In an increasingly digitised and connected information environment, the maritime industry is facing unprecedented levels of threat to its cyber security.
This threat manifests itself in many forms: from phishing attacks to trigger ransomware or other malicious code, through attacks on infrastructure or ship systems for financial or political aims.
The US Coast Guard (USCG) have issued guidance to inspectors on how to enforce the IMO Cyber Risk Management Guidelines that come into force on 1st January 2021 for all ships trading to the United States.
Frequently asked questions
Cyber - Frequently asked questions PDF (274 KB)
Why do you need cyber protection?
Carriers now often use extensive electronic systems throughout their businesses - such as e-commerce portals, websites and fleet communications systems - and modern ships place far greater reliance on automation in functions like propulsion and navigation. Integration and communication between all these systems multiplies potential for a cyber event to cause widespread damage at head office and into the fleet, as well as risking vessel downtime or even physical damage or loss.
Historically, protection against these risks in shipping has largely been inadequate however. Insurers commonly exclude cyber risks from marine policies and there is often insufficient cyber awareness and training throughout organisations both afloat and ashore.
The growing threat of a cyber event has been met with new regulatory requirements. Shipowners will need to demonstrate that cyber risks have been adequately addressed in their Safety Management Systems after 1 January 2021, as follows:
- Understanding the threats and potential consequences
- Improving resilience and defence
- Enabling quicker recovery from failure or attack
- Aligning the business from top to bottom to recognise and address cyber risk
- Purchasing risk transfer products
Astaara - a comprehensive solution
West is proud to have partnered with Astaara, a cyber risk services company dedicated to providing integrated, holistic risk management solutions for the maritime industry.
Unlike other providers who only offer services or products to tackle discrete pieces of the complete cyber threat, Astaara - through its flagship offering AstaaraCyber - provides a complete risk management solution for shipowners, the offshore industry and port operators. AstaaraCyber is comprised of two component parts.
Astaara Risk Management is a marine cyber risk management consultancy which works with clients to measure and improve their cyber risk profile through a five-stage process. Building a picture of an organisation’s cyber enterprise risk management increases resilience against cyber threats and enhances business continuity planning to ensure rapid recovery should an event occur.
In the traditional marine insurance market, cyber cover - where it is available - has to be purchased separately across different lines. Business Interruption is often not a covered risk and there may be no cover available for shoreside operations. By contrast, with AstaaraCyber:
- Cover is available for all a client’s business, including shoreside
- All areas of cyber are insured in one place
- Defence & Remediation is covered
- Loss of Revenue/Business Interruption is available
- Physical loss and Liabilities are also covered
Astaara provides maritime companies with a comprehensive risk management / risk transfer response to the growing cyber threat they face.
As the maritime industry landscape changes, with advances in technology and the use of big data, the risk of cyber attacks increases.
The West of England Group
The West of England Group is a leading global provider of maritime insurance and risk management solutions that has been helping to protect shipowners, operators, and charterers since 1870.