Cyprus: Maritime Cyber Risk Management in Safety Management Systems

On 17 February 2020, the Shipping Deputy Ministry of Cyprus issued Circular 4/2020 in relation to cyber risk following IMO Resolution MSC.428(98) which recognizes the urgent need to raise awareness on cyber risk threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks.

In this respect, the Facilitation Committee of the IMO has approved guidelines on maritime cyber risk management (MSC-FAL.1/Circ.3).

As noted in Circular 4/2020, maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. Cyber risk management means the process of identifying, analysing, assessing and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders. Noting the objectives of the ISM Code which include, the provision of safe practices in ship operation and a safe working environment, the assessment of all identified risks to ships, personnel and the environment, the establishment of appropriate safeguards, and the continuous improvement of safety management skills of personnel ashore and aboard ships, all shipmanagement companies of ships flying the Cyprus flag should address the cyber risks in their safety management system no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. ROs are expected to verify compliance with the above mentioned requirement during the first annual verification of the company’s Document of Compliance after 1 January 2021.

For further information, please contact Costas Stamatiou or any other member of our Shipping Department.