Understanding Maritime Cyber Regulations
Maritime cyber regulations are currently comprised of guidelines within the ISM Code (as well as tougher tanker-focussed industry standards such as SIRE, TMSA).

The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management.
Industry standards can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO.
In August 2024, IMO launched a new toolkit that will help the global maritime industry respond better to ever-evolving ‘insider threats’. Insider threat refers to the risk that arises from a maritime employee carrying out or enabling a security incident, either through a lack of awareness, complacency or maliciousness.
In addition, the US Coast Guard will implement requirements for US-flagged vessels and related facilities to implement minimum cybersecurity measures.
The latest addition to the landscape developed by the International Association of Classification Societies (IACS) are the UR E26 and UR E27, which create a new global baseline for maritime cyber security requirements, demanding much more transparent exchange of information between shipowners and inspecting authorities.
They require the shipowner to demonstrate and document a much higher level of preparedness including design of onboard networks and corporate responsibilities.
IACS UR E26 applies to newbuildings but is likely to become a more widely used framework, under which other stakeholders such as Flag States, classification societies, insurers and charterers will demand more cyber security information.
UR E26 and E27 are designed to provide full visibility of a newbuild vessel’s digital assets and network infrastructure throughout its life. They will also ensure that IACS-classed ships have been delivered with a required minimum level of cyber resilience capabilities regardless of its type or technical specifications.
Cyber resilience refers to the capability to reduce the occurrence of and mitigate the effects of operational technology (OT) disruptions on ships caused by cyber attacks or other threats, thereby safeguarding human and ship safety as well as the environment.
Additionally, they include the ability to recover from such disruptions when they occur. The aim of Chapter 5, Part X (UR E26) is to equip ships with these capabilities, making them resistant to cyber attacks or other threats.
How can we help you?
Get in touch
Contact us to find out how we can help you create new possibilities for your operations.
Insights
Read about our latest insights and explore the forefront of digital protection through our curated selection of news, articles, and expert blogs.