The recent grounding of the MSC Antonia near the Eliza Shoals off Jeddah on 10 May 2025 has brought into sharp focus the real-world consequences of cyber-physical attacks in the maritime sector – and particularly within the Middle East and North Africa (MENA) region. Analysis by respected maritime intelligence firms such as Pole Star Global and Windward indicate that the vessel's navigational systems were likely compromised by GPS jamming, leading to incorrect positioning data and ultimately to the grounding incident.
This event underscores the growing cyber threat to vessel movement in the region – one with potential outcomes including groundings, collisions, and environmental harm. For MENA, where critical trade routes such as the Strait of Hormuz and the Suez Canal are lifelines of global commerce, the implications are particularly serious. Regional security dynamics, increased reliance on digital systems, and proximity to cyber-capable nation-state actors elevate both the frequency and severity of these risks.
Despite this, in our work with marine clients across the Middle East and North Africa, we continue to observe a significant disconnect between emerging cyber threats and existing risk transfer arrangements. That gap must close before the next incident occurs.
A sector exposed by design
Cyber risk in the marine space is not simply a by-product of digitisation, it is an inherent consequence of how the industry now operates. From voyage planning and propulsion control to port logistics and remote diagnostics, the reliance on connected systems has grown rapidly. But security has not kept pace.
Several structural factors make the sector especially vulnerable:
Operational technology (OT) fragility – many vessels rely on legacy systems that were never designed for connectivity or cyber resilience.
Global interdependence – a single vessel may interface with dozens of third-party systems across jurisdictions, each with different security standards. This interconnected nature means that a cyber incident affecting one operator can trigger global disruption, particularly if it impacts a critical shipping lane or chokepoint like the Suez Canal, Strait of Hormuz, or Panama Canal.
Limited cyber hygiene – basic cybersecurity practices remain uneven across fleets and port infrastructure. Network segmentation, patching, and access control are not universally implemented.
Malicious actor intent – criminal groups, nation-state actors, and proxies increasingly target maritime assets. Whether to extract ransom, disrupt trade, or escalate geopolitical tensions.
Cyber attackers are no longer just breaching databases. They are actively interfering with navigational systems, manipulating Automatic Identification System (AIS) data, and threatening vessel control – raising the stakes from financial loss to physical catastrophe.
From digital risk to real-world consequences
The MSC Antonia is the latest in a growing pattern of cyber-physical incidents affecting the maritime sector. The industry has already witnessed escalating attacks that have disrupted operations and threatened the integrity of global trade routes:
In 2017, Maersk was crippled by the NotPetya malware, resulting in over $300 million in losses and widespread disruption across its terminal network – including operations in key MENA ports such as Jebel Ali and Salalah.
In 2021, Iranian port systems were reportedly targeted in a state-sponsored cyber retaliation, underscoring the role of maritime infrastructure in modern geopolitical conflict and highlighting the vulnerabilities of critical infrastructure within the region.
AIS spoofing, GPS jamming, and satellite interference are increasingly frequent in areas of geopolitical tension – many of which are located in or near the MENA region. These activities directly impact navigational systems and pose a heightened risk to vessels transiting chokepoints such as the Strait of Hormuz and the Red Sea.
What differentiates the Antonia incident is the strong likelihood of cyber-induced physical loss – a vessel grounding potentially triggered by digital interference. This challenges long-standing assumptions in marine underwriting and underscores the need for a more urgent and region-specific conversation around cyber risk and insurance preparedness.
Regulatory pressure is mounting
In parallel, regulators are stepping up expectations on maritime cyber preparedness:
The IMO’s Resolution MSC.428(98) mandates the integration of cyber risk management into Safety Management Systems (SMS).
The EU’s NIS2 Directive expands obligations for operators and ports, demanding proactive cyber resilience and incident reporting.
The US Coast Guard now enforces minimum cyber security standards for vessels and port facilities as a condition of access.
In the MENA region, regulatory development is gaining momentum. Authorities in key maritime hubs such as the UAE and Saudi Arabia are increasingly aligning with international standards, while also launching their own national cybersecurity frameworks to enhance the resilience of critical infrastructure. Port operators and shipping companies in the region are now expected to demonstrate active cyber risk management and incident response capabilities, both as part of regulatory compliance and as a commercial necessity.
These changes are reshaping both operational requirements and liability exposures. Compliance is no longer optional. Failing to meet regulatory standards could impact not only reputation but also insurance recovery in the event of an incident.
Rethinking risk transfer: closing the coverage gap
As brokers, we see the full complexity of this risk. For clients, the core concern isn’t just whether a traditional cyber policy will pay to restore data. It’s whether existing marine insurance programmes will respond to physical damage, cargo delays, third-party liabilities, or environmental clean-up costs caused by a cyber event. Herein lies the challenge: since the Lloyd’s “silent cyber” mandate, insurers have been required to clearly state whether cyber risk is covered or excluded. In practice, this has led to wide-scale application of cyber exclusions across hull, cargo, and non-International Group mutual P&I policies, regardless of format. That means many marine operators today are unknowingly exposed. A cyber-triggered grounding, port disruption, or environmental spill could result in losses that are explicitly uninsured under their current programme. In a worst-case scenario, a cyber-physical incident could threaten business continuity altogether.
To manage this risk effectively, organisations must:
Engage their brokers proactively to review and clarify cyber exclusions across all policies.
Work with marine cyber specialists who understand both the operational realities and the insurance implications of cyber-physical risk.
Consider dedicated cyber insurance solutions that cover physical damage, third-party liability, business interruption, and crisis response arising from cyber events.
Explore combined shoreside and marine solutions, which typically have terms and conditions similar to traditional cyber policies, but with broader language offering supplemental coverage for maritime exposures.
The modern cyber threat is no longer just digital – it’s physical, financial, and strategic. And it requires a risk transfer solution that is equally multidimensional.
Building true resilience
Managing cyber risk in the marine sector cannot be left solely to IT teams or compliance checklists. It demands a holistic, enterprise-wide strategy that integrates security, operations, and insurance. To build genuine resilience, marine organisations should:
Map vulnerabilities across both shipboard and port-side systems.
Clarify roles and escalation plans in the event of a cyber incident.
Invest in cyber hygiene, segmentation, and scenario-based contingency planning.
Ensure insurance coverage reflects actual operational exposure – not just regulatory tick boxes.
The MSC Antonia may well be a turning point. As the nature of disruption evolves, so too must our approach to risk and resilience at sea. These threats are no longer abstract; they are impacting vessel operations, regulatory obligations, and financial outcomes. Not every incident is preventable. But with the right preparation, clear response plans, and appropriate insurance in place, recovery is achievable.
At Lockton, we help clients navigate these complex risks. If you would like to explore your options, discuss the latest insurance products, or arrange a call with our marine cyber specialists, we would be pleased to support you.
