2 min read

How relevant is IMO 2021 cybersecurity compliance to the maritime security industry?

Featured Image

In this week's vlog CEO Dryad Global Corey Ranslem talks about the history of IMO 2021 compliance. Right back from the meeting of the Maritime Safety and Security Committee in June 2017 to Jan 1st 2021 when the measures came into play to the present day and the changes the maritime security industry faces as maritime cybersecurity threats continue to evolve.

HubSpot Video


At this time, every SOLAS class vessel has to have cyber security as part of its ISM plan. That is mandated by the flag state. There are three different frameworks or recommendations that have been put in place to help people understand what they need to do. These include the BIMCO-led cyber security guidelines, ISO IEC and the NIST framework. These are specifically referenced by the IMO in its 2021 cyber security recommendations.

Taking a look at internal maritime security cyber vulnerabilities is extremely important. This can be done either internally or by a third-party provider. If you have a resilient and capable team in-house that can do this, then ensure they complete a robust maritime cyber survey. There are no restrictions on whether you need internal or external agencies. It's an important step to take to ensure that your fleet is protected from a potential cyber attack. Incidents of cyber attacks have increased by around 900% over the last 5yrs and that number continues to go up.

Quick Guide to ISO/IEC 21005, CIA Triad & NIST CLICK TO DOWNLOAD

Many organisations view IMO 2021 as a mere paperwork shuffle because they believe they already know where their vulnerabilities lie. However, Dryad Global understands that cyber security regulations will be adopted more widely and undertaken more comprehensively in the years and months to come. Organisations such as the US Coast Guard are already looking into how best to safeguard their facilities from cyber attack vectors as part of their MTSA plans.

It is highly recommended that once or twice a year companies employ an external company to come in and conduct a vulnerability assessment to check internal systems. It's quick and easy and most of it can be conducted remotely to give clients an idea of where their vulnerabilities lie. The money that companies spend to safeguard their systems is typically one-tenth of the expenditure it would cost in the event of a cyber attack. Many businesses simply can not survive after a cybersecurity incident. As the connectivity and bandwidth available to vessels continue to grow and technologies develop, we are likely to see increased incidents of cyber security breaches and attacks.

If you or your company have any concerns relating to cybersecurity or developing an ISM plan, reach out to the Dryad Global team. We are experts in regulatory compliance and can give you measured advice on the steps your company needs to take to become cyber secure at sea.

Schedule a meeting