2018-03-09_14h38_45.png

Cyber Risks and P&I Insurance

March 9, 2018 CYBER SECURITY

Cyber Risks and P&I Insurance

The maritime industry’s reliance on computers and its increasing interconnectivity within the sector makes it highly vulnerable to cyber incidents.  Cyber poses a threat to all parts of the shipping sector; Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and technological networks.How can cyber risks occur in the shipping industry and what is covered under the P&I Rules.

Cyber Risks and P&I Insurance

What are “cyber risks”?

• Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and
technological networks
• All businesses rely heavily upon computer systems to sustain their operations, but these systems are
vulnerable
• Cyber risks comprise risks related to hacker attacks, virus transmission, cyber extortion, network downtime and data security breaches
• A maritime cyber risk can be defined according to the IMO Interim Guidelines on Cyber Risk Management as “the extent to which
a technology asset is threatened by a potential circumstance or event,which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised”

How can cyber risks occur in the
shipping industry?

• Commercial ships are increasingly more dependent upon computers and computer software to operate and control various shipboard systems
• Safe ship operations are reliant on bridge systems such as ECDIS (Electronic Chart Display and Information System),AIS (Automatic Identification System) and GPS (Global Positioning System)
• Main and auxiliary propulsion systems rely increasingly on computers to operate efficiently
• Ship networks are connected to the internet As with computers ashore, shipboard
systems are vulnerable to cyber-attacks
• Hackers can take advantage of vulnerabilities in a network to access servers;this can enable hackers to access,remove and manipulate sensitive data
• Even a simple mobile phone charging process using a USB port in the ECDIS system can cause a virus to render a system inoperable
• If ships’ systems are attacked, the effect could be extremely perilous
• A cyber-attack could catastrophically impact the safe navigation of a vessel, both in terms of its ability to avoid hazards and in terms of its stability
and cargo operations
• A cyber-attack could lead to collision, personal injury, property damage, pollution or even to a shipwreck.

Are cyber risks excluded from P&I cover?
• No.As a general rule, P&I liabilities – which are set out in Rule 2 of the
UK Club Rules – are not subject to any exclusion of cyber risks
• Nor is the International Group Pooling Agreement subject to a cyber
risk exclusion
• Some maritime cyber risks, however, don’t come within the scope of P&I because they don’t arise from the
operation of a ship.An example is the risk of monetary loss where a shipping company is blackmailed to pay a ransom for the restoration of IT data
or restoration of IT systems that have been compromised by cyber-attack

Cyber Risks and P&I Insurance

Source UK P&I CLUB click to download full Q&A