BIMCO launched a new standard Cyber Security Clause that requires the parties to implement cyber security procedures and systems, to help reduce the risk of an incident and limit the consequences in the possibility of a security breach occurring.
Specifically, the clause has been written by leading Inga Frøysa of Klaveness, with representatives from shipowners, P&I clubs and a law firm, and will be published in the end of May.
Mainly, the clause is written in generic language in order for everyone to be able to read it, and being able to use it in a variety of contracts and in a string of contracts for easy back-to-back application.
Inga Frøysa commented
I am very pleased to see BIMCO as the first mover on this important topic. Recent years have shown that there is a clear need for a clause addressing the contractual issues that can arise from a cyber security incident.
She continued that it’s important to the subcommittee imposing obligations on the parties. This could be achieved in two ways:
- Through an immediate notification from the party who becomes aware of an incident to the other party;
- Through a more detailed notification once the affected party has had the chance to investigate the incident.
Moreover, the clause demands parties to always share subsequent data, that could possibly help the other part eliminating or preventing any effects from the incident.
Mainly, the level of the cyber security needed will depend on factors as the size of the company, its geographical location and the nature of business.
Concluding, the clause requires each party to use reasonable endeauvors to ensure that any third-party providing services on its behalf in connection with the contract, has appropriate cyber security.