Superyacht cybersecurity can affect everyone involved with the yacht…the crew, captain, ETOs, yacht management, and even the family offices behind UHNW owners all sit within the same digital risk.
This guest blog is a true story by Matthew Roberts, a former deckhand who “hacked” a superyacht. It explores how one guessed password exposed deeper issues in yachts’ cyber risk management. It is a candid look at how easily weak processes and familiar password habits can make the yacht vulnerable, create real risk onboard and shows why superyachts need stronger access control, better password hygiene, and clear cybersecurity leadership both onboard and ashore.
"At 18, I thought I knew exactly what I wanted from the yachting world.
A friend invited me onto their family’s superyacht in Corsica for a couple of nights. I fully appreciate how obnoxiously fortunate that sounds. I was the lucky guest, the one who got to sleep in, eat well, and enjoy the view. But the person I envied most wasn’t the owner. It was the deckhand, Steve, who met me at dawn, bleary-eyed but smiling, to take me wakeboarding while everyone else was still asleep.
It might seem like a sad brag, but it was my first experience of the superyacht industry. (And last as a guest by the way!) I loved being a guest, but I loved the idea of being crew even more.
That short trip left a deeper mark than I realised. I went off to university, assuming yachting would remain a fond memory.
I was wrong.
Chasing the dream (and an engagement ring)
After university, I joined a maritime security company at the height of Somali piracy. We were putting former Royal Marines with rifles onto merchant ships to keep them safe. Most of our work was with big commercial vessels, but every so often a superyacht appeared on the list, usually heading east towards the Seychelles or the Maldives.
At the same time, I met the woman who would become my wife. Before we met, she’d spent 18 months as a stewardess on a 40m Benetti. She shared stories from life onboard: long hours, strange requests, camaraderie, travel, and how it paid for her master’s degree and gave her a financial head start. I was in my early 20s, with not much to my name, very aware I couldn’t afford the engagement ring she deserved anytime soon with a traditional land job.
Yachting came back into focus.
It offered travel, adventure, the chance to finally scratch that itch of being crew and the potential to save money quickly. So I made the decision many do: go to sea, work hard for 6-12 months, and come back with both a story and a head start.
I took it seriously.
I got my STCW 95, did the firefighting and power boating courses, invested in the tickets and training. I based myself in a guest house on the south coast of France, moved up and down the coastline, dock-walking, meeting recruiters, taking daywork whenever I could.
My intention was simple: get in, do the job, earn the money, and go home to propose. The reality was harsher. It was ultra-competitive. Hundreds of hopeful faces, stacked CVs, short-term opportunities that never turned into permanent roles. I edged forwards but never broke through.
Eventually, I decided to come home.
On paper, my yachting career ends there. I refer to it as being a ‘failed deckhand’. At the time, that hurt more than I let on. In hindsight, it was one of the best decisions I ever made.
From "failed deckhand" to yacht tech
Back on land, I found a role at a VSAT communications company in Chessington, providing satellite internet and IT networking to yachts. I “fell into” the job, but quickly realised how much I loved it. If I’d been providing internet to a typical office, it would have been a simple cable and a forgettable install.
On yachts, everything was moving, complex, and bespoke: antennas tracking satellites, networks split between owner, guest, and crew, technical constraints wrapped around human expectations. It was intricate and fascinating.I was back around yachts, this time not from behind a chamois. I was walking docks as a supplier, visiting clients, stepping on and off vessels, seeing the industry from the perspective of those who keep it connected.
I worked there for seven years and saw the company through a merger. I had the stability of life ashore and the ability to be present for my wife and, later, our family, while still staying close to an industry I’d never quite joined “properly” as crew. Captains and operators sometimes asked whether I’d consider coming onboard as an AV/IT officer or ETO. It was a realistic move. But by then, I knew I valued being home. I wanted to travel with my partner and family, not something I did alone for months. The pay and tax advantages were tempting, but not enough.
I wasn’t going to be crew in the traditional sense.
My earlier background in physical maritime security started to collide with my world in connectivity and IT. From that vantage point, I began to see worrying patterns: hacked services, ransomware incidents, data leaks. One encounter in a marina in West Palm Beach crystallised it.
A yacht client was locked out of a system; nobody knew the password, and there was no proper process. Standing there as a relative stranger, I tried a few combinations I’d seen patterns of before, often built around the yacht’s name.
It worked.
We regained access. On one hand, I’d helped them. On the other, I was a complete outsider who should never have been able to guess or ‘hack’ my way into a supposedly secure system. In an industry where you’d assume security would be world-class, what I saw repeatedly was almost the opposite. That moment was the seed of what would become Anchorpoint.
Read full article about the ‘hack’ here.
Rethinking what it means to be crew
As I moved into more cybersecurity-focused roles, one thing became obvious: on yachts, cybersecurity was an afterthought. Crew are hired and trained to deliver seven-star service and safe operations, not to become part-time cybersecurity analysts. Their days are already full. Asking them to master complex, evolving threats is unrealistic.
Meanwhile, many programmes tried to solve the problem by buying products they didn’t fully understand. Firewalls, appliances, and subscriptions are often resold at a premium simply because “superyacht” was attached. “Yacht tax” was alive and well.
Beneath it all sat a deeper issue: trust.
Owners, Captains, and family offices were outsourcing trust in their digital security to third parties who weren’t truly embedded in the programme. The people onboard, the Captain, Chief Engineer, and ETO, if they had one, often lacked the cybersecurity expertise to challenge those solutions or interpret the advice.
The system stayed broken.
When I started Anchorpoint, I stepped back and asked: what’s really missing? Not just tools. Leadership. In big shore-based organisations, that leadership exists in the form of a CISO, a Chief Information Security Officer, someone who understands risk, sets direction, and builds culture. In yachting, that role didn’t exist in a way that was affordable, trusted, and embedded. And putting a full-time cybersecurity specialist onboard most yachts was neither practical nor justifiable.
That’s where the idea came from: become the virtual Cybersecurity Officer (vCySO) for superyachts.
Create a new type of crew member, fractional, specialised, focused solely on cybersecurity leadership and culture, but without taking a cabin or living onboard. Ironically, by failing to get that deckhand job, I ended up as crew anyway. Not scrubbing decks or handling lines, but sitting alongside Captains, ETOs, management companies, and family offices as part of the team: helping them understand risk, make better decisions, and build a security culture that can stand up to modern digital life.
We act like a fitness coach for cybersecurity. It’s not about shaming people with how bad things are. It’s about showing progress: clear metrics, visible improvements, realistic priorities, and a cybersecurity safety management system built around it that sits naturally alongside ISM. We don’t resell shiny tools. Our value lies in guidance, project management, procurement support, and above all, trust. Our job is to help yacht programmes spend wisely, build sustainable practices, and eventually become self-sufficient.
Because real security isn’t something you buy once, it’s a culture.
I didn’t become the deckhand I once dreamt of being. I never lived the classic “yachtie” life. But in the end, I did become crew, on my own terms. Today, my role is to stand alongside the people who keep these vessels running and the families who own them, and to protect something you can’t photograph for a brochure: their digital lives, their privacy, their confidence that what happens onboard stays onboard.
If yachting is going to keep its promise of freedom, joy, and escape in an increasingly connected world, it needs that kind of crew member, too. That’s the gap Anchorpoint exists to fill.
To learn more about Anchorpoint, click HERE
*The yacht pictured is not the yacht that Matthew "hacked"
