Skip to main content
main content, press tab to continue
Article

Cyber risk in the maritime sector

Fact or fiction?

September 30, 2020

Technology; great when it works, frustrating when it doesn’t. Our reliance upon technology, and in particular remote connectivity, has never been greater.
|Financial, Executive and Professional Risks (FINEX)|Marine
N/A

While any rewards are invariably well articulated, many misconceptions continue to pervade cyber risk – and it’s the consequences of these “cyber myths” that could result in significant financial cost.

Here are several cyber risk misconceptions that exist within the maritime sector to watch out for:

  1. 01

    Cyber risk does not affect the maritime sector

    An organization that relies upon technology for any aspect of its operation has cyber risk. The maritime sector is therefore exposed to the same cyber risk as any other industry sector. Note the recent study by Naval Dome which reported a 400% increase in cyber-attacks against the maritime industry between February and June 20201.

  2. 02

    Nobody is going to target a business in the maritime sector and therefore I have nothing to worry about

    Cosco2, MSC3 and most recently, Carnival4, are just three high-profile examples of companies in the maritime sector who were targeted by cyber-criminals. You do not, however, have to be a target in order to suffer the impact of a cyber-attack – just ask Maersk5 and many others, who were collateral damage in a cyber-attack whose target was Ukraine. It is well documented that Maersk suffered significant financial harm as a result of the attack.

  3. 03

    We have invested significantly in network security controls and have therefore eradicated the cyber risk

    Putting the right controls in place is a crucial element of cyber risk mitigation. Such controls, however, can only ever minimize the vulnerabilities in the network and/or decrease the likelihood of the threat. It is impossible to eradicate the risk altogether. Moreover, insider threats remain an issue. Employees make mistakes and, on occasions, seek to deliberately cause their employers harm.

  4. 04

    Losses arising from cyber risk are covered under our traditional marine insurance policies

    This, of course, could be correct depending on the terms of the insurance contract. Hull and machinery policies, however, typically exclude loss or damage where caused by a cyber-attack. In some cases, policies may be silent on whether loss arising from cyber risk is covered or excluded, which potentially gives rise to uncertainty.

  5. 05

    My hull and machinery policy includes a cyber-attack exclusion, but a cyber-attack can’t lead to property damage

    This is incorrect. For example, in 2008 a pipeline in Turkey exploded after cyber-criminals hacked into the pipeline’s control systems. Similarly, in 2014, hackers accessed the control systems of a steel mill in Germany causing significant physical damage. Whilst there have been no reported cases of physical damage to vessels caused by a cyber-attack, the increased reliance upon operational technologies such as GPS, AIS and ECDIS on board vessels, may increase the threat of physical damage.

  6. 06

    I’ve looked at cyber insurance solutions in the past and concluded the cover was not relevant to my business

    While cyber threats are the same regardless of the sector, the way in which they impact organizations can vary enormously. Traditionally, cyber insurance solutions were drafted on a ‘one size fits all’ basis. Cyber risk poses unique challenges and exposures for the maritime sector, however. This is why Willis Towers Watson has developed CyNav, an insurance policy designed by cyber and marine specialists, specifically to meet the needs of the maritime sector.

Footnotes

1 Naval Dome: 400% increase in attempted hacks since February 2020, 5 June 2020: https://www.offshore-energy.biz/naval-dome-400-increase-in-attempted-hacks-since-february-2020/

2 https://www.cybersecurity-insiders.com/cyber-attack-on-cosco/

3 https://www.cybersecurity-insiders.com/mediterranean-shipping-company-msc-hit-by-a-cyber-attack/

4 https://www.infosecurity-magazine.com/news/carnival-cruises-danger-ransomware/

5 https://uk.reuters.com/article/us-cyber-attack-maersk/global-shipping-feels-fallout-from-maersk-cyber-attack-idUKKBN19K2LE

Contacts


Andrew Hill
Executive Director - Product Innovation/Complex Claims Counsel

Andrew joined Willis Towers Watson’s Cyber and TMT team in February 2018 having spent several years practising as an insurance lawyer at a leading law firm in the City of London, during which time he advised insurers and their policyholders on cyber risk.

Prior to joining Willis Towers Watson, Andrew was listed in Legal 500 as a ‘Next Generation Lawyer’ where he was commended for his expertise in the field of cyber insurance.

Andrew is now responsible for advising clients their cyber risk and developing solutions for their specific requirements. He is the co-author of WTW’s proprietary wording, CyCore, and recently drafted CyNav, a sector specific insurance policy for organisations in the marine sector, which was successfully launch in April 2020.


CEO, Global Marine

Marine Industry Vertical Division Leader, North America

Contact us