A new report from Cydome reveals a significant escalation in operational technology (OT) and maritime cyber incidents, with ransomware attacks surging by 150% in 2025. The report highlights a staggering increase in GPS spoofing incidents, with approximately 1,000 daily occurrences impacting around 40,000 vessels. Attacks on edge devices—such as routers, VPNs, and firewalls—rose by 800%, indicating a broadening threat landscape for connected maritime infrastructure. In total, 50,000 new vulnerabilities were reported in 2025, with 52 categorized as ‘high’ or ‘critical.’ Alarmingly, 87% of organizations consider AI-related vulnerabilities the fastest-growing cyber risk of the year.
Cydome’s research underscores that in 2025, artificial intelligence (AI) fundamentally transformed industry operations, shaping the methods employed by cybercriminals. For instance, in January 2026, AI autonomously identified 12 previously unknown zero-day vulnerabilities in SSL, a highly scrutinized software codebase, including a flaw that had remained undetected for 15 years. The study notes that high-speed satellite links and the proliferation of connected OT sensors have effectively integrated ships into a global network, enabling more complex cyberattacks that were previously beyond the capabilities of most hackers.
The report states that 22% of organizations faced an OT/ICS cyber incident in 2025, with OT incidents now constituting 20% of all reported cyber events. Notably, attacks on maritime OT saw a 150% increase, with ransomware responsible for 87% of these incidents. Half of all OT attacks originated from unauthorized external access, illustrating a critical vulnerability in maritime security.
Cydome identifies several challenges in OT security, including a significant lack of visibility. Only 13% of organizations possess full visibility into their OT systems, while 33% report no insight into their OT assets. This lack of awareness is particularly problematic in maritime environments, where ICS-specific protocols complicate detection. Third-party access emerged as another major concern, with unauthorized external access accounting for 50% of all OT incidents. Moreover, aging OT systems pose risks, as more than half are over five years old and not equipped to withstand modern cyber threats or AI-driven attacks.
Despite the unique nature of OT systems, 49% of their vulnerabilities are deemed high or critical. The convergence of IT and OT further complicates security measures, as 75% of OT attacks initially stem from IT breaches. Patching progress remains sluggish; while IT systems receive updates within an average of 32 days, 85% of organizations do not regularly patch OT systems, with 60% applying updates only during planned shutdowns.
Cydome’s current report shows that AI’s integration into the shipping industry has reached production-grade levels for attackers, significantly amplifying the scale and sophistication of cyber threats. The dominance of ransomware continues to pose the most significant risk for shipping companies. While unpatched vulnerabilities were the main attack vector in 2024–2025, the 2025–2026 period has seen a notable rise in the exploitation of valid, stolen credentials as a primary entry point.
Ryan Son, managing director at Rakuten Symphony Singapore & Korea, noted that the number of cyberattacks in the maritime sector more than doubled in 2025 compared to 2024, marking cybersecurity as a priority for CEOs and board directors. Øystein Brekke-Sanderud, head of maritime OT/ICS security at NORMA Cyber, anticipates that insider threats—whether malicious or accidental—will emerge as the most significant cybersecurity challenge in 2026. Brekke-Sanderud emphasizes the necessity for enhanced detection capabilities across maritime fleets.
Despina Panayiotou Theodosiou, CEO at Tototheo Global, stresses that shipping companies must adopt compliance-driven OT cybersecurity strategies that align with regulatory standards. Christy Coffey, vice president for operations at the Maritime Transportation System ISAC, points out that resilience in maritime operations hinges on trusted collaboration and real-time threat intelligence sharing.
The report details a fleet-wide cyberattack in 2025 that targeted maritime VSAT infrastructure. The hacktivist group Lab Dookhtegan compromised 116 Iranian oil tankers, resulting in irreversible disconnection from VSAT systems. The attackers gained control over ship-to-shore VOIP services, causing significant operational disruptions.
Credential compromise also saw a dramatic rise, with identity theft incidents increasing by 160% in 2025, largely attributed to automated AI harvesting and large-scale third-party data breaches. The report warns that digital identity vulnerabilities persist; for each human identity online, there are 82 autonomous bot-controlled synthetic identities. Furthermore, password reuse among users remains a critical vulnerability, posing high risks for individuals in sensitive roles.
Cydome indicates that edge devices are increasingly targeted, with attacks on these systems soaring by 800% in 2025. Approximately 20% of exploits focused on firewalls and VPNs, while critical vulnerabilities in routers remained largely unpatched. Malware and cryptomining operations have been detected aboard vessels, suggesting that ships are now part of a global cyber threat landscape. The report also highlights sophisticated phishing attacks using AI, with 83% of phishing emails incorporating automated elements to evade detection.
As the threat landscape evolves, Cydome suggests that organizations must prioritize proactive measures to safeguard maritime operations. The surge in cyber risks underscores the urgent need for a collective response, as collaboration and information sharing become imperative for operational continuity in the maritime sector.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
