The shipping industry, which moves about 80% of the world’s goods, is increasingly finding itself in the crosshairs of hackers. From organised criminal gangs to state-backed cyber units, attackers are exploiting the sector’s growing reliance on digital systems to disrupt trade or extract ransom payments.
London lawyer Henry Clack, who represents shipping companies at the international law firm HFW, says Nigerian groups are particularly active.
“Of the cases we’ve handled, the most common counterparties are Nigerian organised criminal organisations,” he explained. “They’ve been behind several high-value ‘man-in-the-middle’ frauds in recent years.”
In such scams, hackers intercept emails between two parties, pose as each side, and trick them into handing over sensitive data or payments. Once inside, they may take control of IT systems and demand money before handing them back.
The Cost of Attacks
Data collected by HFW shows the financial toll on shipping firms is rising steeply. Between 2022 and 2023, the average cost of dealing with a cyber attack doubled to about $550,000 (£410,000). When ransom payments are required, the average bill now reaches $3.2m.
For shipping companies already under pressure from fuel costs, tight margins and global disruptions, these sums are punishing. Even short delays can mean higher insurance premiums, lost contracts and reputational damage.
Why Shipping Is Vulnerable
The industry’s importance makes it an attractive target. A single cyber attack can disrupt supply chains across continents.
“Shipping has been listed as one of the top ten targets for cyber criminals worldwide,” said John Stawpert of the International Chamber of Shipping. “If criminals manage to disrupt your operations or launch a ransomware attack, the impact can be very significant.”
Researchers at NHL Stenden University of Applied Sciences in the Netherlands tracked reported cyber incidents in shipping. They found cases jumped from just 10 in 2021 to at least 64 in 2023. Many were linked to state actors in Russia, China, North Korea and Iran.
One example involved cargo bound for Ukraine. Details of the shipment surfaced on a Telegram channel, with hackers encouraged to attack it and disrupt the supply chain.
More Connections, More Open Doors
A big reason for the rise in incidents is the industry’s shift towards greater connectivity. Ships once cut off at sea are now increasingly linked to shore through satellite services such as Starlink, giving crews faster internet but also exposing new attack routes.
Sometimes the risk comes from within. Last year, a US Navy officer was dismissed after installing an unauthorised satellite dish on a combat ship so she and colleagues could browse the internet.
At the same time, most commercial vessels are far from new. The average cargo ship is 22 years old. Outdated systems and tight operating schedules make it difficult for owners to take them out of service for upgrades.
GPS Jamming and Spoofing
Beyond IT networks, hackers have found ways to interfere with ships’ navigation. GPS jamming blocks a vessel’s satellite signals, while spoofing sends false coordinates to redirect its course.
“GPS spoofing means the system is given a false location,” explained Arik Diamant of cyber security firm Claroty. “The ship can end up miles off course, or even run aground if it’s tricked into entering shallow waters.”
In May, the container ship MSC Antonia was reported to have run aground in the Red Sea after a suspected spoofing incident. In the Baltic Sea, similar episodes have been blamed on Russian interference.
More Entry Points
The drive to monitor emissions has created further vulnerabilities. Cargo ships now use thousands of sensors to track performance and pollution levels, many of which transmit data externally. Each connection offers a possible entry point for hackers.
“The more digital systems you install, the more attack surfaces you create,” said researcher Jeroen Pijpker of NHL Stenden’s Maritime IT Security group.
Industry Response
The good news, say experts, is that awareness has improved. In 2021, the International Maritime Organization (IMO) added cyber security requirements to its global safety management code. For the first time, shipping companies are legally obliged to integrate cyber risk management into their safety systems.
“Ship management systems now have to address deliberate cyber attacks,” explained HFW partner Tom Walters, “including basic hygiene, operational practices and more technical IT measures.”
Stawpert of the International Chamber of Shipping believes the sector is better prepared than a decade ago. “The industry is in a far better place than six or seven years ago. There’s hugely increased awareness, and that will continue to grow.”
How Negotiations Work
When companies do fall victim, law firms like HFW sometimes end up communicating directly with hackers. According to Clack, exchanges are typically short and cautious.
“It’s usually in the context of ransomware,” he said. “Communication is via online messaging services, often just one message a day — no more than a couple of sentences.”
Looking Ahead
The shipping industry’s digitisation will only accelerate, with smart sensors, automated systems and satellite links becoming the norm. Each new technology improves efficiency but also adds another layer of risk.
Experts warn that while companies are catching up, attackers are becoming more sophisticated too. For businesses that depend on the free flow of goods, investing in cyber defences is no longer optional.
As Clack and his colleagues have seen, the financial and reputational damage of a major breach can dwarf the cost of prevention. For an industry that underpins the global economy, the stakes could not be higher.
