The Shipowners’ Club, the leading mutual P&I insurer in the smaller and specialist vessel sector, has chaired its first-ever webinar, on the topic of Maritime Cyber Security.
02 August 2017 – The webinar, held in partnership with Ian Hirst of MAST Security and Steven Jones of Mc Watt and Jones, aimed to outline sources for potential cyber security vulnerabilities and provide guidance to mitigate against the risks.
Louise Hall, Director of Loss Prevention at the Shipowners’ Club comments:
“The true extent of shipping’s cyber vulnerabilities remains uncertain and a ship owner’s readiness for cyber threats is of huge importance to keeping ships safe, secure and operable. It is with this in mind that the Club opted to host a webinar to assist Members in the mitigation of these risks.”
A recording of the webinar is available to view, using the following link and the password Vm53sqaT
Notes for editors
The Shipowners’ Club is a mutual marine liability insurer, providing Protection and Indemnity insurance for small and specialist vessels since 1855. The Club is a member of the International Group of P&I Clubs and works with more than 600 brokers globally to insure over 33,000 vessels across a range of operating sections and geographical areas.
Transcript of Q&A
Q. Do you think that the seaworthiness of a ship will soon be questioned if crew are not suitably trained in Cyber awareness?
A. MSC.428 (98) Maritime Cyber Risk Management in Safety Management Systems, affirms that an approved SMS should take into account cyber risk management in line with the objectives of the ISM Code. If a management system is in place all crew must be trained on and understand its content. This therefore would contribute to the overall seaworthiness of the vessel.
Q. Will you address the `be cyber aware at sea` initiative?
A. Not in this presentation, however this is an initiative that the Club fully supports. Details of this can be found on the Club’s website, www.shipownersclub.com
Q. Why do many insurance companies exclude cyber attacks from their policy?
A. Cyber risks are difficult to quantify. This, together with historical reasons dating back to Y2K, is the primary reason. As for the Club, we are one of the thirteen IG Clubs providing P&I cover. The fundamental features of cover are identical between Clubs. The IG position on cyber is that there is no exclusion other than for paperless trading. Therefore a variety of P&I claims with a cyber element fall within cover. However there are exclusions for war and terror risks. We are happy to answer specific questions individually.
Q. CL 380 is essential to Hull policies right? Not applied to P&I insurance!
A. CL 380 would ordinarily be included in hull policies. See previous question for the answer on the P&I position.
Q. Are there training courses available for seafarers?
A. Yes, these at present tend to be predominantly bespoke to the individual operators’ requirements and can consist of one to one or group based training. For further info we can assist, please contact us.
Q. Ian did mention a sort of simple/basic/beginners questionnaire. Where can I get that?
A. You can Google cyber essentials and you can download the self assessment questionnaire.
Q. Is cyber security more a concern for autonomous vessels?
A. It’s a risk like anything else, but it is an emerging technology so it will have its own unique vulnerabilities. This technology would need to be managed with the appropriate skill set. There would also need to be risk assessments conducted before bringing the vessel into action.
Q. In case of absence of Cl 380 from the insurance policy, does it mean that all cyber attacks are covered?
A. We can only comment in relation to P&I. Even in the absence of CL 380, there are cyber restrictions on the cover in the Group war risk extension for terrorist acts. For example if a terrorist group took control of a vessel with intent to cause harm.
Q. Can there be any counter Clause to 380 if the vessel is ECDIS Primary? In such condition you don’t keep paper charts and if the duplicated ECDIS system is attached vessel can go in danger! I don’t think that we will go back to paper charts because of treat.
A. Agreed. Cyber risks are still emerging and the approach of the insurance market will change. In fact, we are actively amending our policy clauses to offer appropriate cyber cover and we will publish these shortly
Q. If a crew member on board had his computer and because of the cyber insecurity he lost his data and computer burned! Also his passwords and codes hacked! Can the crew member claim his losses? Such as bank accounts and computer? I know this is a scenario!
A. There is not a specific exclusion of cover for this scenario. However, we would question whether there was in fact a liability element here (essential for a P&I claim).
Q. Some (H&M) markets offer Cl. 380 buy back. Is that the cure?
A. In a limited way. The buyback we are aware of however has serious limitations. At present the so called BioChem extension is limited to $30m and is for crew liability and sue and labour risks only. We are addressing this shortfall in cover.
Q. The Cyber exclusion clause appears in most policies. In turn, a Cyber Insurance policy will conta Propety Damage/Bodily Injury exclusion clauses. So what level of cyber insurance protection can a port operator realistically able to procure these days?
A. As a P&I club this outside our area. However, our understanding is that there is no standard cyber insurance policy available currently. We would advise that you speak to your broker who will no doubt point you in the right direction.