Port cyber-attacks are now one of the biggest and most sophisticated threats facing port operators, notes Ed McNamara, CEO, Armada Risk Partners & Cleveland Ohio port insurance broker.
agoya in Japan has become the latest in a long line of global ports to be targeted by a ransomware attack. The incident, in early July, had severe consequences disrupting cargo packing procedures, deleting large amounts of data and forcing the suspension of operations at the container terminal.
With criminal gangs and nation states now pumping resource into cyber warfare how can ports get the best possible cyber-attack insurance in place?
1) Undertake a thorough cyber review before sourcing insurance
As Ports are now painfully aware the nature of their set up makes them vulnerable to attack. Hosting large numbers of vessels operated by a wide variety of companies employing a range of different IT systems provides a perfect environment for network intrusions, hacks and ever more sophisticated ransomware attacks.
When looking at cyber insurance, evaluating your organisation’s overall cybersecurity capabilities across all areas and the exposure to risk is a good starting point for port and terminal operators.
It is important to undertake this review as part of a strategic approach to sourcing port cyber insurance. It is now more vital than ever to get your systems and processes as secure and up-to-date as possible before engaging with the insurance companies.
At Armada we advise ports to present the strongest picture to would-be insurers in order to secure the best coverage and reduce premiums.
Insurers are looking for hard evidence of robust risk management policies and protocols, including well-prepared cybersecurity policies, along with regular assessments and continuous employee training.
This should include identifying potential threats, assessing the value and sensitivity of the data that you handle, and evaluating your current security measures.
2) Commit to continuous cybersecurity improvement
Cyber insurance is a vital consideration in any cyber risk mitigation strategy. Insurance can play a key role in helping pay for recovery costs if you suffer a ransomware attack, data breach and any business interruption. It can also cover third-party liabilities.
Moreover, there are polices that provide incident response support, giving access to expert teams to provide guidance and support in the event of an attack, again helping mitigate the damage caused.
However, it is important to stress that cyber insurance cover doesn’t release any organisation from the responsibility of managing its cyber risks. It requires ports and terminal operators to sustain a cybersecurity programme with continuous improvement at its heart.
3) Be aware cyber insurance market is changing
The insurance marketplace is responding sharply to the increased threat of cyber attacks on ports.
The result is a fluid and constantly changing market. Cyber premiums are rising, driven by the increasing activity and claims, while coverage is, in many cases, diminishing.
We advise searching for policies that cover a wide range of cyber risks. including data breaches, ransomware attacks, business interruption, and third-party liabilities. Consider the policy limits and deductibles that best suit your port’s risk profile. Ensure that the policy’s limits adequately cover potential financial losses, including costs associated with breach response, recovery, and legal expenses.
4) Stay alert to new threats
Be aware cyber risks are evolving rapidly. And it is vital that port operators keep up to speed. That means being thoroughly informed and acting when it comes to emerging threats, regulatory changes and industry best practices.
Even after your insurance is in place ensure you should regularly review that insurance coverage to ensure it is still adequate. Be aware your current policy may not be addressing the latest threats.
5) Work with port specialist
It is good practise to work with a broker who is well-versed in understanding the nuances of cybersecurity and is keeping abreast of the changing port insurance landscape.
It is wise for CEOs themselves to examine the fine print of any insurance renewal and work with the broker who should go the extra mile and source a wide variety of quotes. Do not automatically renew with your existing provider, check the coverage itself as this could have changed significantly. And do not base the renewal on cost, as this could result in you being dangerously exposed and under insured.
Your broker needs to fully understand your business and research the policies that are best suited to your port’s set up, risk profile and type of operations. They can also provide advice on specific compliance standards that your port may have to follow.
The views presented are only those of the author and do not necessarily reflect those of SAFETY4SEA and are for information sharing and discussion purposes only.