State of Maritime Piracy 2017 - Incident Types


Suspicious Activity

Incidents of suspicious activity include cases where a ship reports a close encounter or a direct approach from another ship which feels threatening in nature. The perceived threat is determined by the shipmaster based upon the actions of the approaching ship or from observation of weapons or ladders. Suspicious activity can include incidents when armed guards deterred an approaching ship that may not have displayed any overtly hostile actions.

Failed Attack/Boarding

Failed attacks and boardings refer to incidents in which actors were thwarted by self-protective actions taken by crew or embarked security teams.


Robbery covers incidents where the perpetrators were reportedly unarmed and attempted to steal ship stores and/or crew belongings. This type of incident frequently occurs onboard ships that are at anchor or drifting close to a port or anchorage. These instances pose a minor threat to the crew.

Armed Robbery

Armed robbery occurs when perpetrators are reportedly armed and attempt to steal ship stores and/or crew belongings. These incidents can occur on ships that are moving or anchored; both near the coast and at sea.

In West Africa, the intent of attackers may be to steal ship stores, equipment, or the crew’s personal effects, but failed hijackings or kidnap for ransom attacks may also lead to armed robberies. These instances involve larger groups of attackers who may be equipped with automatic weapons or, depending on the area, rocket-propelled grenades and heavy machine guns.

Hijacking (for cargo theft)

Hijacking for cargo theft is the most complex piracy model, requiring a coordinated effort and often the complicity of a variety of actors. Ships carrying petroleum products are targeted and attacked. Once the vessel is hijacked, the crew is often forced to navigate to a remote location where parts of the cargo are transferred to another ship or a storage facility on land. The stolen cargo is then sold on the black market or blended with legitimate refined products. This model is predominantly used in West Africa.

In Asia, these are incidents where perpetrators take control of a ship to steal its cargo. While not the primary impetus for the attack, this type of incident often involves theft of the crew’s belongings as well as ship stores and equipment. These hijackings also involve the most contact between pirates and crew, as the perpetrators must control the ship long enough to offload some or all the cargo. Typically, these attacks target ships carrying marine fuels, palm oil products, or other refined products. Hijacking for cargo theft is also more likely than robbery to occur in international waters and, as a result, be classified as piracy.


Kidnap for ransom employed by Somali pirates is unique compared to models elsewhere in the world. These pirates often hijack a ship and steer it toward a coastline where they will hold the ship and crew captive for a long period of time—sometimes even years—until a ransom is paid. Somali pirates have also been known to use motherships to launch attacks farther out at sea. These attacks are more sophisticated and generally require a relatively large investment. Patrols by local and international actors have reduced the amount of coastline available for use as “safe havens” by groups who successfully hijack a ship. However, stretches of coastline which could be used to hold a ship for an extended period still remain.

In West Africa, perpetrators often board the ship with explicit intent to kidnap crewmembers, usually officers and engineers. Hostages are then taken to land, where they are held during the ransom negotiations. In contrast to hijackings of ships, these attacks are carried out quickly, making it very complicated for security forces to respond.

In Asia, kidnappings often involve incidents where the kidnapped crews are then taken to an undisclosed location on land while negotiations are carried out. This type of incident can be completed quickly, enabling the kidnappers to escape before any security response can intervene.