Evaluating Vessel Cyberattacks: Are the Risks Exaggerated or a Genuine Threat?

Abstract:

In the last 10 years, publicly reported cyberattacks in the maritime sector have increased by more than 1000%, going from 4 in 2015 to 92 attacks in 2023, 80 in 2024, and 51 in 2025. Having said that, vessels themselves are less than 21% of those attacks. In addition, many of those cyber incidents relate to attacks on navigation and not actual compromises of the vessel systems themselves. Some researchers and industry insiders argue the threat to vessels is overblown, but is it? Using public incident data related to vessel and non-vessel cyberattacks, information on the capability and motivations of state and non-state cyber threat actors, the authors argue that cyberattacks on vessels remain a legitimate area of concern, and expectations that there should be large numbers of documented incidents to validate that position are unrealistic. The authors do, however, acknowledge the necessity to continually contest such assumptions given the limited data available.


AUTHORS

Photo of Stephen McCombie

Maritime IT Security Research Group NHL Stenden University of Applied Sciences
Leeuwarden, Netherlands

Stephen McCombie’s current research interests are in maritime cyber threats, cyber influence, cybercrime, digital forensics, cyber threat intelligence, and cyber conflict. He has over 25 years’ experience in cybersecurity as a practitioner and researcher. He has also held management roles in cybersecurity with IBM, National Australia Bank, and RSA Security/Secureworks (Dell).

Photo of Jeroen Pijpker

Maritime IT Security Research Group NHL Stenden University of Applied Sciences
Emmen, Netherlands

Jeroen Pijpker focuses his research on cybersecurity across both software and hardware domains. At the Maritime IT Security research group, he contributes to the development of a maritime honeynet to study attacker behavior. He holds a master’s degree in Business Process Management and IT from the Open University, where he researched strategies for ISPs to combat botnets.

Photo of Remco Hassing

Maritime IT Security Research Group NHL Stenden University of Applied Sciences
Emmen, Netherlands

Remco Hassing is a researcher at the Maritime IT Security research group. As such, Hassing contributes to the development of the MCAD incident database, maritime cyber simulations, the ship honeynet project, and the technical operations that support the research of the group. He holds a Bachelor of Science and is currently a student in the Masters of Maritime Innovation at Maritime Institute Willem Barentsz.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS
ICT

M

N

NEC
NSA
NSS

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com