Marine insurers begin risk modelling for port cyber attacks

Marine insurance industry concerned about the scale of loss were there to be a cyber attack on a port. Credit: PA
Marine insurance industry concerned about the scale of loss were there to be a cyber attack on a port. Credit: PA

Insurers are set to get a new catastrophe model that will focus on the threat of a cyber attack on a major cargo port.

Broker Aon Benfield has partnered with modelling firm RMS to create a range of new cyber risk models as insurers look to manage the exposures of major attacks on key infrastructure and industry.

The broker said the global losses from cyber crime is estimated to be as much as USD1 trillion, and the figure is expected to rise to between USD2-3 trillion over the next three years.

The average cost of a data breech has been put at USD4 million, added Aon.

In an effort to quantify the threat, RMS has been working with the broker on a range of cyber threat models with the cargo port model due to be released in the coming weeks.

Mark Lynch, cyber and specialty catastrophe modeller at Aon Benfield told IHS Markit “The full scope of the model will be known when it is launched in two months but RMS are looking to replicate some of the work which has been undertaken by Lloyd’s on modelling cyber risks.”

He added that Lloyd’s has a marine cyber realistic disaster scenario (RDS) that involves a large number of cargo vessels impacted at the same time and the potential exposures that could cause.

“The concern for the industry is the potential scale of the losses should there be a concerted cyber attack in a port. Modern ports depend on systems to identify and move cargos,” Lynch said. “If those automated systems were disrupted, port authorities would have no ability to track cargos in terms of whether they were on vessels and where those vessels were heading. It has the potential to cause serious and lengthy disruption.”

Lynch noted that the model will look to map the exposures and also take into account the level of cyber cover that has been included in marine or standalone insurance covers. The lack of historical data put the cyber threat on a par with another dynamic risk, he said.

“In many ways the closest cousin to cyber when it comes to models is terrorism,” Lynch explained. “Both risks have fewer data points and tactics used to launch such events can and do change. There is also the ability to counteract the threat with security measures, something you are unable to do with, say, a hurricane.”