Cybersecurity on a yacht – threats and guidelines 

Sailing, especially on large, open waters, has always carried many risks. Some of these risks can be more easily mitigated (e.g., by building vessels with better construction), while others can only be prevented (e.g., by anticipating adverse weather conditions). 

In today’s world, however, there is another emerging threat – the risk associated with cybersecurity. 

On a yacht, this is not only a technological issue but also a legal one. It can have significant implications for owners, shipowners, and the crew. Ensuring the vessel’s cybersecurity is becoming increasingly important for the safety of navigation, data protection, and avoiding potential legal liability. 

Cybersecurity as an element of maritime safety 

Cybersecurity is the organised management of risks associated with the use of IT systems. 

IT systems affect the daily work of the crew, passenger comfort and overall navigation. These include, for example, Wi-Fi networks and crew and passenger computers. Problems with these systems can delay a voyage, disrupt communication or cause data loss. 

Some of them, such as autopilot systems or propulsion control, have a direct impact on the physical operation of the yacht. Disruption of their operation can lead to loss of controllability, navigation errors or loss of communication. 

The yacht also processes the personal data of crew members and passengers. Violation of personal data protection rules resulting from a lack of adequate security measures may in turn lead to claims or notification obligations. 

Therefore, ensuring cybersecurity on board is an integral part of maritime safety. 

Example:
During a cruise in the Mediterranean Sea, a luxury yacht suddenly changes course. It turns out that a cybercriminal has taken control of the autopilot. The crew must quickly regain control to avoid running aground. 

International rules and regulations 

Cybersecurity rules on yachts are governed by international law. The International Maritime Organisation (IMO) introduced the obligation to include cyber risk in the International Safety Management (ISM) system in 2017. In 2024, an industry shipping consortium involving BIMCO (Baltic and International Maritime Council) and others issued specific guidelines on this issue. 

Although these regulations mainly apply to commercial vessels, their principles are equally important for yachts. Compliance with them can help manage risk, limit legal and financial liability, and keep documentation in order. 

Example:
The yacht owner regularly audited the systems in accordance with IMO guidelines. During the attack attempt, critical areas were protected, which prevented an incident and avoided costly claims. 

Cyber risks on a yacht – what are we facing? 

Cyber threats on a yacht can come from various sources. Here are the most common problems that may occur while sailing: 

1. Targeted attacks – cybercriminals can take control of yacht systems, such as the navigation system, leading to a change of course, data theft or disruption of yacht operations.
2. Accidental attacks – e.g. installing software that contains a virus that can infect systems.
3. Crew errors – crew members may accidentally introduce a threat, e.g. through improper management of access to IT systems.
4. Supplier errors – suppliers who do not adhere to appropriate security standards may introduce devices or software that are vulnerable to attack. 

Common cyber threats include: 

• phishing – attacks involving impersonating trusted sources in order to obtain login details,
• malware – malicious software that infects systems,
• ransomware – locking systems and data and demanding a ransom,
• Wi-Fi attacks – taking control of the Wi-Fi network on a yacht,
• navigation manipulation – e.g. manipulating GPS data in order to steer a yacht onto a dangerous course. 

Example:
A young crew member connects his phone to the on-board network, unknowingly introducing malware that blocks the yacht’s computers and compromises passenger data. 

Cyber risk management cycle – IMO and NIST 

Cyber risk management is based on a cycle consisting of five steps: 

1. Identification – identifying resources and threats related to IT systems,
2. Protection – implementation of appropriate security measures, such as access and user control,
3. Detection – monitoring systems for threats and analysing logs,
4. Response – taking corrective action in response to an incident,
5. Recovery – restoring normal operations after an incident and securing systems.

This cycle, developed by IMO and NIST, should be activated regularly, especially after any system changes or incidents. 

Example:
Upon detecting unusual activity in the logs, the team immediately implemented the response and recovery procedure, minimising the impact of the attack. 

Responsibilities of the owner, operator, crew and suppliers 

Cybersecurity management on a yacht is not the responsibility of just one entity. There are five entities, each with its own specific duties in this regard: 

• owner: responsible for ensuring adequate financial resources for the implementation and maintenance of the cybersecurity system, defining security policies and conducting regular reviews,
• operator: manages cyber risk, verifies service providers, provides crew training,
• crew: complies with access policy, monitors systems and reports any irregularities,
• suppliers: ensure that their products comply with cybersecurity requirements, secure devices and software,
• passengers: they have no specific responsibilities, but should comply with the cybersecurity rules on board.

Cybersecurity is an issue that cannot be ignored from any perspective. A threat to a yacht from one of the entities mentioned above may pose a threat to all. 

Example:
A new navigation system was installed on a yacht, but the supplier did not verify the relevant security measures. Thanks to the shipowner’s vigilance, the vulnerability was detected and immediately removed. 

Protective measures and procedures 

There are simple and common measures to increase cybersecurity on a yacht. From the perspective of those responsible, it is definitely worth implementing: 

• network segmentation – division into zones (guests, staff, critical systems) to minimise the risk of threats spreading,
• access management – use of strong passwords, differentiation of passwords in different systems, regular password changes,
• software updates – regularly updating systems from trusted sources,
• security policy – implementation of procedures concerning access, use of external devices, system monitoring and incident response. 

Imagine a yacht as a hotel – only people with the appropriate “key” are allowed access to the navigation systems, which reduces the risk of unauthorised access. 

Conclusion 

Cybersecurity on a yacht is an important element of navigational safety management, data protection and legal risk minimisation. The use of appropriate protective measures, system monitoring, compliance with regulations and the implementation of incident response procedures help to reduce risk and ensure safety on board. Although cyber attacks in the maritime environment may seem rare, it is worth implementing the recommended procedures to avoid serious consequences. 

We will return to this topic, so if you are interested, keep an eye on our content!