rss icon Subscribe
desktop mobile

Cyber Risk Management: What Maritime Professionals Need to Know Now

© pickup/Adobe Stock

Andrew Kinsey

The IMO January 2021 deadline for shipping interests to incorporate cyber risk management into their existing Safety Management Systems is fast approaching. It is critical that stakeholders understand their vulnerabilities. The IMO has issued MSC-FAL.1/Circ.3 guidelines on maritime cyber risk management that does a good job of outlining the many vulnerable systems within marine operations, including:

1.Bridge systems;

2. Cargo handling and management systems;

3.Propulsion and machinery management and power control systems;

4. Access control systems;

5.Passenger servicing and management systems;

6.Passenger facing public networks;

7.Administrative and crew welfare systems; and

8.Communication systems.

The IMO Guidelines also raise an important point on understanding the distinction between information technology (IT) and operational technology system (OT). In short, IT focuses on the use of data as information while OT focuses on the use of data to control or monitor physical processes.

These distinctions become important when it comes time to conduct a risk assessment of your operations.

Risk assessments should be the first step when examining your company, terminal or vessel's cyber exposure. All parts of your business that are controlled or supported by computer systems need to be identified, and there are likely more than you realize.

The United States Coast Guard has very good guidance on how to start understanding and identifying your cybersecurity exposure (

This guidance includes information from the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICSCERT), which provides a wide range of information, tools, and services that can help companies assess their security, identify recommended practices, and improve their cyber security. (

This brings up a very important point regarding cyber and the maritime environment. Often we are faced with unique risks in the maritime field, and while the cyber threat at sea does have some unique characteristics, most threats are the same as those faced by shore-side enterprises. The cyber threat does not care if you are in port or at sea. As long as you are connected to the internet, you are at risk. The Department on Homeland Security has numerous cyber tips and resources to help you educate your crews and shore-side support staff. This includes the Stop. Think. Connect. Campaign. Simple information such as this should be included as a regular part of onboard crew training.

A more comprehensive program has been developed by the National Cybersecurity and Communications Integration Center Industrial Control Systems (NCCIC). Its industrial controls system (ICS) team has developed guidance to assist owners in preparing their business, and networks, to handle and analyze a cyber incident. ( ) Guidance such as this should be incorporated in the Cyber Risk Management sections of Safety Management Systems as required by the IMO.

Preparations to prevent or minimize a cyber incident are your first line of defense, however, companies still need to have a response plan in place that outlines how to respond when a cyber incident occurs. An important part of this plan is to working with your Insurance Broker and Underwriters to understand how to properly manage your risk with adequate insurance coverage.

The key here is to identify what is and is not presently covered. The big unknowns are so-called "silent" cyber exposures in most traditional insurance policies, which were designed when cyber was not yet a major risk and do not explicitly consider it. This can create uncertainty for businesses, brokers and insurers about which loss scenarios are covered. Group-wide, Allianz is reviewing cyber risks in property and casualty (P/C) policies in its commercial, corporate and specialty insurance segments and has developed a new underwriting strategy to address "silent" cyber exposures, ensuring that all P/C policies will be updated and clarified in regard to cyber risks. We want to remove the uncertainty of coverage for our business customers.

I often tell my clients that cyber security is a race without a finish. The IMO has given the maritime industry a deadline to get their cyber risk practices in order by January 2021. It is clear that the work will not end there. Cyber threats will continue to evolve in frequency and severity as we become more reliant on the technology. The Technology will be a positive for both increasing vessel safety and reducing risk, however, it requires staying vigilant for new and emerging threats. This vigilance is essential for the future of the industry because complacency is not an option.

About the Author: Captain Andrew Kinsey, Senior Marine Risk Consultant, Allianz Global Corporate & Specialty

Jun 13, 2019



Greenland Research Vessel Picks MAN Hybrid Propulsion

Graphical rendering of the new research vessel (picture courtesy Skipsteknisk)

The Astilleros Balenciaga S.A. shipyard in Spain ordered a complete MAN propulsion package –

Wärtsilä Simulators for New Portuguese Facility

Ana Paula Vitorino, Portugal’s Minister of Sea & Cmdt. Rui Cunha, APDL Port Operations and Security Director, testing the Full Mission Bridge simulator  (Photo: Wärtsilä)

Wärtsilä has supplied simulators aimed to provide realistic hands-on training at a new facility in

Offshore Wind Conference Set for SUNY Maritime

© Stock

The Center of Excellence for Offshore Renewable Energy at the State University of New York

Government Update

UK Invests in ‘Maritime and Me’ Diversity Program

UK Maritime Minister Nusrat Ghani has pledged £730,000 (about $910,000) in Government funding to increase diversity, well being and skills in the maritime sector, including £100

AI & Machine Learning, Possible Force Multipliers for the Coast Guard

© immimagery/Adobe Stock

Artificial intelligence (AI) and machine learning (ML): mention these two terms and the listener

India Opens Second Multi-Modal Terminal

The Sahibganj multi-modal terminal on the River Ganges is now open for business. Indian Prime Minister Shri Narendra Modi inaugurated the new terminal yesterday (September 12, 2019). Also pictured are the Governor of Jharkhand State,Smt. Draupadi Murmu; the Union Minister for Tribal Affairs, Shri Arjun Munda; the Chief Minister of Jharkhand State, Shri Raghubar Das; and the Ministers of State for Agriculture and Farmers Welfare, Shri Parshottam Rupala and Shri Kailash Choudhary, plus other digni

The Government of India opened its second multi-modal terminal (MMT) yesterday, September 12, 2019.

Maritime Apps