Marine sector warned of physical cyber threat

International Union of Marine Insurance (IUMI) president Dieter Berg. Credit: IUMI
International Union of Marine Insurance (IUMI) president Dieter Berg. Credit: IUMI

Marine insurers are to have access to a new disaster model, which will enable underwriters to assess a new breed of cyber threat to their clients.

Modelling firm Risk Management Solution (RMS) has released an updated version of its CAMS cyber model, which highlights the greatest concerns for insurers as the potential for cyber-physical attacks to trigger fires and explosions, or to cause major industrial accidents or system failures that could lead to large losses or systemic claims across multiple insureds.

It warned, “Cyber-physical attacks have the potential to cause claims on traditional policies that do not explicitly exclude cyber as a proximate cause, but include the consequential perils of fire and explosion, water escape, or other destructive processes. Lines of business that could potentially be impacted include marine, aviation, energy, casualty liability, and property.”

RMS’s CAMS Version 2.0 includes an additional suite of scenarios that can be used by insurers to test their exposure to cyber-physical attacks and identify their silent exposure in policies in several lines of business, including commercial and residential property, marine cargo, industrial facilities, offshore energy, and a variety of other lines impacted by cyber-induced power outage scenarios.

While cyber risks are costing global business billions of dollars, there is a lack of cyber risk models for the insurance market to utilise in order to accurately assess its exposures and price risks.

The modelling firms are working to create the models, but unlike physical risks, such as earthquakes, hurricanes, or floods, the modelling firms do not have hundreds of years of data with which they can create scenarios and provide exposure estimates.

The other issue is the changing nature of the threat from cyber risk, be it technology failure or cyber attack, as the risks and threats continue to change at a rapid rate.

RMS and the wider insurance sector see the rise in the use of technology in ports as a major vulnerability for the maritime sector.

RMS cited one example of the threat to marine insurers. “Cyber criminals gain access to a port management system in use at several major ports. They identify high-value cargo shipments and systematically switch and steal containers passing through the ports over many months. When the process of theft is finally discovered, the hackers scramble the data in the system, disabling the ports from operating for several days. Insurers face claims for cargo loss and business interruption in their marine lines.”

Speaking in London earlier this year, International Union of Marine Insurance president Dieter Berg used the greater automation of ports as the example that highlights the opportunity and threat presented by technology.

He said that the ability to track cargo and containers across the world delivered a number of benefits, as did the ability for ports to give logistics companies exact time and place information for the collection of containers from the facility.

However, he cautioned that should such systems be compromised, the potential loss and disruption would be considerable.

Hemant Shah, RMS co-founder and CEO, said, “Recent events have demonstrated just how dynamic the world of cyber risk can be. Records for the most severe incidents have been broken for many of the loss processes we model – the largest volumes of data exfiltrated from companies, the most intense denial of service attacks, the biggest financial theft attempts.

“Unprecedented numbers of zero-day exploits became freely available to cyber criminals. Systemic cyber heists were carried out on dozens of banks through ingenious corruption of their networks of trust. Cyber risk has become politicised. Regulatory and legal frameworks are changing across the world.”