Skip to main content
Article

Cyber risk in the maritime sector

Fact or fiction?

Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)|Marine
N/A

September 30, 2020

Technology; great when it works, frustrating when it doesn’t. Our reliance upon technology, and in particular remote connectivity, has never been greater.

While any rewards are invariably well articulated, many misconceptions continue to pervade cyber risk – and it’s the consequences of these “cyber myths” that could result in significant financial cost.

Here are several cyber risk misconceptions that exist within the maritime sector to watch out for:

  1. 01

    Cyber risk does not affect the maritime sector

    An organization that relies upon technology for any aspect of its operation has cyber risk. The maritime sector is therefore exposed to the same cyber risk as any other industry sector. Note the recent study by Naval Dome which reported a 400% increase in cyber-attacks against the maritime industry between February and June 20201.

  2. 02

    Nobody is going to target a business in the maritime sector and therefore I have nothing to worry about

    Cosco2, MSC3 and most recently, Carnival4, are just three high-profile examples of companies in the maritime sector who were targeted by cyber-criminals. You do not, however, have to be a target in order to suffer the impact of a cyber-attack – just ask Maersk5 and many others, who were collateral damage in a cyber-attack whose target was Ukraine. It is well documented that Maersk suffered significant financial harm as a result of the attack.

  3. 03

    We have invested significantly in network security controls and have therefore eradicated the cyber risk

    Putting the right controls in place is a crucial element of cyber risk mitigation. Such controls, however, can only ever minimize the vulnerabilities in the network and/or decrease the likelihood of the threat. It is impossible to eradicate the risk altogether. Moreover, insider threats remain an issue. Employees make mistakes and, on occasions, seek to deliberately cause their employers harm.

  4. 04

    Losses arising from cyber risk are covered under our traditional marine insurance policies

    This, of course, could be correct depending on the terms of the insurance contract. Hull and machinery policies, however, typically exclude loss or damage where caused by a cyber-attack. In some cases, policies may be silent on whether loss arising from cyber risk is covered or excluded, which potentially gives rise to uncertainty.

  5. 05

    My hull and machinery policy includes a cyber-attack exclusion, but a cyber-attack can’t lead to property damage

    This is incorrect. For example, in 2008 a pipeline in Turkey exploded after cyber-criminals hacked into the pipeline’s control systems. Similarly, in 2014, hackers accessed the control systems of a steel mill in Germany causing significant physical damage. Whilst there have been no reported cases of physical damage to vessels caused by a cyber-attack, the increased reliance upon operational technologies such as GPS, AIS and ECDIS on board vessels, may increase the threat of physical damage.

  6. 06

    I’ve looked at cyber insurance solutions in the past and concluded the cover was not relevant to my business

    While cyber threats are the same regardless of the sector, the way in which they impact organizations can vary enormously. Traditionally, cyber insurance solutions were drafted on a ‘one size fits all’ basis. Cyber risk poses unique challenges and exposures for the maritime sector, however. This is why Willis Towers Watson has developed CyNav, an insurance policy designed by cyber and marine specialists, specifically to meet the needs of the maritime sector.

Footnotes

1 Naval Dome: 400% increase in attempted hacks since February 2020, 5 June 2020: https://www.offshore-energy.biz/naval-dome-400-increase-in-attempted-hacks-since-february-2020/

2 https://www.cybersecurity-insiders.com/cyber-attack-on-cosco/

3 https://www.cybersecurity-insiders.com/mediterranean-shipping-company-msc-hit-by-a-cyber-attack/

4 https://www.infosecurity-magazine.com/news/carnival-cruises-danger-ransomware/

5 https://uk.reuters.com/article/us-cyber-attack-maersk/global-shipping-feels-fallout-from-maersk-cyber-attack-idUKKBN19K2LE

Contacts

Andrew Hill
Executive Director - Product Innovation/Complex Claims Counsel

Ben Abraham
CEO, Global Marine

Anthony DiPasquale
Head of Marine North America

Contact Us

Related Capabilities