Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

Cyber risk insurance

November 15th 2017
The shipping industry is becoming ever more reliant on technology, making it at the same time more vulnerable to cyber attacks.

Protection from cyber threats is key, although there are a lot of uncertainties in this field as well.

Obtaining insurance for a company's assets in case of a cyber attack is one way of making sure the ship owner or operator stays protected.

Nonetheless, there are numerous challenges at the moment with regard to cyber risk insurance.

In an interview with World Maritime News, Lars Lange, secretary-general of the International Union of Marine Insurance (IUMI), said the main challenges with cyber risk were threefold.

"Initially, the threats and vulnerabilities of the risk must be identified, which can be challenging as cyber risk is constantly evolving and developing.

"Once these have been identified then the risk exposure must be assessed accordingly to see how it can be insured. Finally, it is vital that the insured's crew, staff and all stakeholders are trained and educated on the potential dangers of cyber risk in order to gain a better understanding of the issue and how to protect themselves from it," Mr Lange explained.

Speaking of the role of marine insurers in helping maritime industry players protect themselves from cyber attack risks, Mr Lange said IUMI's role "is to invest in educating and informing our members on key trade issues, as well as helping in assessing the risk.

"Through co-operation with all stakeholders and partnerships with a variety of other organisations, we are using our knowledge and expertise to ensure accurate risk assessment of cyber attack risks and helping to identify and implement best practice solutions."

IUMI is an active member of two industry-working groups created to better address cyber safety concerns.

Namely, IUMI is a member of the joint industry-working group, spearheaded by BIMCO, which recently published the second edition of The Guidelines on Cyber Security Onboard Ships.

The new version includes information on insurance issues, as well as a new subchapter examining a shipowner's insurance coverage following a cyber incident, as this is an important part of the risk assessment that shipowners should now take into consideration.

IUMI is also part of the International Association of Classification Societies (IACS) Joint Working Group on Cyber Systems which supports the IACS Cyber Systems Panel.

This panel was introduced to focus on developing recommendations as a first step.

"Alongside all of this, we are also engaged in the transparent discussion of cyber threats and are particularly part of the discussions at the International Maritime Organization (IMO)," Mr Lange explained.

WMN: How would you assess the market preparedness to cyber threats following the Maersk attack and BIMCO's release of recommendations on cyber security management? Should this preparedness and risk assessment be mandatory for shipowners?

Lange: The market is certainly making progress on cyber security and recommendations such as BIMCO's Guidelines of Cyber Security Onboard Ships are steps in the right direction.

But the industry is not ready yet since this is a "moving target".

Activities are in progress to make the risk assessment of cyber threats mandatory for shipowners.

At the Maritime Safety Committee (MSC) 98 Meeting (June 2017) it was decided that cyber risk management onboard ships should become part of the ISM Code and accordingly, it would be part of the ship's mandatory Safety Management System by 2021.

IUMI welcomes this. The same direction was chosen by the EC's "NIS directive".

WMN: Based on your experience, has there been a rise in insurance claims because of cyber attacks?

Lange: Not yet to our knowledge which is why cyber risk is challenging to assess.

It is likely that there have been many cyber incidents that have already happened without knowing that the root cause of the incident was cyber.

When it comes to potential cyber attacks there is a lack of claims experience.