploiting onboard systems can cause operational disruption, fraud and safety issues if security is breached or risks remain undetected.

“If you cannot clearly see and manage what is running on your vessels, you cannot protect it,” said GTMaritime managing director Jamie Jones. “That creates exposure not just to cyber attacks, but to operational mistakes and manipulated communications with real safety implications.”

He expects the maritime industry to encounter more incidents driven by cyber deception, including fraudulent instructions, manipulated communications and operational errors triggered by systems that appear legitimate.

In these scenarios, operators must be able to demonstrate exactly what was running on board and how those systems were managed.

“A major cyber incident in shipping is increasingly likely unless operators strengthen the visibility and control of their onboard systems,” said Mr Jones.

Sign up for Riviera’s series of technical and operational webinars and conferences:

• Register to attend by visiting our events page.
• Watch recordings from all of our webinars in the webinar library.