A CYBER risk management code established by the International Maritime Organization is helping shipowners manage cyber threats, but Inmarsat warns it will take more than regulatory compliance to tackle escalating cyber risks.

A new report, Beyond Compliance – Cyber Risk Management After IMO 202, outlines the nature and scale of cyber threats in the shipping and how the industry can mitigate the risks.

The report was compiled by maritime innovation consultancy Thetius and published by satellite communications provider Inmarsat.  

Inmarsat Maritime president Ben Palmer said assuring data resilience and cyber security are key preoccupations for the shipping industry.

“The IMO guidelines on maritime cyber risk management have helped stakeholders to address cyber threats, but the nature of digital attacks continues to evolve due to advances in computing technology and developing geopolitical conflicts,” Mr Palmer said.

“Over the 12 months between May 2020 and May 2021, cyber attacks targeting the maritime sector increased by 168% in the Asia-Pacific region alone.”

According to the report, the figure reflects a more expansive global trend of cyber threats aimed at or heavily impacting the maritime industry.


It said the need to go beyond compliance requirements is growing rapidly as the industry advances the use of digital technologies and onboard information technology systems.

“To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to cyber-risk management.”

The report noted ensuring the resilience of any organisation’s digital infrastructure should involve a continuous cycle of improvement and thinking beyond “settling for the standard”.

Inmarsat said unified threat management (UTM) is a cornerstone of the industry’s approach to cyber risk management.

UTM combines firewalls, antivirus programs, content filters and intrusion and detection systems in a single hardware or software installation.

The report also highlighted continuous development in seafarer training as another element of the shipping industry’s cyber security defences.

Inmarsat said its Fleet Secure Cyber Awareness training program can help equip crews with awareness of vulnerabilities and suspicious online behaviour.

“Effective cyber risk management must consider multiple assailants and diverse lines of attack – targeted and random,” Inmarsat said.

“Threat actors make continuous efforts to update strategies, by developing malicious coding, seeking out vulnerabilities in hardware and software, and by responding to human behaviour.

“Only by being proactive can shipping stay ahead of the cybercriminals.”