Skip to main content
main content, press tab to continue

Ports and Terminals: Navigating the cyber insurance process

By Andrew Hill | May 23, 2022

As the surge in ransomware activity looks set to continue, we consider the trends, cyber security and why a strategic approach to cyber insurance is needed.
Cyber Risk Management|Marine

A good year for the bad guys

If the individuals behind ransomware attacks were running legitimate businesses, they would likely be feeling pleased with their recent results and forecasting a good 2022. The surge in ransomware activity, which has emerged as the dominant cyber threat in recent years, shows no sign of slowing down and continues to affect all business sectors across the global economy.

Ransomware trends generally

There are several trends that emerged in 2021 concerning ransomware activity which may give some insight into what the future holds. For example, according to a recent study published by Palo Alto, the average ransom demand rose to USD5.3m in the first half of 2021, representing a 518% increase on the previous year1. Meanwhile, in another study by Coveware, the average downtime for a business affected by ransomware in Q2 of 2021 was 23 days2 following an attack.

Ransomware trends for ports and terminals

Generally speaking, criminals using ransomware focus their efforts on where they are most likely to secure payment in return for those ‘efforts’. Recent events might suggest that, for the more entrepreneurial criminal at least, attacks against critical infrastructure might offer greater prospects of a return because of the importance such operations serve to the global economy3 and, so the theory goes, are more likely to pay up.

Ports and terminals in focus - ransomware attacks

This, arguably, makes operators of ports and terminals an attractive target for criminals. The following are just some of the recent ransomware incidents reported in the press which have impacted operators of ports and terminals:

  • Port of Cape Town – July 2021
  • Port of Kennewick – November 2020
  • Port of San Diego – September 2018
  • Port of Barcelona – September 2018
  • Long Beach Terminal – July 2018

Ports and terminals in focus – cyber espionage?

The supply chain is a fragile process in which ports and terminals play an integral role. It follows that any disruption to a port’s or terminal’s operations can have significant consequences. This makes ports and terminals susceptible to cyber criminals intent on causing widespread disruption. While financial gain is a common objective for cyber criminals, there have been incidents which suggest a political motivation e.g. causing economic instability within a nation state by targeting cyber-attacks towards operators of ports and terminals.

Cyber incidents affecting ports and terminals where there has been a suggestion of political interference include:

  • Several oil terminals in northern Europe – Jan/Feb 2022
  • Shahid Rajaee port terminal (Iran) – May 2020

cyber risk presents a significant threat to a port’s ability to provide a service critical to the global economy.”

Nick May | Client Relationship Director, Ports and Terminals, WTW

Nick May, Client Relationship Director, Ports and Terminals at WTW notes that “we have witnessed, with the advent of COVID-19, how fragile the global supply chain can be. Ports are integral to this. It is safe to say that, based on the reported incidents we’ve seen, cyber risk presents a significant threat to a port’s ability to provide a service critical to the global economy.”

Maritime cyber security – under greater regulatory spotlight

Cyber security requirements for operators of critical infrastructure such as ports and terminals are also being revised and bolstered by regulators. In Singapore, home to one of the world’s leading and busiest ports, for example, the government announced in March this year new initiatives4 to enhance the cyber resilience of Critical Information Infrastructure (CII) sectors, which includes maritime. These initiatives include a review and enhancement of the Cybersecurity Act and Cybersecurity Code of Practice, the regulatory frameworks outlining mandatory cyber hygiene practices and processes which CII owners must adhere to. This increased governmental focus reflects the need for elevating the state of cybersecurity for Operational Technology CII in light of the current risk landscape, namely, ransomware which has evolved into a major and systemic threat to national security and critical services.

Cyber security – the first line of defence

Given the events currently being witnessed, it is unsurprising, perhaps, that those responsible for risk within operators of port and terminals are increasing their focus on potential risk transfer options for ransomware and other cyber risks. All too often however, insufficient focus has been placed on network controls, i.e. the asset that requires protection, before seeking insurance. This potentially creates issues, principally that insurance is unobtainable or can only be purchased in return for a considerable premium.

those responsible for risk within operators of port and terminals are increasing their focus on potential risk transfer options for ransomware and other cyber risks.

Dean Chapman, Lead Cyber Risk Consultant at WTW GB, says that “given the exponential rise in ransomware activity globally, cyber insurers absolutely do not want to be brought in by organisations who consider cyber insurance to be part of their first line of defence. Those insurers will want to be satisfied that a full assessment of cyber risk has been undertaken prior to engagement in the risk transfer process. Our team’s focus is to work with organisations to ensure that cyber risk is managed in a way that never loses sight of the business’ wider objectives while, where appropriate, getting clients ready for the cyber insurance placement process, thereby maximising the prospects of a successful outcome.”

Cyber insurance – being strategic

The rise in claims activity, primarily brought about by ransomware, means that in many cases, engagement with cyber insurers requires a more strategic and considered approach than might have been deployed in a less challenging marketplace. As Sam Lucock, WTW’s lead broker for ports and terminal’s cyber solutions observes, “going to market prematurely with a risk profile that falls below insurers’ expectations can have far-reaching consequences for clients. A detail-oriented approach at the beginning of the risk transfer process may bring its rewards. Understanding the full scope of a client’s digital assets beyond binary questions in a proposal, allows us to present a prospect to insurers in the strongest light possible.”

In summary

  • Ransomware looks like it’s here to stay for the foreseeable future. In the words of Jeremy Fleming, Director of GCHQ, ransomware is popular among criminals because they “are making very good money from it” which goes “largely uncontested”5.
  • The more sophisticated criminals may look to target operators of critical infrastructure, such as ports and terminals, who have more to lose if a ransom is not paid. Criminals are no different to the rest of us – they don’t want to waste their time on lost causes.
  • The invasion of Ukraine has only heightened the risk of politically motivated cyber-attacks where the motive goes beyond causing financial damage to the target of the attack to one designed to cause instability with nation states. This arguably makes operators of ports and terminals more susceptible than ever before to cyber-attacks.
  • A hasty presentation to insurers of an organisation’s risk can be counterproductive. A successful risk transfer process in the current cyber insurance marketplace is available but does require increased focus on the controls in place to protect digital assets.


1 Palo Alto Networks, August 2021. Extortion Payments Hit New Records as Ransomware Crisis Intensifies

2 Coveware, July 2021. Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority

3 CNBC, May 2021. Colonial Pipeline restarts after hack, but supply chain won’t return to normal for a few days

4 CSA Singapore, March 2021. Review of the Cybersecurity Act and Update to the Cybersecurity Code of Practice for CIIs

5 The Guardian, October 2021. Ransomware attacks in UK have doubled in a year, says GCHQ boss


Global Head of Cyber Coverage & Innovation,
Cyber & TMT


Head of Marine Asia

Related content tags, list of links Article Cyber Risk Management Marine Marine


The Ports and Terminals Risk Forum

A dedicated community within the ports and terminals sector, delivering insight and risk management solutions to operators worldwide.


Contact us