top of page

The Seabed Frontier: Why Undersea Cable Security Risk Is Now a Board-Level Liability

  • Writer: CES Intelligence
    CES Intelligence
  • Jul 8
  • 16 min read

Updated: 5 days ago

How Shadow Fleets, Legal Gaps, and Repair Bottlenecks Are Exposing a $10 Trillion Vulnerability Most Boards Haven't Mapped.


Approximately $10 trillion in daily financial transactions flow through nearly one million miles of undersea fiber-optic cable. That infrastructure carries 99% of intercontinental data traffic — the aorta of the global financial system, the physical substrate of every cloud migration, every AI deployment, every cross-border settlement. It is also being deliberately severed. On the last day of 2025, at 4:53 a.m. local time, Finnish operator Elisa detected a disruption on its cable linking Helsinki to Tallinn. The incident was one of 44 publicly reported cable damages catalogued across 32 distinct groupings in 2024 and 2025 by open-source threat assessments — a tempo that has moved the threat environment from statistical background noise to systematic campaign.


The framing error comes first, because everything else follows from it. Undersea cables appear in corporate risk registers as a line item beneath the telecom budget — infrastructure someone else maintains, failure someone else fixes. That taxonomy is a decade out of date. What is happening now across the global subsea cable network is not a series of accidents — it is a distributed campaign of deliberate infrastructure sabotage executed through plausible deniability. The undersea cable security risk is no longer a vendor problem — it is a structural liability that compounds with every severed connection boards fail to map. The signal is not the outage. It is the campaign beneath it.


A pattern runs through the CES Intelligence analyses this year, and it applies here with precision. In The Critical Minerals Trilemma, the leverage concentrated one tier above the asset boards were monitoring. In The Precursor Problem, the binding dependency operated a chemical layer below the surface boards had mapped. The Pacific Compression demonstrated that the risk that matters runs beneath the headline — not at the level boards are watching. The same architecture is visible here: the vulnerability that matters is not the cable. It is the seabed beneath it — and the legal, repair, and insurance architecture that was never designed to protect it.



Dark oil tanker silhouetted at dusk — where plausible deniability meets critical infrastructure. Undersea cable security risk, shadow fleet sabotage, 2026.
A sanctioned tanker silhouetted at dusk — where plausible deniability meets critical infrastructure. The undersea cable security risk is not the cable. It is the seabed beneath it.

1. The Shadow Fleet Campaign: Doctrine, Not Episodes


The sabotage campaign operates across three theatres simultaneously, and boards are reading each one as a standalone incident. The pattern is different. The Baltic, the Red Sea, and the Taiwan Strait each show the same methodology: deploy presence, deny intent, normalise the damage. Each incident calibrates the threshold of tolerated disruption — testing how far the campaign can go before the response crosses from diplomatic protest to military action.


The Baltic campaign. Vessels linked to Russia's shadow fleet have been implicated in repeated cable-cutting incidents — telecommunications and power cables serving Sweden, Finland, Germany, Estonia, and Latvia. Finnish authorities took control of the vessel Fitburg and escorted it to the port of Kantvik after it damaged an undersea cable. The Deliver (150,284 dwt, Cameroon-flagged, EU-sanctioned since March 2025) was intercepted by French naval commandos off the coast of Sicily on 23 June 2026, her AIS track tracing from Russia's Primorsk terminal. European enforcement is intensifying: nine suspected shadow fleet tankers have been seized across Europe since the start of 2026, four by France. Britain seized an oil tanker in the English Channel on 14 June. Three more were inspected under a European naval mission in the Mediterranean. The Russian embassy in Paris called the Deliver interception "piracy." This is the vocabulary of escalation, not adjudication. France has conducted five seizures since launching its enforcement campaign in September 2025 — a tempo that confirms both the scale of the fleet and the inadequacy of the underlying legal architecture to deter it.


