BIMCO position statement 15: Cyber Risk Management


BIMCO's position has been approved by the BIMCO Board of Directors.


Information Technology (IT) and Operating Technology (OT) systems onboard ships are used for a multitude of purposes, such as controlling engines and associated systems, cargo management, navigational systems, administration, etc.  The increased integration of systems and the greater use of digital ship-to-shore communication and data links now substantially increase ships’ exposure to cyber security threats.

As cyber security threats are dynamic in nature, regulations alone are not enough to offer protection against such incidents. Regulations tend to be static, and the long regulatory process reduces their effectiveness as a weapon against the fast-changing world of cyber crime.

BIMCO, ICS, INTERCARGO, DCSA, SYBAss, InterManager, INTERTANKO, IUMI, OCIMF and WSC regularly review and update the Guidelines on Cyber Security onboard Ships (commonly referred to as the Industry Guidelines).  Shipowners and operators can use the guidance to assess their operations and develop the necessary procedures and actions to improve resilience and maintain integrity of cyber systems onboard their ships.

As per the IMO's decision, a ship's cyber risks should be managed in the company's safety management systems. This ensures a risk-based approach centred on safety risks to seafarers, the environment, the ship and cargo.

Software maintenance has a cyber security aspect. By initiative of BIMCO, IACS and CIRM,  the IMO has included the "Development of guidelines for software maintenance of shipboard navigation and communication equipment and systems" on its agenda. An industry working group will develop content that can be used for this work. 

BIMCO’s position statement

    • To manage cyber security risks, the implementation of the continuously updated Guidelines on Cyber Security onboard Ships is recommended.
    • New ships should be built with cyber secure systems and components in accordance with relevant IACS unified requirements.
    • BIMCO believes regulatory efforts should align with the IMO’s risk-based approach focussing on safety and environmental threats, and strategic threats to society resilience. Regulations should not cover business resilience as all such commercial security matters are the individual company’s responsibility.
    • BIMCO strongly recommends the use of BIMCO’s Cyber Security Clause requiring parties to commercial shipping contracts to implement cyber security procedures and systems to help reduce the business-to-business risk of incidents and respond efficiently if such incidents should occur.
    • Training is a key risk mitigating measure and BIMCO will work to raise awareness in the industry. If training requirements are formalised, pragmatic solutions should be included to take into account the rapidly changing cyber threat.


Jakob Paaske Larsen
in Copenhagen, DK

VPS Bunker Alerts

Veritas Petroleum Services (VPS) publish regular Bunker Alerts based entirely on fuel samples and have kindly permitted BIMCO’s Members to access this information.

The Bunker Alerts are not intended to be an evaluation of overall bunker quality in the port or area concerned, but usually highlight a specific parameter within the fuel which has raised a quality issue.

Want to stay up-to-date?

Register for updates about

Receive emails when this topic is updated – you can choose how often.

Register Now


Chartering help & advice

This section contains a comprehensive source of information and guidance on chartering related matters. You will find invaluable information on many aspects of chartering distilled from our many years’ experience on advising members.

Learn about your cargo

For general guidance and information on cargo-related queries.

More about cargo

BIMCO Publications

Want to buy or download a BIMCO publication? Use the link to get access to the ballast water management guide, the ship master’s security manual and many other publications.