top of page

IMO Regulations

for Maritime Cyber Security

Cutting your way through the regulation, understanding and implmenting cyber risk management

  • Twitter
  • alt.text.label.Instagram
  • alt.text.label.Facebook
  • alt.text.label.LinkedIn

"Ships, superyachts and other vessels may seem like unusual targets for cyber-attacks. But with their growing use of industrial control systems (ICS) and improved bandwidth satellite communications, cyber criminals have a whole new theatre of attack.”

What is Maritime Cyber Risk?

Maritime cyber risk refers to the risk of damage or loss that can result from cyber attacks on ships, ports, and other elements of the maritime industry. This can include attacks on communication systems, navigation systems, and other critical infrastructure that is used in the operation of ships and ports. These attacks can disrupt the operation of these systems, leading to delays, accidents, and other problems that can have serious consequences for the maritime industry and the people and businesses that rely on it.

What are the IMO Regulations?

The IMO regulations issued direction on maritime cyber risk management in Resolution MSC.428(98) adopted in 2017.  The same year the IMO adopted the International Code for the Security of Ships and of Port Facilities (ISPS Code), which includes requirements for cyber risk management. According to the ISPS Code, ships and port facilities are required to have a Ship Security Plan (SSP) and a Port Facility Security Plan (PFSP), respectively, which should include measures to protect against cyber attacks.

The ISPS Code also requires that ships and port facilities have appropriate security measures in place to protect against cyber attacks, and that they conduct regular assessments to identify and evaluate potential cyber risks. In addition, the ISPS Code requires that ships and port facilities have procedures in place to respond to and recover from cyber incidents.

Overall, the aim of the IMO's regulations on cyber risk management is to ensure that ships and port facilities are adequately protected against cyber threats and that they are able to maintain the safety and security of their operations in the event of a cyber attack.

Which vessels and Who is liable?

To protect the safety of life at sea of crew and passengers it is recommended that maritime cyber risk management is implemented for all superyachts, as cyber-attacks can wreak the same disastrous consequences regardless of the size and commercial function of a vessel. Compliance is a requirement for any vessel greater than 500GT and subject to the IMO Code

Owners/Directors of the commercial entity, those who have responsibility for the superyacht / vessel can be held personally liable where maritime cyber risk management has not been appropriately addressed.

A failure to demonstrate that cyber risks have been appropriately managed and IMO regulations adherred to could result in refusal of the issue of a Document of Compliance after 1st January 2021 and may prevent a vessel from operating commercially.


Pelion Consulting has a pedigree of maritime and cyber security experienced with a strong background in the yachting sector.

By implementing controls for critical systems, both OT and IT, you are safeguarding your vessel and people from the latest threats.

We take the headache out of the process, working with your operations teams to ensure the SMS (Safety Management System) is updated and ready for audit after the deadline date.

Contact Us

For more information on how we can guide you through the IMO or if you have already been through it, make sure you are kept up to date, please don't hesitate to contact us

bottom of page