The International Maritime Organization (IMO) has released a revised version of its Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3/Rev.3), offering updated advice on protecting vessels from cyber threats. While the guidance is directed at commercial shipping, it is equally relevant to IMRF members operating SAR vessels equipped with electronic and computer-based systems facing similar cyber risks.

Approved by the IMO’s Maritime Safety Committee and Facilitation Committee in March 2025, the document outlines a clear framework for managing cyber risks, encouraging organisations to identify, assess and address vulnerabilities to ensure safe and secure operations.

The guidelines recommend establishing policies, assigning responsibilities, and ensuring continuity planning. Organisations are advised to maintain an inventory of digital systems, implement protective measures, monitor for threats, and have clear response and recovery strategies in place. The guidance also references international cybersecurity standards such as ISO/IEC 27001, highlighting the importance of integrating cyber risk into broader risk management practices.

IMRF members are encouraged to review the guidance and consider how the recommendations might apply to their operations.

You can read the full document here: MSC-FAL.1-Circ.3-Rev.3.pdf