Fact or fiction?
While any rewards are invariably well articulated, many misconceptions continue to pervade cyber risk – and it’s the consequences of these “cyber myths” that could result in significant financial cost.
Here are several cyber risk misconceptions that exist within the maritime sector to watch out for:
01
An organization that relies upon technology for any aspect of its operation has cyber risk. The maritime sector is therefore exposed to the same cyber risk as any other industry sector. Note the recent study by Naval Dome which reported a 400% increase in cyber-attacks against the maritime industry between February and June 20201.
02
Cosco2, MSC3 and most recently, Carnival4, are just three high-profile examples of companies in the maritime sector who were targeted by cyber-criminals. You do not, however, have to be a target in order to suffer the impact of a cyber-attack – just ask Maersk5 and many others, who were collateral damage in a cyber-attack whose target was Ukraine. It is well documented that Maersk suffered significant financial harm as a result of the attack.
03
Putting the right controls in place is a crucial element of cyber risk mitigation. Such controls, however, can only ever minimize the vulnerabilities in the network and/or decrease the likelihood of the threat. It is impossible to eradicate the risk altogether. Moreover, insider threats remain an issue. Employees make mistakes and, on occasions, seek to deliberately cause their employers harm.
04
This, of course, could be correct depending on the terms of the insurance contract. Hull and machinery policies, however, typically exclude loss or damage where caused by a cyber-attack. In some cases, policies may be silent on whether loss arising from cyber risk is covered or excluded, which potentially gives rise to uncertainty.
05
This is incorrect. For example, in 2008 a pipeline in Turkey exploded after cyber-criminals hacked into the pipeline’s control systems. Similarly, in 2014, hackers accessed the control systems of a steel mill in Germany causing significant physical damage. Whilst there have been no reported cases of physical damage to vessels caused by a cyber-attack, the increased reliance upon operational technologies such as GPS, AIS and ECDIS on board vessels, may increase the threat of physical damage.
06
While cyber threats are the same regardless of the sector, the way in which they impact organizations can vary enormously. Traditionally, cyber insurance solutions were drafted on a ‘one size fits all’ basis. Cyber risk poses unique challenges and exposures for the maritime sector, however. This is why Willis Towers Watson has developed CyNav, an insurance policy designed by cyber and marine specialists, specifically to meet the needs of the maritime sector.
1 Naval Dome: 400% increase in attempted hacks since February 2020, 5 June 2020: https://www.offshore-energy.biz/naval-dome-400-increase-in-attempted-hacks-since-february-2020/
2 https://www.cybersecurity-insiders.com/cyber-attack-on-cosco/
3 https://www.cybersecurity-insiders.com/mediterranean-shipping-company-msc-hit-by-a-cyber-attack/
4 https://www.infosecurity-magazine.com/news/carnival-cruises-danger-ransomware/
Andrew joined Willis Towers Watson’s Cyber and TMT team in February 2018 having spent several years practising as an insurance lawyer at a leading law firm in the City of London, during which time he advised insurers and their policyholders on cyber risk.
Prior to joining Willis Towers Watson, Andrew was listed in Legal 500 as a ‘Next Generation Lawyer’ where he was commended for his expertise in the field of cyber insurance.
Andrew is now responsible for advising clients their cyber risk and developing solutions for their specific requirements. He is the co-author of WTW’s proprietary wording, CyCore, and recently drafted CyNav, a sector specific insurance policy for organisations in the marine sector, which was successfully launch in April 2020.
