Cybersecurity is not a luxury, it’s infrastructure.

The yachting world is evolving rapidly, with technology now woven into every part of life onboard. Navigation, communication, entertainment, operations, it’s all digital. And with that digital integration comes digital risk.

To understand how cybersecurity fits into this unique environment, we sat down with Dion van der Burg, Cybersecurity Specialist at ONEXP, to talk about the state of the industry, the real-world risks vessels face, and how he works with crews and Owner’s Representatives to secure these floating networks.

“Some yachts are catching up. Others are already ahead.”

“When it comes to cybersecurity, there’s a wide spectrum in yachting,” Dion says. “Some vessels are only now realising it’s something they should care about. Others have been working on it for years and are pretty solid.”

One encouraging sign: more and more new builds are baking cybersecurity into the process. “You see it becoming a default step, something that’s no longer optional which was not the case five years ago.”

But overall? “The industry still has a lot of ground to cover.”

We ask Dion what the most common threats look like and what every yacht should have.

“It’s often not that complicated. A phishing email, a malicious link, an outdated app. One wrong click and suddenly you’re dealing with ransomware.”

He explains that many of these attacks aren’t even targeted. “They're just out there, scanning for vulnerabilities. And yachts, if not properly protected, can be low-hanging fruit.”

“24/7 monitoring is key. If something happens, you want to know immediately. And you need a solid patch and vulnerability management process, risk-driven. You can’t patch everything at once, so you prioritise.”

Another overlooked basic? “Old software. People forget about all the small applications running in the background. Or they update the OS but leave legacy tools untouched. That’s risky.”

Technology isn’t the only weak spot. The human element is often the biggest. “Crew members are professionals in many things, AV, IT, operations, but cybersecurity usually isn’t one of them,” Dion says. “They’re already stretched thin. That’s where we come in.”

ONEXP helps set up a cybersecurity framework that includes practical training and realistic incident response plans. “We run drills. We simulate incidents. We don’t just throw a presentation at them once a year. Instead, we’re working towards short, monthly awareness sessions. A 5-minute video or walkthrough. That sticks better.”

ONEXP doesn’t offer templated solutions. Every vessel is different, private or charter, size, crew, operational style. “Charter vessels carry more risk just by nature, more people, more changeover. So the security approach has to be stricter.”

But the fundamentals remain the same: risk-based priorities, operational awareness, and resilience. Integrating cybersecurity after the fact during a refit or onboard an active vessel, is always more complex. “There are overlaps between systems, legacy networks, operational constraints. It’s not impossible, but it’s more expensive.” That’s why early integration is smarter. “When cybersecurity is designed from the start, you save time and money and you avoid redoing things twice.”

One technical point Dion brings up is network segmentation and he’s clear about its importance. “You don’t just divide the network, you segregate it. That means controlling what traffic is allowed between different segments. And it’s not just about function anymore, it’s about risk. A high-risk asset should be in a well-isolated zone. If something happens, segmentation limits the impact.”

What makes ONEXP different?

“Our edge is that we understand both the tech and the environment,” Dion says. “We know guest operations can’t be disrupted. So we work around that. We know how these vessels are run, how the AV and IT systems function, and how to secure them without impacting day-to-day life onboard. We’re not here to complicate. We’re here to make sure the yacht runs securely.”

As we wrap up, Dion reflects on the direction the industry is heading.

“There’s a shift happening. Regulations are coming. Owners and builders are more aware. But awareness isn’t enough, action is needed.”

And what would Dion tell a yacht owner still unsure whether cybersecurity is worth the investment?

“It’s not a luxury feature. It’s infrastructure. And the earlier you take it seriously, the less damage you’ll deal with later.”

Want to know where your yacht stands?
ONEXP offers FREE cybersecurity assessments. No sales pitch, just honest advice from people who understand how yachts really work.

Let us help you stay ahead of the curve.