The New Maritime Security Threat Picture Demands More Than Traditional Approaches 

The foundations of maritime security have been tested more severely in the past two years than at any point in recent decades. From the Strait of Hormuz, where Iranian forces have been attacking commercial vessels since February 2026, to the Red Sea, where Houthi strikes disrupted global shipping for over two years, and across the Indian Ocean, where Somali piracy has resurged after years of relative calm, the threat picture has been fundamentally reordered. Static security models and periodic reporting were not built for this environment.  

YAVA and SF Group’s partnership is built on the premise that operators need something better: live intelligence, sound operational judgement and the technology to act on both.  

Here, SF Group Maritime Analyst Shane Wall provides insights into the current threat picture and what a credible response to it requires. 

Introduction: Maritime Security in an Environment That Has Changed Faster Than Most Operating Models 

The threat landscape across the Gulf, East Africa and the Indian Ocean is not simply more dangerous than it was several years ago. It is structurally different. Three overlapping developments define the picture as it stands in mid-2026: the militarisation of global shipping chokepoints by non-state actors; the direct use of strategic maritime geography as an instrument of state coercion; and the resurgence of Somali piracy in the Indian Ocean at precisely the moment when rerouted commercial traffic brought more vessels within range. 

The scale of disruption is concrete. Suez Canal deadweight tonnage remained 57% to 64% below pre-crisis levels throughout 2025, according to BIMCO, and by early 2026 the canal’s revenues were still rebuilding from a near two-thirds collapse the year before. In the Strait of Hormuz, major insurers cancelled war risk cover for Gulf transits entirely from 5 March 2026; when cover returned, premiums had risen from 0.25% of hull value to 3%, implying up to $7.5 million in additional cost for a single tanker voyage. 

This is the operational context in which YAVA and SF Group have formed their partnership. YAVA is a UK-headquartered technology engineering and advisory company delivering software, systems integration and digital infrastructure for governments, critical infrastructure operators, security companies and institutional clients across Europe, the Middle East, Africa, and South Asia. SF Group, whose full name is Salama Fikira, is a specialist risk management, security, logistics, and advisory provider. Its capabilities span security consultancy, maritime security, risk assessment, training, emergency support, logistics, and information and research services, serving governments, corporations, NGOs and international organisations in complex environments. 

SF Group brings operational security expertise, on-the-ground reach and live intelligence through its SF BREATHE platform. YAVA brings the engineering and systems integration capability to make that intelligence scalable at pace. Together they address a gap that is no longer easy to ignore: organisations in high-risk maritime environments increasingly need both capabilities working as one.  

The Maritime Security Threat Landscape: Three Fronts, Simultaneously 

The Red Sea and Bab el-Mandeb: A Ceasefire That Changed Less Than Expected

The Houthi campaign against commercial shipping ran from November 2023 through most of 2025, one of the most sustained asymmetric attacks on commercial maritime traffic in modern history. A Gaza ceasefire in October 2025 led to a formal pause, and war risk premiums for Red Sea transits fell to around 0.2% of hull value by December 2025. But the pause was not a resolution. 

The Houthis warned they would resume attacks if the Gaza ceasefire broke down or regional conflict escalated. Container ship transits through Suez remained 86% below 2023 levels in the fourth quarter of 2025. The capability, the incentive structure and the geopolitical leverage that made the corridor attractive as a target all remain in place. 

The Strait of Hormuz: From Background Risk to Active Conflict Zone 

The Strait of Hormuz carries roughly 20 million barrels of oil and petroleum products daily, around one fifth of global petroleum consumption and a quarter of seaborne oil trade, according to IEA data for 2025. For most Gulf producers there is no viable alternative export route. 

Following Operation Epic Fury in late February 2026, Iranian Revolutionary Guard Corps forces began boarding, attacking and mining commercial vessels in and around the strait. JPMorgan analysts estimated that roughly 329 vessels were operating in the Persian Gulf with approximately $352 billion in combined insurance coverage that private markets were no longer willing to provide. Daily charter rates for oil supertankers quadrupled to nearly $800,000 within a week of the conflict’s onset. 

The Indian Ocean: A Threat That Moved with the Traffic 

The rerouting of shipping around the Cape of Good Hope had an unintended consequence: it doubled vessel traffic on the route east of Somalia, from a monthly average of 305 cargo vessels in 2023 to 624 in 2024, according to Lloyd’s List Intelligence. By late 2025, Risk Intelligence and MSCHOA confirmed the piracy threat in the Somali Basin and Gulf of Aden as elevated, with pirates operating up to 800 nautical miles offshore. UN reporting confirmed physical meetings between Houthi representatives and al-Shabaab in 2024, suggesting coordination across threat networks that further complicates the risk picture for operators in the region. 

