The world of remote operations is becoming increasingly vulnerable to cyber threats, with the risk of disruption growing exponentially across various sectors. A recent report by Marlink has shed light on this issue, highlighting the evolving nature of cyber attacks that are now driven by user credentials and human error. The report emphasizes the importance of addressing these structural weaknesses in order to reduce exposure and improve resilience in remote environments. This is a pressing concern for organizations operating in industries such as maritime, energy, enterprise, and critical infrastructure, where digital dependency is on the rise.
The report notes that trusted access and credentials are now primary attack pathways, making incidents harder to detect and increasing the likelihood of cyberattacks resulting in network and operational downtime. Identity-based attacks have become a dominant force, with 69% of observed risks linked to compromised user credentials compared to traditional technical vulnerabilities. This shift in attacker behavior signals a decisive change in the way organizations approach cybersecurity.
The IT/OT convergence is further expanding exposure across digitalized operations on ships and industrial sites in remote environments on land. In 2025, 60% of assessed sites relied on shared infrastructure, over 70% had undocumented or poorly secured connections, and 30–40% of OT assets were initially unknown or unmanaged. These gaps are increasingly exploited through trusted access rather than malware.
The human factor remains a critical focus in cyber security. Phishing simulations showed that 20% of users clicked malicious links and 11% disclosed credentials, while only 11% reported incidents. Ransomware continues to scale, with incidents detected across Marlink-monitored environments rising from 5,740 in 2024 to 7,793 in 2025.
In maritime environments, 82% of alerts were concentrated in crew network zones, reinforcing user-facing systems as the primary attack surface. This highlights the importance of prioritizing cybersecurity measures that focus on user awareness and education, as well as implementing robust security protocols to protect against identity-based attacks.
The report emphasizes the need for an identity-first security model, stronger control of trusted access, and closer integration between cyber security and operational infrastructure. Measures such as multi-factor authentication, network segmentation across IT and OT, continuous monitoring, and targeted user awareness programs are critical to reducing exposure and improving resilience in remote environments.
Nicolas Furgé, President of Marlink Cyber, notes that the data confirms a clear shift in how cyber threats materialize in remote environments. He stresses that addressing these structural weaknesses requires more than additional tools, but rather an identity-first security model that prioritizes user credentials and access control.
The implications of this report are far-reaching, with significant consequences for organizations operating in high-risk industries. It is imperative that these organizations take proactive steps to address the evolving cyber threat landscape and implement robust cybersecurity measures to protect their operations.
As the world continues to become increasingly digitalized, the importance of cybersecurity cannot be overstated. The Marlink Cyber Intelligence Report for Remote Operations 2026 serves as a wake-up call for organizations to prioritize cybersecurity and take proactive steps to mitigate the risks associated with evolving cyber threats.
