Since 2017, when the industry was shaken by the Not Petya malware attack at the world's largest shipping company, Maersk, shipping has been attempting to redefine the way it does business in terms of cyber security.
Vessels were unaffected, but the virus impacted a number of its container terminals and took out its online cargo booking and terminal systems, requiring the company to rebuild its network of 4,000 servers and 45,000 PCs.
High profile incidents have made people sit up and we now see more and more clients going through cyber security assessments and putting measures in place, such as contingency planning and stress testing of IT systems. Awareness is growing but the industry still has a long way to go,
...says Capt. Khanna.
The last year seemed to validate the cyber risk trend. The highlight of 2018 was a cyber breach affecting Cosco's operations in the US Port of Long Beach, on 24 July, which affected the giant’s daily operations. The company’s network broke down, and some electronic communications were not available as a result.
However, operations outside the US were not affected, while, less than a week later, its network applications were totally recovered.
On 25 September, the US Port of San Diego experienced a serious cyber disruption at its IT systems, which made the port employees to work in ‘limited functionality’. It is still unclear if the two incidents were related.
The sector is also being increasingly targeted by cyber extortion attempts and business email compromise attacks – a hacking group known as Gold Galleon tried to steal almost $4mn from ports and shipping companies in 2018.
In 2017, the IMO adopted its Maritime Cyber Risk Management in Safety Management Systems resolution, which requires ship owners and managers to incorporate cyber risk management into ship safety by 2021. Shipping bodies and classification societies are also providing guidance on cyber security.
The third edition of the industry’s cyber risk management guidelines - The Guidelines On Cyber Security Onboard Ships, published in December 2018, outlines a clear cyber risk management approach including implementing activities to prepare for and respond to cyber incidents.
The IMO’s cyber security requirement is set to come into force in 2021, however the risks are prevalent today, and shippers would do well to do more in the interim,
Cyber risk ranked at the top of Allianz Risk Barometer 2019, along with business interruption, as the top business risks for the current year. Cyber threat was also at the no 3 of Eurasia's top political risks that are most likely to arise this year.
Cyber is an issue for the shipping industry both onshore and at sea. A cyber-attack against a ship’s navigation system or industrial control systems could cause a grounding or a collision. It does not require much imagination to find scenarios where cyber can pose a danger to shipping, crew or cargo. Therefore, the insurance industry has to find an answer to this, including client services in addition to pure physical damage compensation, such as data forensic and emergency response support, for example,
...noted also Volker Dierks, Head of Marine Hull Underwriting, Central and Eastern Europe, AGCS.
The big unknowns for the near future are so-called “silent” cyber exposures in most traditional insurance policies which were designed when cyber wasn’t a major risk and don’t explicitly consider it.
This can create uncertainty for businesses, brokers and insurers about which loss scenarios are covered.