Ships are increasingly using systems that rely on digitisation, digitalisation, integration, and automation, which call for cyber risk management on board. As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together – and more frequently connected to the internet.

This brings the greater risk of unauthorised access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel accessing systems on board, for example by introducing malware via removable media.

To mitigate the potential safety, environmental and commercial consequences of a cyber incident, a group of international shipping organisations, with support from a wide range of stakeholders, have participated in the development of guidelines, which are designed to assist companies in formulating their own approaches to cyber risk management onboard ships.

Approaches to cyber risk management will be company- and ship-specific but should be guided by the requirements of relevant national, international and flag state regulations. These guidelines provide a risk-based approach to identifying and responding to cyber threats. An important aspect is the benefit that relevant personnel would obtain from training in identifying the typical modus operandi of cyber attacks.

The guidelines posted in this section are produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF and WORLD SHIPPING COUNCIL.