Cyber: The Threat Below the Surface 

Physical and digital risk are no longer separate problems. Maritime cyber incidents surged by 103% in 2025 compared with 2024, according to CYTUR’s 2026 Maritime Cyber Threat White Paper, targeting the IT/OT interface on vessels and in ports. Systems controlling navigation, cargo management, access control and crane operations each represent a potential pathway from a digital breach to a physical consequence. For operators in contested environments, both exposures require the same level of sustained attention. 

The Conversation: Shane Wall, Maritime Analyst, SF Group

What follows is an edited interview with Shane Wall, Maritime Analyst at SF Group. The conversation covers the shift in the maritime threat environment, why conventional security, and intelligence models are no longer adequate, how SF BREATHE was designed to fill that gap, and the operating posture that clients in contested environments now need to adopt. 

Wall explains how the maritime threat landscape has evolved and why established responses now fall short.

The threat environment has changed significantly. Which shifts have surprised even experienced operators, and which threats existed before but are only now being taken seriously? 

Wall’s starting point is the economics of modern maritime threat. The conventional assumption has long been that serious disruption requires serious naval capability. That logic has been overturned. 

— Shane Wall, Maritime Analyst, SF Group 

The evidence is in the Black Sea. Ukraine’s drone campaign damaged or destroyed roughly a third of Russia’s Black Sea Fleet and forced the rest to withdraw from Sevastopol. The Houthi campaign in the Red Sea followed the same logic: a non-state actor with no conventional naval capability effectively contested one of the world’s most important shipping corridors for over two years, inflicting billions in economic damage against an international naval coalition that could not suppress it. 

For operators, the lesson is direct. But Wall pushes the argument further, into territory the industry has not yet fully confronted: the potential end of compliance with UNCLOS (1982) Sections 2 and 3. 

— Shane Wall, Maritime Analyst, SF Group 

Iran has demonstrated that a state willing to weaponise its geography can impose enormous costs on global trade at relatively low risk to itself. Whether or not the Indonesian Finance Minister was serious is almost beside the point. The conversation happening at all signals a shift in how states think about the leverage that maritime geography provides. The threshold for attempting this kind of action may be lower than operators currently assume. 

— Shane Wall, Maritime Analyst, SF Group 

Insurance markets have repriced Gulf transits dramatically since February. What does that repricing tell us about the gap between traditional security and what is now actually required? 

For Wall, the insurance repricing is a symptom. The more fundamental issue is a mismatch between the tools the industry has and the nature of the problems it is now facing. 

— Shane Wall, Maritime Analyst, SF Group 

The arsenal of instruments available, whether diplomatic, economic or kinetic, was developed for a different threat environment. Wall identifies the core structural problem: 

— Shane Wall, Maritime Analyst, SF Group 

What makes the current period particularly difficult is that the response is still being developed. Wall frames this through the concept of the Experience Phase: 

— Shane Wall, Maritime Analyst, SF Group 

The insurance market is not simply repricing elevated risk. It is pricing the cost of being in the middle of that experience phase, where the threat is evolving faster than the response. 

SF BREATHE was built because periodic written reports could not keep pace with environments that change by the hour. What does it let a client do on a Monday morning that they could not do before? 

The premise behind BREATHE is straightforward. The threat does not pause. So, the intelligence cannot either. 

— Shane Wall, Maritime Analyst, SF Group 

The specific failure of periodic reporting is structural. A report produced on a Friday describes the situation as it was on Friday. By Monday morning, in an environment as volatile as the current Gulf or East African operating picture, the baseline may have shifted materially. Incidents will have occurred. Threat actors will have moved. Insurance conditions will have changed. 

What BREATHE provides instead is continuity of intelligence. When a client’s team arrives on Monday morning, they are working from the current threat picture rather than the previous weeks. The broader trap Wall identifies that dashboards that look impressive but do not change a single decision, is avoided through a focus on context rather than volume. The question is whether the information is clear enough, current enough and connected enough to affect what the client does next. 

There is a real difference between intelligence that is read and intelligence that is actioned. How does SF BREATHE push insight into operational decisions rather than just inboxes? 

This is where Wall’s approach becomes most specific. The difference between intelligence that sits in an inbox and intelligence that changes a decision is analytical, not technological. Wall describes a practice he applies directly to the incidents he logs: the Analyst Comment. 

— Shane Wall, Maritime Analyst, SF Group 

Clarity does not guarantee correct decisions. But it reliably generates more of them, and that matters. When a decision-maker has enough context to understand what an incident means, not just that it happened but what it may signal about what comes next, the threshold for acting on that information falls. In practice, this translates to route changes, adjusted transit postures, revised escalation thresholds and planning decisions grounded in current conditions rather than outdated assessments. 