The Indo-Pacific layer. In the first two months of 2025, four separate cable disruptions were reported around Taiwan. In February 2024, three Red Sea cables were severed — the anchor of the sinking Rubymar, struck by a Houthi missile, cutting connectivity between Asia, Europe, Africa, and the Middle East. The geographic dispersal is not incidental. It reflects a methodology tested in one theatre and exported to others — each incident calibrating the threshold of tolerated disruption.


The tactical architecture. These are not coincidences. They are the expression of what threat intelligence assessments have identified as state-sponsored malicious activity exploiting three structural vulnerabilities: lack of redundancy in cable networks, lack of diversity of physical cable routes, and a strained global repair capacity. The tactic is cheap, the attribution is difficult, and the legal framework to respond is absent. The vessels involved are aged, insured through opaque jurisdictions, flagged under convenience registries, and crewed with layers of deniability. When intercepted, the diplomatic response is calibrated outrage, not concession. When not intercepted, the cable is already cut.


The binding observation: nine shadow fleet seizures across Europe in six months confirm the scale of the threat. But enforcement is reactive, not structural. The cable-cutting tempo continues to accelerate — and the legal architecture that governs the seabed remains unchanged. The binding constraint is not interception capacity. It is the absence of a deterrent framework.



2. The Legal Gap: Where Undersea Cable Security Risk Meets Lawfare


The United Nations Convention on the Law of the Sea grants coastal states the right and responsibility to protect undersea infrastructure within their exclusive economic zones and continental shelves. That framework was designed for a world in which cable damage was overwhelmingly accidental — fishing and anchoring incidents account for 86% of the approximately 200 subsea cable faults recorded annually across a global network of approximately 1.6 million kilometres of cable. It was not designed for a world in which state-linked actors disable AIS transponders near cable routes, in which repair ships are observed loitering unscheduled over critical infrastructure, and in which a 150,000-tonne tanker drags its anchor across a known cable path with geographic precision.


Russia and China are exploiting this gap systematically — a practice accurately described as lawfare: the strategic exploitation of ambiguities in international law to achieve military objectives below the threshold of armed conflict. The undersea cable security risk is not that the legal framework is absent. It is that the framework is structurally mismatched — built for fishing accidents, weaponised by state actors who understand that the cost of exploitation is negligible relative to the disruption it generates.


The institutional response is forming — but slowly. The International Advisory Body for Subsea Cable Resilience was established in 2024 under the ITU and ICPC. The first International Submarine Cable Resilience Summit convened in Abuja, Nigeria, in early 2025; the second took place in Porto, Portugal, in early February 2026. The FCC adopted new rules streamlining cable licensing and, for the first time, requiring licenses for operators of submarine line-terminal equipment (SLTE) — the critical connective tissue between seabed and terrestrial infrastructure. The FCC has also barred Huawei, ZTE, China Telecom, and China Mobile from US submarine cable systems, with proposed expansion to any equipment from countries designated as foreign adversaries. The FS-ISAC published its Subsea Cable Infrastructure risk and resilience report in December 2024, providing financial institutions with the first sector-specific framework for assessing cable dependency. CSIS released a comprehensive report on subsea cable security in November 2025.


The structural gap: these are institutional responses to a kinetic problem. The gap between conference communiqués and operational cable protection is measured in severed connections, not white papers. The legal architecture will adapt — but on a timeline measured in years, while the sabotage campaign operates on a timeline measured in weeks. Boards that wait for the legal framework to catch up are accepting a liability the law does not yet compel them to measure.



3. The Repair Constraint: A Fleet Too Small for a Theatre Too Large


The global subsea cable repair fleet is small, aging, and geographically concentrated. When a cable fails, a repair vessel must be dispatched from one of a limited number of regional bases — and fuel alone accounts for 30% to 70% of total repair cost, which averages $500,000 to $1 million per fibre-optic incident, rising to $1.5–2 million when vessel transit and fuel are included. Subsea power cable repairs range from $10 million to $100 million. When multiple cables are damaged in the same maritime theatre — as has occurred in the Baltic — the repair queue compounds, and the outage extends. In regions lacking sufficient cable density to justify a dedicated repair vessel, operators are forced to charter construction vessels on the open market at substantially higher cost and longer delay.


