Maritime sector starting to address cyber risk

There is a lack of understanding of cyber risk. Credit: Getty Images
There is a lack of understanding of cyber risk. Credit: Getty Images

A leading cyber security risk expert has told IHS Markit that the maritime market is making progress when it comes to cyber risk.

Steve Williams partner, Governance, Risk & Assurance, at consultancy Moore Stephens said that the industry was at present the most “fascinating” sector for cyber risk.

“I spoke to a conference on maritime cyber security in 2011 and was scathing,” he said. “I said that the industry’s risk management was non-existent and was told that if the worst happened they could go back to navigating with a compass and sextant.

“It highlighted the lack of understanding of the risks they faced.”

However, Williams said that while it has been behind the curve compared to some industries the maritime sector is making progress.

“There are certain business sectors such as financial services, banking, and insurance which are seen as leading the way,” he explained. “However, they are being driven by the fact they are regulated businesses and the regulators can dictate standards. However, there is also the flip side in the fact that these are high profile targets and as such have a higher threat of cyber-crime.”

Williams said that the insurance industry was working hard to get a handle on cyber risks that affect their clients but that part and parcel of that risk assessment is the understanding clients have of the cyber threat’s they face.

As new technology plays an increasing part in the maritime sector and global supply chains become ever more complex, Williams said, the temptation for many businesses was to see the benefits technology can bring and fail to give the necessary attention to the risk that came with it.

“We are seeing greater ship to ship communication and with that will come new risks,” explained Williams. “With new technology ships can open themselves up to the internet and the threats that can bring.”

However, He said the industry was waking up to the threats.

“I think there had been little progress since 2011 up until BIMCO published its guidance early last year and the IMO has moved quickly on the issue. The maritime sector has made progress and it is getting there.”

Williams added, “The issues the industry needs to look at is not the ‘Hollywood’ style catastrophic event risks but the day to day threats that have the ability to cause damage and loss.”

“The maritime market is the most fascinating sector for cyber risk at present because of the speed of change it is undergoing, and will continue to experience.”

For marine insurers, the issue remains how to define the risk.

“Insurers have been told by their regulators to beware of latent cyber risks,” added Williams. “These are risks that may not have been defined as cyber but have a technology component. The issue for the insurers for instance is that if a navigation system fails and a vessel is grounded the damage remains physical even if the cause was an impairment of technology. Lloyd’s has published new research which has gone a long way to defining cyber catastrophes, but insurers are still struggling to come up with a clear definition of what constitutes a cyber risk.”

The IHS Markit Maritime Cyber Security Survey 2017 is now live!