Maritime Cyber Target


According to Sjaak Schouteren, partner in the European Cyber team at JLT Specialty, the maritime sector is constantly embracing new business models and technology, but unfortunately this has made them a target of cyber criminals.

The innovative and rapidly evolving nature of the maritime industry has meant that shipping companies are used to great structural change within short spaces of time. This change has impacted their risk profile, especially with regard to cyber risks, therefore identifying their critical systems, assets and stakeholders and pinpointing any potential access points is crucial for their survival.

There are two major differentiating factors between the maritime industry's cyber risk and other industries. Firstly, their convergence of IT and Operational Transformation (OT) systems makes them more vulnerable to hackers. OT systems were only designed to last for 10-20 years; the majority were not built for internet connectivity. As a result, they are not subject to extensive maintenance and updates like IT systems and may be left unpatched.

Secondly, their supply chain includes a vast number of stakeholders who will all be affected in the event of a cyber-incident at a port or terminal. At least 17 terminals were affected during the Maersk attack, which resulted in significant losses for logistics company, Damco. The breach took them from a USD 12 million profit during the same period to a USD 8 million loss the following year. To remedy this, adequate and regular risk assessments need to be in place to ensure that response protocols are up to scratch.

Recent cyber incidents have exposed how dependant maritime and transport supply chains are on information and communication technology. They also highlight how cyber risk and business interruption can appear in unexpected forms.

Traditional insurance policies - such as hull and liability, cargo and port operator insurance - increasingly contain cyber exclusions, which can potentially leave shipping companies uninsured when in need. However, standalone cyber insurance can be tailored to fill any potential gaps in traditional portfolios. This has led to increased demand from shipping companies and port operators for bespoke protection, as their cyber risk awareness grows. Standalone cyber can also offer access to IT security/forensics, legal representation and PR consultants to ensure that your business is covered in both the short and long term, which is vital in this current period of vulnerability.