Open-source reporting has documented repair ships loitering unscheduled over key cable routes and vessels intermittently disabling AIS transponders near submarine cables. The implication is operational, not theoretical: the same scarcity of repair capacity that delays civilian restoration also creates a surveillance and manipulation vector. A state actor with the ability to damage cables, observe repair routing, and exploit the resulting intelligence gains a persistent advantage in understanding traffic priorities, redundancy architecture, and critical-path dependencies.


Over $16 billion in new submarine cable construction is planned for 2026–2029 — a figure driven by hyperscaler demand and the replacement of aging legacy systems. But new cables do not solve the repair bottleneck. They deepen it. More cables mean more potential failure points, more repair demand, and continued reliance on the same constrained fleet of vessels. The infrastructure is expanding faster than the maintenance architecture supporting it.


The capacity truth: the repair fleet is the chokepoint of the entire subsea cable ecosystem. Boards that have mapped their cable routes but have not mapped the repair vessel availability for those routes have mapped the wrong variable. The constraint that matters is not whether a cable exists — it is whether it can be restored when it is deliberately cut, and how long that takes when multiple cables fail simultaneously.



4. The Insurance Paradox: Calibrated for Accidents, Blind to Sabotage


Insurance coverage for subsea cable systems was calibrated against a world of accidental damage — the 86% baseline of fishing and anchoring incidents. It was not calibrated against state-sponsored sabotage, multi-cable concurrent damage, or the strategic denial of repair access. The Financial Times has reported that attacks on the infrastructure that moves money could pose a bigger threat than cyberattacks — a characterisation that elevates cable risk from operational nuisance to systemic financial stability concern. FS-ISAC's December 2024 report marked the first time the financial sector formally acknowledged subsea cable dependency as a sector-specific resilience priority. Accenture's global lead for financial services cybersecurity has publicly characterised the potential impact as "far-reaching," particularly as the global economy's interdependence on real-time data flows has deepened.


The Red Sea chokepoint alone carries approximately 17% of global internet traffic, with over 90% of Europe–Asia communications transiting through Egyptian subsea systems. A disruption at a single point of concentration like the Bab al-Mandab Strait — which narrows to 26 kilometres — does not degrade one cable. It degrades an entire corridor. The CSIS has documented this concentration risk in its November 2025 report. The financial sector's own recognition, through FS-ISAC, that this is a resilience priority is significant — but recognition is not mitigation.


Every multinational organisation's data architecture has hidden cable dependencies: trading infrastructure reliant on specific routes, data centre failover dependent on terrestrial circuits that assume submarine cable availability, cloud architecture designed for latency optimisation rather than circuit survival, and AI compute pipelines — including the sovereign infrastructure discussed in our April 2026 analysis on AI Sovereignty — that depend on international bandwidth flows now being physically contested.


The pricing signal: the undersea cable security risk is structurally mispriced because the insurance models were built for a world that no longer exists. The insurance market will correct — as it always does, after the first insured loss demonstrates the model was wrong. Boards that wait for the correction to price their exposure are accepting a liability they have not measured.



5. The Hidden Transmission: From Seabed to Balance Sheet


Cable dependency is a supply-chain risk, not a telecom expense. The transmission mechanism from seabed to balance sheet operates through four vectors that boards have not mapped as a single architecture.


Landing stations are chokepoints. A cable is only as resilient as its landing station. Organisations with operations in regions served by a single landing station — or by multiple cables that share the same physical landing point — have zero practical redundancy. This is not theoretical: Taiwan's early 2025 disruptions demonstrated that an island economy can lose connectivity to its own outlying territories when cable diversity collapses.


Repair timing is now a geopolitical variable. The time between a cable fault and restoration is no longer determined solely by engineering logistics. It is determined by repair vessel availability — a resource that is scarce, increasingly observable, and potentially subject to geopolitical obstruction. Organisations whose recovery time objectives assume cable restoration within a standard SLA window are operating on a baseline that no longer reflects the threat environment.


