Shipowners, shipping firms, and ports and terminal operators have been warned of the growing threat of cyber attack on the supply chain.
The International Underwriting Association’s (IUA’s) Cyber Underwriting Group has published a report on the issue finding that insurance coverage of data breaches is not straightforward.
The report examines the threats to the wider business community but an attack in the marine sector is flagged up as proof of the threat it poses.
“In the physical world, supply chains can be long and complicated, as well as spanning multiple continents,” the report says. “Consequently, property damage at a key supplier or customer can be just as detrimental to a company as damage to its own property. Contingent business interruption coverage has been available as part of property policies for a number of years so as to address this type of risk.
“Just as physical damage can disrupt a supply chain, so can a cyber event. Global shipping company Maersk was a victim of the Petya/NotPetya attack in June 2017, which meant that it was unable to dock and unload containers at some of its 76 ports worldwide. This had the consequential effect of causing disruption to those companies awaiting delivery of the products and materials held on those vessels that were unable to dock.
“The impact of this type of incident on a single company will be greater if a number of its suppliers within its own supply chain use the same cloud or outsourced services provider, given that a greater proportion of the supply chain will be disrupted. The above incident illustrates how one event can impact multiple companies. It is therefore critical that companies consider all cyber risks within their own supply chain to ensure that these types of contingent business interruption risks are identified.”
Matthew Hogg, chairman of the IUA Cyber Underwriting Group, said, “The continued education of businesses about cyber risk exposures is an essential task, both at an operational risk management level and in the boardroom.
“As cyber is a relatively new and continually developing area of insurance, the range of different cover available can be quite extensive. It is not available as standard across the market and so requires a discussion between clients, brokers, and underwriters to ensure that policy wordings meet business needs and will respond appropriately in the event of a loss.
“It is clear that the cyber risks faced by a business can be complex. The business interruption consequences of a cyber incident can also be significant. It is therefore crucial that companies fully explore the possible ways in which cyber events could affect their business and therefore identify the key operational risks.
“As cyber is a relatively new and ever-developing area of insurance, policy coverage and wordings can vary considerably. It is therefore important for companies to compare these wordings to their key risks to ensure that the coverage that is bought meets the needs of the business.
“Given that cyber business interruption coverage is not standard across the market, a three-way conversation between the company, their broker, and underwriters will assist in ensuring that the cover that is purchased will respond appropriately in the event of a loss.”