The shipping industry is too slow in gearing up to face the cyber risk and deal with the forthcoming regulatory changes around cyber, said Philp Roche, partner of Norton Rose Fulbright in a recent interview posted on the law firm’s website.
According to Mr. Roche, shipping is characterized by a great deal of scepticism, as there has been good advice over the last years from organizations, as BIMCO and International Chamber of Shipping, on how to risk-manage cyber risks, and shipping just needs to get on and start implementing that sort of thing now.
There is a degree of scepticism. There are areas of shipping industry which are very network-dependent on IT such as containers, but generally people believe that industrial shipping isn’t too affected by this. But that said, we are seeing increasing amounts of ransomware and that type of hacking, which is causing issues for shipping: delay, disruption, off-hire type things, and shipping really needs to start thinking very hard about how it’s going to deal with this. There’s plenty of industry guidance.
Another aspect to it, his co-speaker Mr. Steven Hadwin added, is the legal changes that came and are coming into force, such as the General Data Protection Regulation, that applies to pretty much everyone in the shipping industry.
GDPR in particular, we can be talking about a fine of up to four per cent of an organisation’s global turnover in the worst case. So certainly things should be considered, you know, in detail now before their implementation in the next few months. But I guess coupled with that we also have the requirements which are being imposed by the IMO as well, which are also going to be significant.
Tackling these challenges is just a matter of risk assessment and risk management, Mr. Roche added.
Shipping is great at doing that. They just need to turn their minds to doing it in relation to cyber risk.