Vessels are becoming more connected to shore-based systems, meaning the cyber threat is ever-evolving - from crippling ports and terminals to spoofing attacks on ships.
The shipping community has grown more alert to cyber risk over the past couple of years, in particular in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations. Since then a number of ports and shipping companies have been hit by ransomware attacks, including the Mediterranean Shipping Company (MSC), which suffered a network outage in April 2020 from a malware attack.
"Events have shown that shore-based facilities - such as port infrastructure, terminals and shipping company IT systems - are particularly exposed to cyber risks. Shipping companies are alert to cyber exposures and are increasingly interested in specialist insurance cover, especially for onshore operations. When it comes to cyber exposures for vessels, some shipowners are more relaxed because they believe ships have less connectivity and higher levels of redundancy," says Volker Dierks, Head of Marine Underwriting, Central and Eastern Europe at AGCS.
"However, modern shipping is increasingly connected to shore-based infrastructure through shipboard systems, including those used for navigation, monitoring engines and cargo management. Such systems could be hacked or infected with malware so it makes sense to protect them with risk mitigation measures including cyber insurance."
In February 2019, the US Coast Guard revealed a large commercial vessel bound for New York suffered a malware attack that degraded functionality after targeting the on board network. Recent years have also seen a growing number of GPS spoofing incidents, in particular in the Middle East and more recently China. A study by the Centre for Advanced Defense Studies (C4ADS) found hundreds of vessels around Shanghai were spoofed against over a period of months.
One area where ship-owners are growing increasingly concerned about cyber is in the context of conflict, according to Dierks. "War is not only fought with physical weapons. As modern vessels become increasingly dependent on computer and software, and with heightened geopolitical risks, the threat of cyber to the shipping industry is significant.
As cyber risk has evolved, so has marine insurance. Insurers have been clarifying cyber coverage in traditional marine insurance policies as well as developing specialist insurance. Allianz, for example, now offers additional hull and machinery cover specifically for cyber risks.
"The gap between cyber and marine insurance has been narrowing. There is a high level of interest and a willingness to discuss and appreciate what insurers have to offer, especially as vessels become more connected to shore-based systems, says Justus Heinrich, Head of Marine Hull Underwriting, Germany at AGCS.
The coronavirus outbreak is impacting the cyber risk landscape too, with reports of maritime and offshore energy companies having faced a 400% increase in attempted cyberattacks since the pandemic began.
Download AGCS Safety Shipping Review 2020 report