On 17 February 2020 the Shipping Deputy Ministry issued Circular 4/2020 on cyber risk following International Maritime Organisation Resolution (IMO) MSC428(98), which recognises the urgent need to raise awareness of cyber-risk threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks.
In this respect, the IMO Facilitation Committee has approved guidelines on maritime cyber-risk management (MSC-FAL1/Circ3).
As noted in Circular 4/2020, 'maritime cyber risk' refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. 'Cyber-risk management' means the process of identifying, analysing, assessing and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders. The objectives of the International Safety Management Code must be upheld, including:
- the provision of safe practices in ship operation and a safe working environment;
- the assessment of all identified risks to ships, personnel and the environment;
- the establishment of appropriate safeguards; and
- the continuous improvement of safety management skills of personnel ashore and aboard ships.
All ship management companies of ships flying the Cyprus flag should address the cyber risks in their safety management system no later than the first annual verification of the company's document of compliance after 1 January 2021. Registrars of shipping are expected to verify compliance with the abovementioned requirement during the first annual verification of a company's document of compliance after 1 January 2021.
