maritime-cyber-security.png

IMO Strengthens Cyber Risk Management Guidelines for Maritime Industry

June 23, 2025 CYBER SECURITY

The International Maritime Organization (IMO) has issued updated guidelines to enhance cybersecurity in the maritime sector, urging shipping companies and ports to integrate cyber risk management into their Safety Management Systems (SMS). This move comes amid rising cyber threats targeting critical shipping infrastructure, including GPS spoofing, ransomware attacks, and operational disruptions.

Why the New IMO Cyber Risk Management Guidelines Matter

Cyber threats pose a growing risk to ships, ports, and supply chains. Recent incidents—such as the 2023 ransomware attack on a major European port and GPS jamming in conflict zones—highlight the urgent need for robust cybersecurity measures.

The IMO’s latest guidance reinforces Resolution MSC.428(98), which mandates that cyber risks be addressed in compliance with the International Safety Management (ISM) Code. Companies must now ensure that:

  • Cyber risks are identified and mitigated in SMS documentation.

  • Crew members receive regular cybersecurity training.

  • Critical systems (navigation, propulsion, cargo ops) are protected from cyber intrusions.

Key Updates in the IMO’s Cyber Risk Guidelines

  1. Risk Assessment – Companies must conduct regular cyber risk evaluations, including threat modeling for onboard and shore-based systems.

  2. Incident Response Plans – Ships should have clear protocols for responding to cyber incidents (e.g., data breaches, system failures).

  3. Third-Party Vendor Risks – Increased scrutiny on software providers, satellite communications, and port IT systems.

  4. Training & Awareness – Crew and shore staff must be trained to recognize phishing, social engineering, and malware threats.

🔗 Download Official IMO Cyber Risk Management Documents

Industry Reactions & Compliance Deadlines

  • Classification societies (DNV, ABS, LR) have updated their SMS audit checklists to include cyber risk compliance.

  • The U.S. Coast Guard (USCG) and European Maritime Safety Agency (EMSA) have aligned their advisories with IMO standards.

  • Deadline: While the guidelines are non-mandatory, the IMO strongly recommends implementation by 2025 to align with ISM Code audits.

How Shipping Companies Should Prepare

  1. Conduct a cybersecurity gap analysis (compare current SMS vs. IMO guidelines).

  2. Train seafarers & IT staff on cyber hygiene (e.g., strong passwords, suspicious email detection).

  3. Secure OT (Operational Technology) systems (ECDIS, AIS, engine control networks).

  4. Partner with cybersecurity firms specializing in maritime threats (e.g., NAVTOR, CyberKeel).

📌 Additional Resources



Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED