Digital transformation has been key for businesses in the last few years, and for shipping, 2017 was a turning point. Not only did the world see the first autonomous, robotic ships operate, but the industry also witnessed the dangers of digitalisation first hand: malwares, hacks, and cyber attacks.
Cybersecurity is a global issue that nations and businesses face on a daily basis. Recently, Jim Hagemann Snabe, Chairman of A.P. Møller-Maersk, said during a discussion about cyberspace, that Maersk was “collateral damage” in a state attack in June 2017. In November 2017, the Clarksons cyber security breach involved data, and soon, incidents like these (breaches involving data) will have legal and financial consequences.
The EU’s General Data Protection Regulation (GDPR)
This regulation coming into force on 25 May 2018 will not only affect businesses operating in Europe, but businesses who hold European citizens’ data. Companies will have to review their consent forms, and make them more concise.
The www.EUGDPR.org website says: “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.”
New data subject rights will come into force, one of which is Breach Notification, which requires companies to notify those whose data have been affected within 72 hours of first having become aware of the breach. Failure to comply with GDPR can result in a fine up to 4% of the business’ annual global turnover or €20 million (whichever is greater).
Maritime Cyber Risk Management: Insurance and Liability
Cyber security incidents can put business operations at risk and also human lives on the line. For example, the malware on a Mobile Offshore Drilling Unit a few years ago has incapacitated networks, forcing the well to shut down due to the high physical risk it posed to the seafarers.
“In June 2017, IMO’s approval of Resolution MSC.428(98), Maritime Cyber Risk Management in Safety Management Systems, was a tremendous development in maritime cyber risk management. Shortly after the approval of the IMO resolution, an industry working group released the second edition of The Guidelines on Cyber Security Onboard Ships. Building on the first edition that was released in January 2016, the second version is more comprehensive, includes information on insurance issues, and is aligned with the recommendations given in the IMO’s guidelines. These developments may help the U.S. Coast Guard move forward with regulations and/or develop further guidance on maritime cyber risk management”, said Kate Belmont, Associate at Blank Rome, at the Shipping2030 North America event in November 2017.
With technologies evolving rapidly in the maritime industry, connectivity will increase cyber risks and the opportunities for hackers to breach organisations. Questions over liability have already come up in relation to autonomous shipping because maritime laws and conventions assume a crew on board.
“Autonomous technology has the potential to improve safety but a critical element will be whether there will be sufficient backup when things go wrong”, said Captain Rahul Khanna, Head of Marine Risk Consulting at Allianz Global Corporate and Specialty.
“Any Insurance cover will also need to address the cyber risk”, wrote Ceri Done, Partner at Thomas Cooper Law.
Belmont noted that the gap in cyber risk insurance makes the maritime industry a new market, not just when autonomous ships come to seas, but even now.
“Normal off-the-shelf coverage generally does not cover all liabilities related to cyber risk”, Belmont noted. “Talk to your lawyers, talk to your carriers, to ensure proper coverage for cyber related incidents.”
Cybersecurity questions in the industry have been pressing, especially in the last few months. But like many other digital developments in the industry, the experts suggest cooperation and collaboration to find the right answers.
“In a digital world, individual organizations will not be able to defend themselves alone”, wrote Amit Basu, Chief Information Officer at International Seaways.