Thursday, September 20, 2018

Cyber Security Boss Says Marine Insurance Industry is Outdated and Needs an Update

Call to Scrap Clause CL 380
Shipping News Feature
SOUTH AFRICA – ISRAEL – WORLDWIDE – The boss of Israeli headquartered cyber security outfit Naval Dome has called on marine insurers to revoke the controversial Clause CL 380 and implement policies that insure against the risk of cyber-attacks on ship systems. Speaking in Cape Town during the International Union of Marine Insurance’s (IUMI) annual conference, Naval Dome CEO Itai Sela said that with the maritime industry increasingly moving towards connected, cloud-based technologies and autonomous operation, a 15-year-old Clause that excludes damage to computer systems, code or software is archaic.

The state of the industry, and the vulnerabilities of merchant shipping are well known and have been the subject of several reports in the past couple of years. The Clause in contention reads:

  • Subject only to clause 1.2 below, in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to, by, or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process or any other electronic system. 2.1: Where this clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, Clause 1.1 shall not operate to exclude losses (which would otherwise be covered) arising from the use of any computer, computer system or computer software program or any other electronic system in the launch and/or guidance system and/or firing mechanism of any weapon or missile.
Sela suggested the maritime industry should follow the automotive sector’s lead. The sector has introduced software-based safety solutions to road vehicles that, despite not being initiated by the insurer, have proven to protect drivers (and insurers) against theft or damage, which helps towards mitigating risk and reduce premiums. He said:

“Why do insurers continue to implement CL 380 when there is a high probability that a computer will be hacked and, importantly, when there are many different ways and means of protecting shipboard computer systems?

“What we have is an industry on the cusp of a technological change. The rapid implementation of advanced autonomous technologies and machine learning capabilities will change the way in which ships are operated, but such developments will also leave the industry open to more system breaches and unauthorised intrusion unless there are systems and policies in place to mitigate against such risks.

“Why then, considering the current evolving maritime situation and the increase in cyber-attacks, which the insurance sector repeatedly warns of a need to protect against, is there no cyber insurance policy?”