Yachts, subject to the International Safety Management (ISM) Code, are required to integrate appropriate cyber risk measures into their safety management system (SMS) by the first annual verification of the company’s Document of Compliance after 1 January 2021.

The International Maritime Organization IMO has recognized the importance of cyber security and calls on shipping companies to protect themselves against cyber risks (IMO resolution MSC.428(98)).
From January 1st 2021 (and no later than the first annual verification of the company’s Document of Compliance), IMO in Resolution MSC.428(98) requires that the vessels’ risk assessment in relation to the ISM Code also includes an assessment of the cyber risks.

In order to be compliant with MSC.428(98), vessels must identify vessel cyber security objectives, make an inventory of systems and software and execute a cyber risk assessment, which involves identifying target
on-board systems, analysing the likelihood and consequence of a system compromise, determining the initial risk level of each system and suggesting measures and calculating residual risk.