The effects of technology in the marine industry have been paradoxical. Better tracking and onboard systems have lowered the chances of a ship getting into an accident at sea.
However, new technologies are, by themselves, new sources of risk. More enhanced and integrated systems have made the industry also vulnerable to cyber attacks. The most notorious attack occurred in 2011 when a criminal group gained access to data in the Belgian Port of Antwerp, which they used to intercept containers with drugs smuggled onboard. In 2018, hackers breached the data systems of Austal, an Australian defence shipbuilder, and demanded money in return for stolen data.
Other forms of cyber attacks involve intercepting and redirecting money, as well as stealing employees’ and customers’ personal data.
It was once thought that cyber risk affects only certain sectors, such as technology, defence and finance. However, with the improvement of technology, the marine industry is prone to attacks as well. Cyber risk affects all the components of the marine industry: the ships, ship owners and operators, transport and logistics companies, ports and terminals, seafarers and customers.
The Effects of Cyber Risk
The Institute of Risk Management defines cyber risk as the threat of interrupted operations, financial loss, and damaged reputation of an organisation due to the failure of its information technology systems. The risk of a cyber attack has been around since the invention of computers, but it increased at the end of the 20th century with the arrival of the Internet and the extensive use of closed computer networks.
In relation to the marine industry, anyone with access to the Internet can, for example, access a ship’s operating system to steal data, intercept cargo and steer a vessel away from its intended navigation area. The consequences of attacks range from business interruptions at the port, ship collisions, loss of cargo, or injury or death to the passengers. Businesses have to bear not only the losses brought by these incidents but also the additional fees brought by lawsuits from affected parties.
Cyber Coverage in Marine Insurance
The marine industry has always factored in risk in its daily operations in order to mitigate losses from the effects of natural disasters, regulatory changes and piracy, to name a few. Marine insurance helps clients lessen the impact of these risks to their businesses.
However, several insurance products, like hull and machinery, exclude cover for loss due to cyber risk. This is because of the Cyber Attack Exclusion Clause, a mandatory section in marine insurance policies. Simply put, any loss or damage attributed to the breakdown of a computer system would be recoverable from insurers. On the other hand, the insurance company will not cover losses directly or indirectly caused by information technology systems.
Some insurers help their clients find a way to be compensated. For example, companies can use liability insurance products to cover the costs of property damage and bodily injury. However, these are unlikely to shield the insured from all the cyber risks they’re facing.
Cyber Risk Management
Steps have been taken to refine the Cyber Attack Exclusion Clause, but that will take time to finish. While this is in progress, protection from cyber attacks lies in the marine businesses themselves.
There are several ways businesses can prepare for cyber incidents. The first step is analysing the common causes of attacks: human error, poor risk awareness and lack of security measures. Thorough training of all employees makes a significant difference in minimising the number of cyber attacks a company faces. Security measures need to be regularly reviewed and updated to adapt to the evolving cyber risks. Lastly, companies must conduct due diligence with its third-party network service providers to ensure that have stringent cybersecurity measures.
Cyber risk is increasing in all sectors, and the marine industry is slowly adapting to the challenges it’s facing from cyber attacks. Insurance companies have yet to develop new models to effectively protect clients from the effects of cyber incidents. In the meantime, businesses need to boost their cybersecurity measures through thorough review, updating and training.