BIMCO is developing a clause dealing with cyber security risks and incidents that might affect the ability of one of the parties to perform their contractual obligations.

The clause is being drafted by a small team led by Inga Froysa of Klaveness, Oslo. Other companies involved include Navig8, the UK P&I Club and HFW, and the project is due to be completed in May 2019.

Planning and protecting is key

The BIMCO cyber security clause requires the parties to have plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident.

Mitigating the effect of a cyber security breach is of paramount importance and the clause requires the affected party to notify the other party quickly, so that they can take any necessary counter-measures. The clause is also designed for use in a broad range of contracts. This way, the clause can cover arrangements with third-party service providers, such as brokers and agents.

The liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of USD 100,000 will apply if no other amount is inserted.

Two important functions

The clause will fulfill two important functions. The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.

In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details.