The nature of cyber risks is distinctly different in several dimensions from other risks in shipping and transport. This article explores these differences and describes the results of a research process to categorize published literature about cyber-risks in supply chain and shipping, through a framework called the Wave Analogy of Resilience. By using this wave analogy, this article describes a way of organizing this categorization, and describes how it can be used to understand both how a shipping system failure results in a cyber-attack, and how this cyber-attack will increasingly affect areas in the shipping system, from operational to strategic, until the attack is stopped.