Maritime Cybersecurity

Since the 1st of January 2021 and onwards, the International Maritime Organization (IMO) have mandated that cyber security be an integral part of onboard safety management systems and must be audited. This change in legislation has given rise to a new maritime cyber security industry that has, so far, proven to be wildly variable in its approach to assessing systems and interpreting the standards.

Cybersecurity has been mandated by the International Maritime Organisation (IMO) which requires shipping companies to implement measures to protect their onboard safety manage systems and to audit these. - Campbell Murray, CEO IMCSO


Historically, placing cyber security professionals on board has also been problematic. Many ships captains do not want the additional overhead of escorting individuals who do not have a traditional, working maritime background. Providing risk and technical audit results to port authorities and insurers alike has, because of the wide spectrum of assessment methodologies, become an overhead too. Furthermore, the lack of skilled Cyber security auditors and crews.

The IMCSO mission is to be the standard in the maritime cyber security industry, a collective voice, working towards alignment and standardisation. By setting frameworks for effective, universally adoptable methodology and innovating for future developments. Be transparent, reliable, deliver cyber security by design towards digitalization, green technology and Autonomous shipping.

Maritime Cyber Certification

The IMCSO has devised a certification programme for security consultants and a professional register, helping shipping organisations to confidently select experienced personnel. Alongside this, the IMCSO will also validate report outputs to ensure consistency with those reports then held on a central database and made accessible to the authorities and third parties that need to determine the risk status of a vessel.

Certified Supplier Registry

IMCSO Report Standardization Initiative

Centralized Cyber Risk Registry

The IMCSO simplifies the risk assessment process and gives third parties the information they need to accurately determine risk. - Global Technical Director. Classification Society.
The IMCSO is not for profit and exists solely to drive supplier standards across the maritime cyber industry

In association with: