Our loss prevention team continually monitors the growing risk of cyber crime in today’s increasingly digital shipping industry. We share extensive information with our members on what they can and should be doing to protect themselves.
In particular we have helped members ensure that cyber risks are appropriately addressed in their existing safety management systems.
- Be Cyber Aware at Sea – Maritime Cyber Security: we co-sponsored this six-minute video by Fidra Films, which gives clear, simple, non-technical advice for seafarers and their shore-based colleagues on avoiding the most common cyber threats. It is free to view on YouTube.
- Maritime Cyber Risk Management Guidelines: This October 2020 publication by our loss prevention team helps members understand and implement cyber risk management measures so that they can demonstrate their procedures to adequately address the cyber threat in accordance with the IMO and industry guidelines.
- Cyber Security Workbook for On Board Ship Use: BIMCO and the International Chamber of Shipping (ICS) issued this workbook in February 2020 to support masters and officers in the event of a cyber incident. It has checklists of how to protect, detect, respond and recover from a cyber incident.
- The Guidelines on Cyber Security Onboard Ships: these high-level maritime cyber security guidelines are issued and regularly updated by BIMCO, CLIA, ICS, Intercargo, Intermanager, Intertanko, OCIMF, IUMI and World Shipping Council.
- ISO/IEC 27001 Information Security Management: published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), this family of standards enables organisations to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
- NIST Cybersecurity Framework: the United States National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity provides voluntary guidance based on existing standards, guidelines and practices for organisations to manage and reduce cyber security risks.