Marine Cargo Insurance - Cyber Update

By Sean M. Dalton, Chairman IUMI Cargo Committee

Cyber represents a growing concern among cargo insurers. Due to the connectivity of IT networks, cyber signifies an enormous accumulation scenario which is not limited to a defined geographic area such as those exposed to natural catastrophes. The potential impact of a large, systemic cyber loss impacting infrastructure including the power supply, telecommunications and the internet represents significant exposure. The maritime domain and transportation industry have already been impacted by cyber events. These include GPS issues, such as “spoofing”, and outages like those caused by the NotPetya malware attack. In a recent publication from the Cyber Risk Management (CyRiM) Project, a Singapore-based public-private initiative that assesses cyber risks of which Lloyd’s is one of the founding members, a report was completed reviewing a hypothetical cyber-attack on major ports across Asia. The resulting impact could result in losses over USD $100 billion (“Shen Attack: Cyber risk in Asia Pacific ports,” 2019).

Approaches in cargo markets around the world vary ranging from policies being “silent”, containing exclusions, providing affirmative coverage, and offering defined limits. In the UK, the Prudential Regulation Authority (PRA) and Lloyd’s have made it clear that it is no longer acceptable to be “silent” on cyber and that insurers must either exclude the peril or provide affirmative cover. Cargo insurers in the UK are required to address this effective 1 January 2020. A sampling of the market association wordings that are available in the UK and US markets include CL380, JC2019-004, LMA 5402, LMA 5403, JCC Cl437, AIMU AI Cyber Exclusion Clause, and the most recent AIMU American Institute Cyber Exclusion and Limited Buy Back Clause (Cargo).

IUMI is clear in its Policy Agenda that it will support industry guidelines on maritime cybersecurity, including the work done by IACS, and encourage regulatory standardisation for cyber security. Recently IUMI hosted a webinar on cargo cyber risk that was presented by David Grant of CNA Hardy and Mike Roderick of Clyde & Co. to review the various clauses drafted by the Lloyd’s Market  Association (LMA) and the Joint Cargo Committee (JCC) for use by cargo insurers in the UK market and their differences. This webinar was recorded and is available via the IUMI website.