The Shipowners Club issued a cyber security notice, stressing that companies should not only be aware of external cyber threats but also those that can occur internally. Procedures, rules and training should be put into place to limit the opportunity for cyber-attacks to occur.
As explained, cyber risk can be represented as a threat or vulnerability resulting from either a computer or software hack for the purpose of theft, disruption or damage. For example, outdated software on a computer or website may leave it vulnerable to intrusion or exploitation. A further example would be a victim responding to fraudulent emails that request for unauthorised payments and/or changes in payment details.
If a company becomes a victim of cyber-crime it could be affected financially both with the cost of fixing the issue and the theft of funds. Both issues could result in operational disruption and reputational damage impacting specifically on consumer confidence.
Recommendations The Club cites the following preventive measures to limit the chances of a cyber attack: It is reminded that the 98th session of the Maritime Safety Committee (MSC) in June approved MSC-FAL.1/Circ.3 Guidelines on Maritime Cyber Risk Management. This circular to ship owners still remains nonmandatory. The MSC 98 also adopted Resolution MSC.428 (98) Maritime Cyber Risk Management in Safety Management Systems (SMS). Resolution MSC.428 (98) affirms that an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the International Safety Management (ISM) Code. The objectives of the ISM Code include the provision of safe practices in ship operation and a safe working environment, the assessment of all identified risks to ships, personnel and the environment. Cyber risks should be appropriately addressed in a SMS no later than the first annual verification of the company’s Document of Compliance that occurs after 1 January 2021.
