Hackers Escalate Attacks on Global Shipping, Raising Costs and Risks

The global shipping industry is facing a surge in cyber attacks that industry lawyers and specialists say is driving up costs, threatening operations and exposing new vulnerabilities as vessels and ports become more digitally connected.

Lawyers and security researchers report a rapid rise in incidents ranging from financially motivated "man-in-the-middle" frauds and ransomware to suspected state-linked GPS jamming and spoofing. Data compiled by London-based law firm HFW shows the average cost of dealing with a cyber attack in the maritime sector doubled between 2022 and 2023 to about $550,000, while average ransom payments in cases where hackers could not be removed have reached roughly $3.2 million.

Around 80% of world trade is carried by sea, making shipping a tempting target for both organised criminal groups and hostile states, maritime industry officials say. "Cyber security is a major concern for the shipping industry, given how interconnected the world is," John Stawpert, manager for environment and trade in the marine department of the International Chamber of Shipping, said. "Shipping has been listed as one of the top 10 targets for cyber criminals globally. The impact can be quite significant if cyber criminals manage to disrupt your operations or, for example, carry out a ransomware attack."

Research from NHL Stenden University of Applied Sciences' Maritime IT Security group shows the number of recorded cyber attacks affecting shipping rose from about 10 in 2021 to at least 64 in 2023. Jeroen Pijpker of the research group said many incidents appear linked to four governments he and colleagues monitor — Russia, China, North Korea and Iran — though financially motivated criminal gangs remain active. "What we saw with one example was that equipment was being shipped to Ukraine, and then on a Telegram channel we see people giving information about what kind of targets to attack to get some kind of disruption in the logistical chain," Pijpker said.

Hackers employ several methods to compromise maritime operations. Man-in-the-middle scams, in which attackers intercept and impersonate communications to steal credentials or redirect funds, have been prominent in cases handled by HFW. Henry Clack, a solicitor at the firm, said Nigerian organised criminal groups have featured frequently among the perpetrators in such frauds. "Of the cases which HFW have been involved in, the most common counterparties that we've encountered are Nigerian organised criminal organisations," he said. Negotiations with criminals, Clack added, often take place through terse electronic text messages: "maybe one message, no more than a couple of sentences, each day."

In addition to fraud and ransomware, navigation systems have been targeted. GPS jamming and spoofing — techniques that can block satellite signals or feed false location data to a ship's navigation system — have caused ships to deviate from planned courses and, in some cases, run aground. Ark Diamant of industrial security firm Claroty noted that spoofing can send a navigation system a false position, potentially directing a vessel into shallow waters or other hazards. Media reports in May detailed a container ship, MSC Antonia, running aground in the Red Sea after a suspected GPS spoofing incident; while no party was publicly accused in that case, the area has seen both cyber and physical attacks.

Experts point to several drivers behind the increase in cyber incidents. The maritime industry has become more digital in recent years, with broader use of sensors to monitor engine performance and emissions and new communications options such as low-latency satellite internet services. Those connections create more entry points for attackers. At the same time, many commercial vessels are older — Pijpker says the average cargo ship is about 22 years old — and retrofitting or updating onboard systems can be costly and time-consuming for shipowners who cannot easily take vessels out of service.

Defence against jamming and spoofing is possible but expensive. Anti-jam technology and hardened navigation systems exist, and some shore-side cyber protections can be strengthened, but adoption is uneven. Port facilities have become targets as well, and successful attacks on terminals can disrupt supply chains and increase costs for operators and customers.

Regulatory steps have sought to close gaps. In 2021 the International Maritime Organization incorporated cyber security provisions into the International Safety Management code, making cyber risk management a required element of ship safety management systems. Tom Walters, another shipping specialist at HFW, said the new requirements "brought into law more specific cyber risk management requirements to be incorporated into the ship safety management system, to address deliberate cyber-attacks, and to prescribe risk management practices into the operation of compliant merchant ships."

Industry voices say awareness has grown substantially compared with several years ago but caution that threats will continue to evolve. "Personally, I think the industry is in a good place to deal with the threat — certainly compared with six or seven years ago," Stawpert said. "There's hugely increased awareness across the industry of cyber attacks and cyber crime, and that will increase over the coming years."

Preventive steps recommended by security firms and regulators include basic cyber hygiene, segmentation of operational technology and IT systems, regular software updates, and incident response planning that accounts for the unique operational constraints of ships at sea. Sensors and emissions-monitoring equipment, while valuable for regulatory compliance and efficiency, have been flagged as potential attack vectors that require secure transmission and authentication.

The financial stakes are substantial. HFW's figures underscore the potential scale of losses and the growing appetite of attackers for large payouts when they can exert continued control of systems. For the wider economy, the risk extends beyond individual companies: disruption to maritime operations can ripple through global supply chains, reducing capacity and raising costs for goods transported by sea.

Officials and firms say continued investment, stronger regulation, and information sharing between companies and governments will be central to limiting damage. Meanwhile, legal teams such as HFW's remain engaged in an unusual mix of litigation, incident response and direct, terse negotiation with criminal actors when ransomware and fraud cases arise.

The convergence of increased connectivity, ageing physical infrastructure, and a mix of financially motivated and state-linked adversaries has created a complex cyber-threat landscape for an industry that underpins much of global trade. As attacks rise in frequency and cost, shipping companies, ports and regulators are under pressure to accelerate defenses and adapt to threats that can move as quickly as the digital networks they now depend upon.