— Shane Wall, Maritime Analyst, SF Group 

If a shipping line, offshore operator or port authority called tomorrow, what does SF Group deliver in the first 72 hours, the first 30 days and as an ongoing posture? 

Wall speaks to what he can directly describe: maritime intelligence. His account of the first 72 hours establishes both what is delivered and how it is framed. 

— Shane Wall, Maritime Analyst, SF Group 

Two phrases are doing significant work. ‘By no means exhaustive:’ an assessment that attempts to capture everything becomes a document that is outdated before the client finishes it. The depth lies in the quality of the analysis, not the volume. ‘Fit-for-purpose’: not a promise of perfection, but of an assessment calibrated to what the client needs to act on. 

Equally important is what that document becomes over time. 

— Shane Wall, Maritime Analyst, SF Group 

A static deliverable belongs to a static environment. Over the first 30 days, the initial assessment must become part of a broader operating posture. Patterns need to be tracked. Assumptions need to be updated. Intelligence needs to reach operational teams with enough regularity and clarity to shape the decisions they are taking. Over time, this builds into a sustained model of situational awareness rather than a sequence of disconnected updates. 

This is where the YAVA technology layer becomes operationally significant. SF Group’s intelligence value depends on the ability to deliver it at pace, with context, across multiple geographies and time zones. YAVA designs, builds and maintains the infrastructure that makes that possible, in the same kinds of environments where SF Group operates, including markets where connectivity is unreliable and systems have been assembled in layers rather than designed as coherent architecture. 

Where YAVA Fits: Technology as an Operational Layer 

YAVA provides the technology layer that turns SF Group’s intelligence capability into something scalable and operationally usable. As a technology engineering and advisory company, YAVA designs, builds, integrates and supports systems spanning enterprise IT, custom software, cybersecurity, operational technology, data systems, surveillance infrastructure, secure communications and on-the-ground deployment across Europe, the Middle East, Africa and South Asia. 

Those geographies matter. The environments where SF Group’s clients operate are not always well-served by technology infrastructure. Connectivity can be unreliable. Systems have often been built in layers rather than designed as coherent architecture. Technical support in the field is limited. YAVA’s experience deploying and maintaining technology in precisely these conditions is what makes the partnership credible in practice rather than simply in theory. 

The convergence of physical and digital risk is equally relevant. Maritime operators are managing the security of OT systems controlling port infrastructure, the communications networks connecting their operations and the data architecture underpinning their planning. An integrated capability addressing both physical and cyber exposure is increasingly necessary for operators with serious exposure in contested maritime environments. 

The combination addresses the gap that neither company alone can fill. SF Group brings the operational judgement, domain knowledge, security and logistics capability, and live intelligence to make sense of a fast-moving threat picture. YAVA brings the engineering and integration capability to make that intelligence usable at the pace and scale the current environment demands. The result is integrated operational resilience rather than what security or technology companies have traditionally provided separately. 

What This Means for Clients 

The threat picture Wall describes is the current operating reality for shipping lines, energy companies, offshore operators, port authorities, logistics providers and any organisation with material exposure to the Gulf, East Africa, or the Indian Ocean. It is not a forecast. It is the environment that exists today. 

The events of the past two years have shown that this environment can escalate rapidly and in directions that were not anticipated by existing security frameworks. The Houthi campaign disrupted a major global trade corridor for over two years. The Hormuz situation shifted from background risk to active conflict within days. In the Indian Ocean, a decade of piracy suppression was partly unwound by the unintended consequence of rerouting traffic through a different threat zone. 

Wall’s observation about littoral states adds a forward-looking dimension that operators have not yet fully priced in. If the cost of playing the Iran Card is low enough, and the returns visible enough, the incentive structure for other states controlling strategic waterways may shift. That is not a confirmed threat. It is a direction of travel that a credible risk assessment cannot ignore. 

Organisations that relied on periodic assessments, static protection models or fixed transit protocols during any of the events of the past two years found themselves making decisions based on information that was already out of date. That is the operational gap that the YAVA and SF Group partnership is built to close. 

Speak to YAVA about your Security, Technology or Infrastructure Requirements

Whether you are reviewing your operating posture in the Gulf, East Africa or South Asia, assessing your technology infrastructure in a complex environment, or exploring integrated security and digital support for a critical project, YAVA and SF Group offer a combined capability built for the conditions that now exist.

Email us at media@yava.com or contact us via www.yava.com/contactus.

Follow YAVA: 

LinkedIn @YAVA_COM (https://www.linkedin.com/company/yava-com/) 

Instagram @YAVA_com (https://www.instagram.com/yava_com/) 

X / Twitter @YAVA__COM (https://x.com/YAVA__COM)