In a time where technology has become deeply intertwined into every aspect of our lives, even the luxurious would of superyachts is not immune to the growing threat of cyber-attacks. As these advanced yachts continue to embrace cutting edge technologies for navigation, communications, and entertainment, they also become increasingly more vulnerable to cybercriminals. This blog will explore the evolving landscape of superyacht cyber-attacks, potential risks, the motivations behind the criminals, and the measures that can be taken to secure your superyacht.
The landscape of cybercrime is rapidly advancing, with mercenary hackers, once exclusive to government agencies, now available for hire. Cybercriminals often employ tactics such as blackmail, gathering information through malware or spyware to target high profile or high net worth individuals. Compromised crew credentials or unauthorised access to guest Wi-Fi are common entry points. Yachts are particularly susceptible to invoice fraud, given the regular validation of diverse transactions by captains or managers.
Cyberattacks extend beyond personal data breaches, potentially interfering with a yacht’s operational technology. Even well-intentioned actions, like remote network access for firmware updates by suppliers, can inadvertently lead to security compromises.
Cybercriminals look for the easiest target, and the human element on the yacht supplies this. The people on board can easily be compromised without them being aware. Cybercrime is an expensive hobby and is often a skill that must be paid for, however, sending phishing links are much cheaper and unfortunately very effective. Cybercriminals send these emails to thousands of email addresses, hoping that someone will be fooled and click on it, which can easily be your demise. Any human on board could be tricked into opening the door for a cyber-attack, whether it be through a link in an email or by plugging in an infected USB stick.
Here are a few claims examples;
- Malware leads to physical damage to the hull of the vessel and bridge systems while in open water
- Ransomware corrupts the navigational systems and threatens physical damage to the hull while in port, thus causing departure delays
- Hackers gain access to the vessel and request a ransom demand for release of the vessel
- Malware to a third party device connected to the vessel AV system leads to an outage
- Malware to the hotel services causes internal damage and corrupts the pressure valve system
- Malware leads to a sprinkler system malfunction and damage to the vessel
Fortunately, implementing cybersecurity measures is not costly, adopting awareness and good practices significantly boost security. You may be aware and very careful when it comes to cyber security but that is useless if your crew isn’t the same. Crew awareness training is crucial, ensuring everyone on board is informed and vigilant. Identifying and addressing vulnerabilities is equally as important. Conduct an audit on any device connected, monitor file access, manage passwords, and update passwords when crew members leave. These simple yet effective changes, along with crew training, will take you to a higher level of security and significantly reduce the risk of a cyber-attack.
Author Bio
Darren Harris began his insurance career in 2010 and gained experience in the London Market until 2016, working for two global Marine Insurance Brokers with a specific focus on global shipping and associated Hull / P&I risks, including War and Kidnap and Ransom covers.
Darren joined Hayes Parsons Insurance Brokers in 2016 and has since gained his Chartered Broker status and in 2024 was promoted to Marine Director. Darren can be contacted via phone, email or LinkedIn.