In 2017, the International Maritime Organization (IMO) adopted the resolution on Maritime Cyber Risk Management that requires shipowners to address cyber risks as part of the Safety Management System and prepare for its first review after 1 January 2021. That means that maritime organizations will have to comply with the resolution and be able to prove that they are addressing the cyber risks in an effective way in about one year from now.
In recent years, organizations in the maritime sector have experienced regulatory changes, including IMO’s Low Sulphur regulations and EU’s General Data Protection Regulation (GDPR). Lesson learned, especially from GDPR, show that many organizations underestimated the complexity of the task to become compliant.
How to handle the upcoming IMO Cyber Risk Management Resolution and avoid similar mistakes? The task should focus mainly on understanding the cyber maturity level of your organization. Assessing a current cyber security posture will help to determine your cyber security risks, and prioritize measures based on the criticality of assets. Dependent on the risk landscape, organizations will be able to balance investments in preventive, detective and responsive measures while simultaneously keeping an eye on the most important for the sector: human safety. IMO encourages to use recognized cyber security standards like NIST Cyber Security Framework or ISO 27001 and the industry specific guidelines such as BIMCO Cyber Security Onboard Ships.
For many in the maritime sector, this task will be challenging. Therefore, making it a New Year’s resolution might be a good idea.
Happy holidays season!
© 2020 KPMG AS and KPMG Law Advokatfirma AS, Norwegian limited liability companies and member firms of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.