While many insurance policies specifically exclude losses or liabilities’ arising from cyber risks, IG P&I cover does not.
Until relatively recently cyber security has not really been an issue for ships. Nowadays, however, not only are ships’ internal systems inter-connected, but ships themselves can be as connected to the rest of the world by satellite or internet connections as any land-based office and as vulnerable to cyber threats as any home or office.
Any P&I cover can be prejudiced by the failure to take reasonable steps to prevent foreseeable loss or liability, and as more and more potential cyber risks are being identified all clubs will expect to see operation of sensible and properly managed cyber risk policies and systems both ashore and on vessels if a cyber risk leads to a claim.
Shipping is already a target
Shipping companies are constantly being targeted by cyber criminals. An attack can affect a company’s bottom line, damage its reputation or disrupt its business.
- Ships’ equipment – GPS, ECDIS and AIS systems.
- Business systems – hackers exploit vulnerabilities to access company servers to remove or manipulate data or to deny access to it until a ransom is paid.
- Cargo information – weak system security can lead to the manipulation of cargo data and lead to the smuggling of drugs, weapons, and human trafficking.
- People – the most effective entry point for a hacker to access a company is through a person, something made more and more easy using social media sites and smartphones.
One of the main means for cyber criminals to gain access to a company’s systems is through its employees. In most cases this is entirely inadvertent; the individual will have been taken in by a scam of some kind or will be unknowingly connecting a compromised device to the system. It is therefore important that companies have robust cyber security policies, that staff are trained in them and that they are followed.
Cyber Resilience is the key
It is unlikely that all systems can ever be 100% secure so developing cyber resilience is the key to managing cyber risk. An approach which joins resistance, response and learning from attacks will lead to better resilience.