Concurrent failure is the scenario to stress-test. Single-cable failures are manageable. Concurrent damage to multiple cables in the same theatre — Baltic, Red Sea, Taiwan Strait — is the scenario that breaks cloud architectures, trading platforms, and cross-border data flows. This is the scenario most business continuity plans do not model, because they were written when cable faults were statistical accidents, not deliberate acts.


The military dimension is arriving. Poland's $4.8 billion order for three Saab A26 submarines — signed on 29 June 2026 in Gdynia, designed for Baltic operations, capable of carrying drone swarms for critical infrastructure protection — signals that undersea infrastructure defence is entering national force posture. The UK is scrapping new destroyers in favour of at least six hybrid warships equipped for drone deployment. The Philippines is deploying four US-made Triton autonomous underwater and surface vehicles to protect cables in the South China Sea, a $13 million transfer announced on 25 June 2026. Russia's Marshal Vasilevskiy — a commercially flagged floating storage and regasification vessel critical to Kaliningrad's energy security, and subject to sanctions though not part of the shadow fleet — has appeared armed with heavy machine guns in the Baltic. Latvia and Ukraine are building a joint drone manufacturing facility in Latgale, on Latvia's border with Russia and Belarus. The seabed is being militarised, and the private sector's critical infrastructure sits in the same physical space as the targets.


The transmission truth: the transmission from seabed to balance sheet is not linear. It is networked — through landing stations, repair timelines, concurrent failure correlations, and a military dimension that introduces force-posture variables into what boards treat as a procurement decision. The undersea cable security risk is not a single-variable exposure. It is a compound dependency that spans physical infrastructure, legal ambiguity, repair scarcity, and military escalation — and the correlation between these vectors is positive, not zero.



6. Three Scenarios Through 2027


Scenario A — Managed Escalation (base case, ~45–50%). Cable sabotage continues at the current tempo. Attribution remains contested. European enforcement intensifies but remains reactive — seizures accumulate without a deterrent legal framework. Insurance premiums for cable-dependent routes rise 15–25%. Repair delays extend from days to weeks in contested theatres. No systemic blackout — but the cumulative effect reprices the operating environment: redundancy investment inflates IT budgets, latency degradation affects time-sensitive trading and AI inference pipelines, and the cost of capital for operations with concentrated cable dependency increases as underwriters incorporate sabotage risk into pricing models. For boards, the exposure is not disruption; it is cumulative resilience cost inflation transmitted through insurance, redundancy, and latency.


Scenario B — Regional Connectivity Collapse (~30–35%). Concurrent multi-cable damage in a single theatre — Baltic most likely, Red Sea as alternative. Three to five cables severed simultaneously or near-simultaneously. Repair queue compounds to 4–8 weeks as the limited repair fleet is saturated. Financial trading in affected corridors disrupted for 24–72 hours. Cloud failover architectures tested and found insufficient — designed for single-fault tolerance, not concurrent theatre-wide damage. Container rates and logistics data flows degrade. Insurance markets reprice cable sabotage as a named peril. Probability assessed at ~30% because the mechanism is proven (Baltic 2024–2025), the repair constraint is arithmetic (limited vessels, multiple faults), and the tactical cost to the attacker is negligible relative to the disruption generated. This scenario is mispriced by markets not because it is likely, but because its probability is no longer trivial and its blast radius covers the entire financial trading stack, the cloud dependency architecture, and the insurance market simultaneously.


Scenario C — Cascading Cross-Theatre Disruption (~15–20%). Simultaneous or near-simultaneous cable sabotage across two or more theatres — Baltic, Red Sea, and Taiwan Strait. Global repair fleet saturated. Restoration exceeds 7–14 days in most affected corridors. Cross-border settlement systems degraded. Cloud service degradation triggers cascading operational failures in financial services, logistics, and AI-dependent infrastructure. Equity markets with technology concentration sell off. Governments scramble for diplomatic off-ramps under massive pressure. The scenario reveals that the assumption of independent failure modes across theatres is false — the underlying actor capability is coordinated, and the repair fleet is a single shared constraint. Probability is lower than Scenario B, but the consequences are systemic — and this scenario is mispriced because models treat theatre-level cable failures as uncorrelated events when the adversary's capability to execute them simultaneously is the defining variable.



