Marlink cybersecurity report – getting credentials “primary attack pathway”

Marlink, a global leader in secure managed services for business-critical digital solutions, has released its Cyber Intelligence Report for Remote Operations 2026, highlighting how evolving cyber threats are increasing the risk of disruption across maritime, energy, enterprise and critical infrastructure sectors.

The report reflects growing exposure to safety, operational, financial and reputational risk as digital dependency increases across remote environments. Based on continuous monitoring from global Security Operations Centres (SOCs) and more than 200 cyber security assessments, it identifies a clear shift in how attacks occur, with key findings including:

• Trusted access and credentials are now primary attack pathways

• Greater IT/OT integration has expanded the attack surface

• The human factor continues to drive initial compromise

  
  

These vulnerabilities allow attackers to exploit trusted access pathways, making incidents harder to detect and increasing the likelihood of cyber attacks resulting in network and operational downtime. Identity-based attacks now dominate, with the report finding that 69% of observed risks were linked to compromised user credentials, compared with 12% related to traditional technical vulnerabilities, signalling a decisive shift in attacker behaviour.

According to the report, IT/OT convergence is further expanding exposure across digitalised operations on ships and industrial sites in remote environments on land. In 2025, 60% of assessed sites relied on shared infrastructure, over 70% had undocumented or poorly secured connections, and 30–40% of OT assets were initially unknown or unmanaged. These gaps are increasingly exploited through trusted access rather than malware.

The human factor remains a critical focus in cyber security. Phishing simulations showed that 20% of users clicked malicious links and 11% disclosed credentials, while only 11% reported incidents. Ransomware continues to scale, with incidents detected across Marlink-monitored environments rising from 5,740 in 2024 to 7,793 in 2025. More than half of these incidents targeted transportation, energy and manufacturing. In maritime environments, 82% of alerts were concentrated in crew network zones, reinforcing user-facing systems as the primary attack surface.

“The data confirms a clear shift in how cyber threats materialise in remote environments,” said Nicolas Furgé, President, Marlink Cyber. “Addressing these structural weaknesses requires more than additional tools. It demands an identity-first security model, stronger control of trusted access, and closer integration between cyber security and operational infrastructure. Measures such as multi-factor authentication, network segmentation across IT and OT, continuous monitoring, and targeted user awareness programmes are critical to reducing exposure and improving resilience in remote environments.”