LittleLaw looks at… Maritime cyber-security
Braving the storm: Insuring against wave after wave of maritime cybersecurity threats
July 17, 2020
6 min read
What’s going on here?
Over the years, high-profile incidents such as the USS Cole bombing¹ and Achille Lauro2 have led maritime security to be placed at the forefront of international concern, in order to protect trade, national security and retain stability across the global economy. However, despite significant efforts to address criminal activities across the maritime domain, the increased sophistication and capabilities of technology render the new threat of cyber-attacks a significant problem for global business.
After a quick look at cybersecurity as a whole, we will delve into three key issues in the maritime security world. Firstly, we will consider the commercial impact of cyber-attacks upon global businesses. Secondly, the increasing demand for maritime insurance in this area and thirdly, how Astaara Company Limited (a maritime insurance company) has accepted the challenge to fulfil these growing demands by providing “game-changing”3 cybersecurity insurance services across the maritime domain.
Where cybersecurity attacks are continuing to grow in sophistication and frequency, the future of maritime security law and insurance resides in protecting against such threats.
What is cyber-security?
Within the UK’s National Cyber Security Strategy, HM government defines cyber security as:
“…the protection of information systems (hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm and misuse. This includes harm caused intentionally by the operator of the system, or accidentally…”4.
Motivations for conducting cyber-attacks are varied. Neatly summarised by Isidoros Monogioudis, motivations could include; reputational damage, disruption of operation, financial gain, commercial or industrial espionage, and even political gain5. The common denominator among such motivations, however, is the inevitable threat and potential damage to businesses across the globe.
According to Chris Chatfield, a London based partner at Kennedys, a problem for companies and businesses placed within the maritime domain has been the traditional adoption of the CL.380 Cyber Attack Exclusion Clause within marine insurance contracts:
“1.1 [I]n no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process or any other electronic system”6.
Having been constructed in 2003, Chatfield notes that “its impact is pretty draconian,” particularly in consideration of the growing threats of cybersecurity attacks7. Fortunately, in recent years the inadequacies of such long-held contractual clauses have been increasingly scrutinised and placed under review across the sector. By looking at real-world implications of maritime attacks and the scale of financial loss, we will see why greater protection is a priority.
The commercial impact of cyber attacks
Many recent and infamous breaches have increased the awareness of both the risks and commercial impact of cyber-attacks. For example, in 2017 the Danish shipping company Maersk, one of the largest container shipping companies in the world, suffered a globally coordinated cyber-attack. By shutting down IT systems and port-to-port communications, the transportation of goods across 76 port terminals were affected8. At first glance, two weeks disruption of business appears seemingly little. However, for a business which is responsible for the transportation of “15 percent of global trade by containers”9 it incurred significant financial consequences, with losses predicted to have amounted to as much as $300m10.
Moreover, not all cyber-attacks are willingly reported, often with good reason. James Fisher and Sons, a provider of marine engineering services, adopted a method of transparency regarding a cyber-attack suffered in November 2019. After openly admitting the reasons for shutting down its digital systems, company shares fell by 5.7%11. The reasons for these shares dropping may include the risk that data obtained from such cyber-attacks could be adapted to track future developments, or even predict company plans for the future. This indicates that some maritime businesses may find it strategically beneficial to retain discretion when such attacks occur, to protect shares and prevent the potential withdrawal of investors.
Fortunately, with the availability of maritime insurance providing effective risk management and security awareness, this provides much hope for both the prevention of such attacks and swift recovery, reducing any financial losses as far as possible.
Astaara’s “Game-changing” cyber insurance
In recognition of the global significance for addressing cybersecurity threats, the insurance services provider Astaara launched new initiatives directed towards protecting maritime companies, combining their specialities in analytics, underwriting and risk management12.
As emphasised by Chief Executive Robert Dorey, at the centre of Astaara’s multidisciplinary offerings is to “create a solution that is relevant and necessary” to the demands of the maritime industry13. With the maritime environment constantly evolving, both for ports on land and ships at sea, this commitment to providing “the product that maritime companies want” and need, as well as “minimising the cost and disruption following a cyber event” is a welcome relief.
By directly responding to the needs of the maritime community and innovating beyond the remits of the “entrenched and siloed [insurance] market,”14 such developments in cybersecurity signify a key step forward for both maritime businesses and the insurance sector as a whole. The West of England P&I Club, a leading insurance provider to the global maritime industry, explicitly recognises this importance. It invested significantly in June 2019.
Responding to COVID-19
Requiring immediate attention, however, is the impact of COVID-19 upon the present business climate. Already faced with the “ever-increasing sophistication of cyber-attacks which disrupt supply chains, and stakeholders’ confidence in their investments,”15 there has been a “four-fold increase in cyber-attacks in the maritime industry since February”16. In light of systemic responses to accommodate the safety of workers during COVID-19, these attacks are not a mere coincidence. Rather, in recognition of the increased reliance upon digital forms of communications to ensure the health and safety of workers across the maritime domain, more opportunists are noting the vulnerabilities of relying so greatly upon technology.
More so than ever, where there are heightened threats seeking to take advantage of weaknesses wherever possible, businesses and insurance providers need to be increasingly prepared to protect against these threats. With trade and transportation central to the functioning of society and the global economy as a whole, it is therefore fortunate maritime cybersecurity is being recognised not simply as a desirable form of protection, but a necessity in the 21st Century.
LittleLaw’s Verdict: Looking towards the future
Traditionally, cybersecurity has been a tricky domain to navigate due to its complexity and rate of development. However, whether through high-profile events or the growing reliance upon digital forms of communication due to COVID-19, it is steadily obtaining crucial recognition across the maritime industry. With insurers such as Astaara increasingly willing to provide the protection and security required, this could be a turning point for cybersecurity by transforming into a leading sector within the insurance industry, from which legal expertise is likely to become increasingly demanded.
Overall, as a matter of global importance in ensuring international trade is protected and businesses are able to continue to function, it is clear that the future of maritime insurance resides in cybersecurity.
Report written by Karolina Smolicz
Share this now!
- USS Cole Bombing Fast Facts (CNN, 20 February 2020).
- Achille Lauro Hijacking (Encyclopaedia Britannica).
- Astaara launches game changing cyber insurance offering for the maritime industry (Astaara Company Limited, 4 June 2020).
- National Cyber Security Strategy 2016-2021 (HM Government, 2016) 15.
- Maritime Cyber Security: A widening net (Safety4Sea, 12 February 2019).
- Chris Chatfield, Cyber exclusion clauses – are they fit for purpose? (Kennedys, 19 June 2018).
- Maersk Line: Surviving from Cyber Attack (Safety4Sea, 31 May 2018).
- Cyberattack cost Maersk as much as $300 million and disrupted operations for 2 weeks (Los Angeles Time, 17 August 2017).
- Cybersecurity in marine industry lags despite waves of attacks (Insurance Business UK, 18 March 2020).
- Astaara Company Limited (n 3).
- Above n12.
- Astaara cyber insurance service gets West of England P&I investment (Smart Maritime Network, 16 June 2020).
- British Ports Association and Astaara help ports manage their cyber risk (Astaara Company Limited,18 June 2020).
Check out our recent reports!