Maritime Cyber Risk
Maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
Cyber risk management means the process of identifying, analysing, assessing and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders.
Maritime-Cyber Ransomware Scenario
Attackers or hackers can use ransomware to hold a target hostage for ransom. This can have unique outcomes in the maritime environment, as it could either lock crew or passengers in their rooms (for example, on a cruise ship) or possibly even lock ship controls, leaving the entire ship drifting and vulnerable at sea. To raise awareness, researchers at Plymouth University have filmed this scenario on one of the university's ship simulator, while researching technological and policy-based solutions.
Cyber risk policies tend to include the following policy sections either as standard wording or by specific endorsement. Specifically, the cyber risk policy covers:
Incident Management & Response 24/7/365
After the initial triage process, you will be assigned a dedicated and experienced claims handler that will act as your primary point of contact throughout the lifecycle of the claim.
Your contact will be able to support you during and after an incident, including:
• Providing access to our extensive partner network, including offering advice as to the right companies to use to resolve your particular incident quickly and cost effectively
• Coordinating the incident response and carefully reviewing the scope of work and performance of the specialist teams, ensuring that the incident is handled within the scope of your policy and alerting you when this is not the case.
• Providing central communication and a single point of contact to ensure that you and your key stakeholders are kept up to date with the progress of any claim
Privacy and data breach - the unauthorized disclosure of personally identifiable information. Cover includes
- Liability claims.
- Defense against regulatory action (and penalty where insurable).
- First-party response costs, including the notification of affected individuals.
- Forensic IT costs involved in investigating a security breach that led to the disclosure.
Business interruption - Coverage can be triggered by certain intangible (non-physical damage) business interruption events, such as hacking of IT systems and the negligent acts of staff causing software/hardware failure.
Hacking damage - The reconstitution of data, and the replacement and/or repair of software following a hack.
Extortion - Covers the cost of the ransom demand arising from a hack and the appointment of an expert negotiator to deal with the extortionist.
Multimedia - Provides protection against claims arising from defamation, intellectual property infringement, and invasion of privacy through content published online (corporate website, corporate pages on social media platforms, etc.).
Cyber Crime - Crime cover for a wide variety of third party electronic crimes involving
- electronic wire transfer fraud
- telephone hacking
- social engineering
GDPR and Shipping Industry
Organisations in the shipping industry may collect a lot of personal data, from email addresses of business contacts and counterparties to vessel crew and passenger information, as well as information about their own employees.
Crew and contractors are vetted and managed. Immigration law obligations in numerous jurisdictions require certain personal information to be shared. Every business transaction involves interaction with individuals working for corporate counterparties.
Much of this information is likely to cross national borders and be exposed from time to time to physical and cyber security risk. Once the GDPR applies, and the risk of large fines and reputational damage increases, breach of the data protection rules could potentially sink the business (or at least cause it to take on water).
More details ....
Cyber Privacy Risks Advisors
Maritime Cyber Risks Blog