On the sidelines of the International Union of Marine Insurance’s (IUMI) annual conference in late September, cyber security firm Naval Dome called on marine insurers to revoke the controversial ‘Clause CL 380’ and implement policies that insure against the risk of cyber-attacks on ship systems.
Namely, the Clause in contention reads:
Subject only to clause 1.2 below, in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process or any other electronic system.
2.1: Where this clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, Clause 1.1 shall not operate to exclude losses (which would otherwise be covered) arising from the use of any computer, computer system or computer software program or any other electronic system in the launch and/or guidance system and/or firing mechanism of any weapon or missile.
Speaking in the event in Cape Town, Naval Dome CEO Itai Sela noted that, with the maritime industry increasingly moving towards connected, cloud-based technologies and autonomous operation, a 15-year-old Clause that excludes damage to computer systems, code or software is archaic:
Why do insurers continue to implement CL 380 when there is a high probability that a computer will be hacked and, importantly, when there are many different ways and means of protecting shipboard computer systems? What we have is an industry on the cusp of a technological change. The rapid implementation of advanced autonomous technologies and machine learning capabilities will change the way in which ships are operated, but such developments will also leave the industry open to more system breaches and unauthorized intrusion unless there are systems and policies in place to mitigate against such risks.
In addition, Sela suggested the maritime industry should follow the automotive sector’s lead. The sector has introduced software-based safety solutions to road vehicles that, despite not being initiated by the insurer, have proven to protect drivers (and insurers) against theft or damage, which helps towards mitigating risk and reduce premiums.
As an example, MobilEye, a technology Intel bought in 2017, is now commonplace in vehicles and has helped improve road safety, reduce human error, possibly determine culpability and reduce insurance premiums for those that have it.
Why then, considering the current evolving maritime situation and the increase in cyber-attacks – which the insurance sector repeatedly warns of a need to protect against – is there no cyber insurance policy?