Why Charter Brokers and Fleet Managers Are the New Frontline in Yacht Cybersecurity
A few months ago, we ran an exposure assessment on a charter yacht before the Med season. Within a few hours, we'd found the vessel's satellite panel, and two crew members' phone numbers and passwords sitting in breach databases — traced back to CVs they'd uploaded to crew agencies years ago. Findings like these prove once again that cybersecurity is not a priority in this industry, and people (crew) remain the weakest link in the chain, from social engineering to more technical attacks.
We see this regularly. Modern yachts are floating networks — VSAT terminals, CCTV, navigation, crew Wi-Fi, entertainment systems — yet most are managed with little attention to security. During one of our reconnaissance works, we identified over 50 live dashboards exposing crew information, voyage histories, and administrative panels not protected.
The industry is learning the hard way. In 2023, Lürssen shut down shipyard operations after a ransomware attack. Brunswick Corporation lost $85 million and nine days of global operations. In 2024, MarineMax disclosed that attackers stole data from over 123,000 customers and employees.
Earlier this year, a coordinated attack took down satellite communications on 116 tankers belonging to a single state-owned fleet. Ship-to-shore links went dark. Internal crew communications failed. The attackers exploited vulnerabilities in VSAT terminals — the same systems found on yachts worldwide. One compromised service provider, and an entire fleet went silent. These aren't distant threats — they're hitting the builders, dealers, and infrastructure yacht owners depend on.
We're now hearing it directly from some clients. High-net-worth individuals and their security teams are asking questions like: Are the onboard cameras accessible from outside? What happens to our data after the charter? Brokers and managers who can't answer will start losing bookings to those who can.
Traditional IT security firms often struggle here. Satellite communications, proprietary equipment, legacy controls, maritime frameworks — none of it fits standard corporate frameworks. This is why we built in our services offering a unique maritime practice around vessel-specific methods of exploitation and intelligence. Our assessments start across every connected system, technology and people. Looking ahead into 2026-2027 the vessels that stand out will be the ones that can show clients their privacy is protected, not just a promised luxury on paper.
Complimentary Digital Exposure Check Club Vivanova partners can request a confidential assessment of their personal or corporate digital footprint.
Explore maritime cybersecurity offerings
EPCYBER — founded in 2022 — is a recognized global leader in cyber intelligence training and services. Trusted by EU & U.S. government agencies and professionals from global firms across 50+ countries. We help intelligence teams gather and act on information from hard-to-access regions. We deliver services across industries — defense, oil & gas, banking, maritime — including penetration testing, cyber intelligence, and security assessments.
