Cyber Risk Management (MSC.428(98))

IMO Resolution MSC.428(98), adopted in 2017, requires that maritime cyber risk be addressed within a ship’s Safety Management System under the ISM Code, effective from the first annual Document of Compliance verification after 1 January 2021. It does not prescribe controls; it makes cyber risk a documented part of the SMS, sitting above the IACS technical requirements UR E26 and E27 and the BIMCO guidelines that supply the how.