A company we worked with recently on cyber resilience found that our work also improved their ability to recover from general technical failures. We identified areas that they had previously not considered – vulnerabilities that they did not know were vulnerabilities.
We asked them what their process was for recovering from a complete ECDIS failure and how long they expected it would take them to recover.
We listened and found that there were areas that could be improved. We worked with them to give them the ability to rebuild their bridge systems from the ground up if they needed to. Our team worked with the vendors to get them the software they needed and arranged for the crew to be trained to implement the recovery plan. It turned out it was quite simple to put in place but they had never before asked the “what if” question, they had never considered there could be a better way of doing things. They now have in place a far quicker, cheaper and simpler system of recovery than flying a specialist software engineer out to the vessel location or downloading a massive file over a VSAT connection.
That’s a typical situation that we come across. By working on cyber resilience, asking the right questions, my team identified operational improvements.
It’s about looking at the world through a different prism. About identifying problems and coming up with practical solutions that cause the minimum of disruption and ensure that, if any losses our outages do occur, they remain minimal. Forewarned is forearmed as they say.
Simply asking the question “Have we considered the cyber risk for X” brings it into the conversation. You don’t need to know the answer, you just need to make sure that someone else does.
Similarly, we work with some of the world’s leading insurance brokers and that is because we make their risks less risky. That’s good for them because it reduces the level of claims and good for us because we get more business. But the main beneficiary is the end client. They get cheaper insurance cover, less exposure to risk and enhanced operational resilience. It’s a virtuous circle.