Global impact of cyber breach on APM Terminals muted, analyst finds

APMT's fully automated Maasvlakte II facility was severely impacted by the cyber breach on Maersk Group. Credit: APMT
APMT's fully automated Maasvlakte II facility was severely impacted by the cyber breach on Maersk Group. Credit: APMT

The Maersk Group cyber security breach that caused vessels to be delayed and upset schedules was relatively short lived from an APM Terminals global perspective, although vessel handling at some terminals was affected more than others, according to analysis by SeaIntel.

In its analysis of the impact on Maersk’s terminal division of the 27 June cyber attack, SeaIntel found that from a vessel handling perspective, the effect was not far outside the normal operational fluctuations, and APMT had largely continued operations as normal.

There were exceptions, however, such as at APMT’s fully automated Maasvlakte II terminal in Rotterdam where operations were severely impacted. There were no new arrivals at APMT Massvlakte II from 29 June until it started operating again on 6 July.

SeaIntel said to APMT’s good fortune, the terminal most affected by the incident was in a port where they had an alternative terminal.

But it was in the area of vessel reliability where the cyber breach impact was really felt. The analyst said in the days immediately after the incident, there was a significant decrease in schedule reliability of the vessels that called APMT berths.

The average reliability of these vessels in the weeks before the incident was 74%. Following the incident, reliability remained at 73% on 29 June, but then dropped precipitously to 58.8% on 30 June, and remained around 55% for the following two days.

“This suggest that delays started happening as vessels got backlogged, and possibly also as a consequence of the Maersk vessels slowing down as Maersk Line vessels has a high ratio of the calls in APMT terminals,” the analyst reported.

“Since then, there has been a rebound in the average reliability of the vessels, to the same level of fluctuations that was observed before the incident.”

However, SeaIntel pointed out that it was only able to analyse the patterns of vessels calling at APMT facilities, but could not from the data determine if the containers on board those vessels were handled as intended, as such information was only available to APMT and the carriers that have contracted with them.

“It is very likely that not all containers have been handled correctly, and that shippers have faced difficulties in getting their containers released, but this is purely speculation, as the data detail does not support this,” the analyst said.

Shippers reported difficulties in accessing their containers in the days after the cyber attack, which was hardly surprising as Maersk was forced to shut down its IT and communications system and revert back to a manual operation. This affected cargo bookings and EDI messages used to communicate with customers.

In a concession to shippers, Maersk Line said it would waive demurrage and detention charges for cargo that it was unable to release after the cyber attack.

“We recognise the disturbance caused to your business, and will therefore waive demurrage and detention during the period when the system outage impacted our ability to release your cargo,” the carrier said in a customer update this week. “In most places this period covers June 27 to July 9, but there may be local variations based on when the containers were made available for import release.”

The NotPetya virus spread through computers worldwide on 27 June. It was initially believed to be ransomware but is now thought to have been designed to wipe computers outright, and it temporarily shuttered Maersk’s shipping and terminal arms.

Maersk Line’s Asia Pacific CEO Robbert van Trooijen explained to reporters recently the impact the virus had on the group, forcing it to shut down its entire IT and communications system, which eliminated communications internally and with customers of Maersk Line, Damco, and APM Terminals.

“It is an enormous task going from completely manual operations a few days ago to being fully automated once again. We shut our business down completely to ensure the initial virus did not spread,” he said.