7. Six Signals Worth Tracking


A short watchlist, each capable of shifting the probabilities:


Shadow fleet interdiction tempo. Any acceleration or geographic expansion of seizures beyond the Baltic and North Sea — particularly into the Mediterranean or South China Sea — signals escalation beyond the current campaign scope. Track European and regional maritime enforcement reporting alongside interdiction data.


Repair vessel positioning anomalies. Any pattern of unscheduled loitering, AIS disabling, or route deviation by repair vessels near critical cable paths signals potential surveillance or manipulation of the repair architecture itself. Track AIS data from open-source ship-tracking platforms and maritime intelligence providers.


Insurance market repricing for cable-dependent routes. The first market to price sabotage risk will be marine and cyber insurance for cable landing stations and subsea infrastructure. A sustained widening of premiums in Baltic, Red Sea, or Taiwan Strait routes is a leading indicator that the market — not the media — has begun to absorb the campaign.


NATO seabed posture language. The Turkey summit on 7 July 2026 and subsequent ministerial meetings will test whether undersea infrastructure defence enters NATO force posture formally. Any communiqué language on seabed warfare, cable protection, or repair fleet mobilisation is a leading indicator of institutional escalation. Track NATO summit declarations and DPO statements.


FCC and ITU regulatory milestones. The FCC's SLTE licensing rules and foreign adversary equipment bans are the leading edge of regulatory hardening. Any acceleration of implementation timelines — or equivalent EU regulatory action — narrows the legal gap. Track FCC rulemaking dockets and ITU/ICPC Advisory Body outputs.


Military seabed capability deployments. Submarine procurement, AUV programmes, and seabed warfare doctrine publications are the hardware layer of the military dimension. The Poland–Saab A26 contract, the Philippines Triton deployment, and the UK hybrid warship programme are the first movers. Track defence procurement announcements from Baltic, Indo-Pacific, and NATO member navies.


8. What This Means, Concretely, For Boards


For institutions with trading infrastructure, cloud architecture, data centre operations, AI compute pipelines, or cross-border data dependencies — four disciplines now apply.


Discipline 1 — Map cable dependencies to the landing station, not the route. Identify every critical data route, landing station, and redundancy assumption in the organisation's digital architecture, with explicit assessment of single-point-of-failure exposure. Boards that have mapped their cloud provider but not the cable landing station feeding that provider's data centre have stopped one layer too early. The same logic we applied in The Critical Minerals Trilemma and The Precursor Problem applies here: the dependency that matters sits below the layer boards have mapped.


Discipline 2 — Stress-test concurrent multi-cable failure, not single fault. The undersea cable security risk is not a single-variable exposure. Model concurrent damage to multiple cables in the same theatre — Baltic, Red Sea, Taiwan Strait — against trading continuity, cloud failover, AI pipeline degradation, and settlement system availability. Single-fault recovery testing underprices the compounding effect of theatre-wide disruption. A board that has stress-tested its cable supply by route but has not stress-tested concurrent failure across multiple routes in the same maritime theatre has stress-tested the scenario it finds most comfortable to quantify.


Discipline 3 — Architect true route diversity, not shared-corridor redundancy. Diversify landing stations, implement true route diversity (not shared-corridor redundancy), and design failover architectures that survive submarine cable denial, not just submarine cable delay. Cloud architectures optimised for latency assume cable availability. Architectures optimised for resilience assume cable disruption. The question is not which architecture is cheaper. It is which architecture survives the scenario the seabed is now producing.


Discipline 4 — Engage insurers and regulators before the pricing correction. Obtaining cable-risk coverage under current terms requires demonstrating that the organisation has mapped and mitigated its exposure. Organisations that cannot demonstrate this will face uninsurable risk once the market reprices. The FS-ISAC framework, the CSIS concentration-risk documentation, and the FCC's SLTE licensing rules are the regulatory signals. The insurance market will follow — and when it does, the organisations that have not mapped their cable dependencies will find that the coverage they assumed was standard is no longer available at any price the board is willing to pay.



