UK P&I Club highlighted the importance of cyber security at sea, explaining that the use of computerised systems for everything, from navigation to container inspection, has enhanced the safety and security of vessels at sea, but it has also created a new type of threat to the shipping industry – cybercrime.
David Thompson, Investigator at UK P&I Club’s Signum Services consultancy arm, said: “The risks around cyber security and insurers’ exposure to these risks are a concern for the industry and regulators alike. We are continually monitoring both the operational and insurance cover ramifications of exposure to cyber risk.”
Thompson explains that cyber disruption and hostile attacks are immediate, unforeseen and have potentially global consequences. A technological breach will leave a company exposed, risk operational downtime, and potentially scrutiny by regulators over compliance policies.
“Cyberspace is a rapidly changing environment and all organisations work differently, as such guidance to reduce or mitigate risk must be broad. Companies and individuals should take a holistic approach to security that can respond to evolving risks. Information technology and operational technology onboard ships are being networked together – and more frequently, connected to the worldwide web. This brings the greater risk of unauthorised access or malicious attacks to the ship’s systems and networks.”
Thompson adds that additional risks occur from personal communication devices having access to the systems onboard, for example, by introducing viruses via smartphones. The culture of cyber security will be company specific, but should be guided by appropriate standards and the requirements of relevant national regulations, he advises.
“In many ways, the safeguards required for effective maritime cyber risk management are no different to those that should be followed in all instances. Up to date IT security is essential, but in reality, it’s people who are the problem. The UK Government Information Security Breach survey indicated that in 2015, 75% of large organisations suffered staff related security breaches, and that 50% of the worst breaches were human error. Therefore, encouraging a culture of awareness and understanding throughout all organisations is essential”.
UK Club recommends operators:
- To be vigilant, avoid complacency and always be suspicious, as well as to have the potential for fraud at the forefront of their minds.
- To check out new customers or suppliers. If someone contradicts an instruction about payment, they should ask questions.
- Ensure computer software and security is up-to-date. They should not give out personal details, and definitely not give personal financial information over the telephone, be candid on social media and always ensure passwords are strong and changed on a regular basis.
“Organised crime has moved ‘on line’ and criminals know that there are huge profits to be made with very little chance of being caught. In the cyber world, the mantra is definitely ‘Prevention is better than cure’”, concludes Thompson.
Source: UK P&I Club