Insurers see a rush to place cyber policies to protect against business interruption and ransom demands

By Adam Corbett

in  London

The Colonial Pipeline cyber-attack has sparked fresh interest in insurance cover amid concern shipping companies and individual ships could be next in line.

The incident follows a reported increase in cyber-attacks on the operating systems of shipping companies in recent years.

Thomas Brown, chief executive at cyber insurance policy provider Shoreline, said: “Shipping companies are now squarely within the crosshairs of the cyber criminals’ list of targeted, high-value opportunities… Shipping companies are at the top of the cyber criminals’ list.”

He said shipping is a highly transactional business requiring large payments. There is a high degree of transparency over financials and an increasing reliance on computer systems. Worryingly, he said, there are multiple sea and shore-based doors for hackers to access.

Shipowners are also becoming increasingly aware of gaps in insurance cover. Cyber exclusion clauses have been made explicit in hull and machinery and other marine insurance policies since last year.

Reinsurers are likely to add a cyber exclusion clause when the International Group of P&I Clubs’ huge reinsurance contract comes up for renewal next year.

Ransom payments covered?

Many marine-related cyber policies — such as those provided by Willis Towers Watson and Astaara — will cover ransom payments. But there is a question mark over how long that will continue after insurer Axa recently removed the payment of ransom from its insurance cover for malicious cyber-attack.

The payment of ransom by insurers is a thorny issue as it could be viewed as encouraging criminality and could be associated with terrorism and sanctions breaches.

One legal source told TradeWinds: “Before paying out a ransom demand, insurers must conduct the relevant due diligence checks to determine whether the cyber-attacker is in any way linked to a sanctioned entity or jurisdictions. Failing to do so may result in a breach of relevant sanctions regimes or anti-money laundering cyber-terrorism regulations with serious consequences.”

Brokers said the main concern for shipowners is still with business interruption rather than paying a ransom.

Willis Towers Watson global marine chief executive Ben Abraham said: “The Colonial Pipeline shutdown in particular highlights the sensitivity surrounding those sectors which are reliant upon operational technology, of which marine is one.”

Richard Adler chief commercial officer at Atlantic Insurance & Reinsurance Brokers said: “Shipowners are struggling to see why they, let’s say a small to medium-sized very privately run family owned company, should be targeted. But cyber experts have little doubt that today’s supply chains enable larger exposure even to the smallest party in the chain.”

“Most shipowners that have had a good look at this do worry about the business interruption aspect and systems recovery of a cyber event and less so about finding one of their ships being cyber high-jacked and made to pay ransom,” he added.