The era of invisible infrastructure was a thirty-year window. It is closing. What is happening in the Baltic shipping lanes, in the Red Sea chokepoints, in the Taiwan Strait cable routes, and in the conference rooms of Abuja, Porto, and Washington is a single compression — and the exposure it creates is not episodic. It is structural. The seabed is now contested space — between states that exploit it, navies that patrol it, and corporations whose entire digital architecture rests on cables that were never designed to survive deliberate attack. The boards that recognise this in July 2026 will build resilience at a manageable premium. The firms that delay will discover the cost of their dependency in the hours after a cable they didn't know they relied on goes dark — and find that the infrastructure they treated as invisible was the one they should have been mapping all along.


---


From shadow fleet enforcement to seabed infrastructure defence, we provide the independent intelligence required to navigate 2026. Request a secure consultation.


DISCLAIMER 

This briefing is not investment advice, financial advice or legal advice.


This briefing is based on publicly available sources cited herein. Factual claims are attributed to named sources. Analytical judgments, scenario assessments and probability estimates reflect the author's professional assessment and do not constitute assertions of fact. Readers are advised that geopolitical and market analysis involves inherent uncertainty. CES Intelligence and its authors accept no liability for decisions taken on the basis of this briefing. This briefing does not constitute an allegation against any named individual, corporation, or state entity.


SOURCES

This briefing draws on Chatham House (June 2026 assessment of undersea cable infrastructure and The World Today), the Bulletin of the Atomic Scientists (February 2026 report: Seabed Zero: Baltic Sabotage and the Global Risks to Undersea Infrastructure), the Center for Strategic & International Studies (November 2025 report: Redundancy, Resiliency, and Repair: Securing Subsea Cable Infrastructure; Red Sea Cable Damage Reveals the Soft Underbelly of the Global Economy), the Texas National Security Review (June 2026 article: Toward Undersea Cable Resilience: The Case for Global Collaboration), the Federal Communications Commission (Submarine cable security rules as reported by Light Reading and iTnews), the International Telecommunication Union / International Cable Protection Committee (Establishment of International Advisory Body for Subsea Cable Resilience, 2024; International Submarine Cable Resilience Summit, Porto, Portugal, 2–3 February 2026), FS-ISAC (December 2024 Risk and Resilience Report: Subsea Cable Infrastructure), Forbes (26 June 2026 reporting on the shadow fleet crisis), The Maritime Executive (June 2026 coverage of the detention of tanker Deliver), Defense News (29 June 2026 reporting on Poland–Saab A26 submarine contract; 25 June 2026 on Philippines Triton AUV deployment; 30 June 2026 on Latvia–Ukraine drone factory), Insurance Journal (June 2026 reporting on French shadow fleet seizures), The Kyiv Independent (June 2026 reporting), Ynetnews (June 2026 coverage of French commando operations), Marine News Magazine (June 2026 reporting on shadow fleet enforcement), BBC (Reporting on UK hybrid warship procurement), TWZ / The War Zone (Reporting on the Marshal Vasilevskiy vessel), AP News (Coverage of the NATO Turkey summit, 7 July 2026), Financial Times (Reporting on financial institution preparedness for subsea cable disruption), Business Insider / Accenture (Wall Street's subsea cable dependencies and financial services cybersecurity assessment), Submarine Networks / ICPC / SubOptic (Cable fault and repair statistics presented at SubOptic 2024 and 2025), SubCables (Analysis of submarine cable repair market sustainability), Telegeography Transport Networks Research (Submarine cable construction data 2026–2029 as cited by The Fiber Optic Association), Insikt Group / Recorded Future (Threat Assessment TA-2025-0717 on submarine cable threats), and the published CES Intelligence analyses on AI Sovereignty (April 2026), The Critical Minerals Trilemma (May 2026), The Precursor Problem (May 2026), and The Pacific Compression (July 2026).


bottom of page