What You Must Know About Cyber Security & BIMCO's New Clause
The issue of cyber security is nothing new but before 2010 most cyber attacks were carried out on individuals. Innocent people who, usually, through a combination of bad luck and naivety when it came to protecting themselves online, found themselves defrauded out of financial or personal data.
That may only be less than a decade ago, but in terms of technology it’s light years.
What you must know about cyber security and BIMCO's new clause
Needless to say since then hackers and fraudsters have set their sights on bigger game: companies and organizations across all industries - and that includes the shipping sector.
The days of receiving emails in our personal inboxes from so-called princes with an eye-wateringly huge inheritance to share seem almost innocent compared to the serious damage that today’s attackers can inflict on unsuspecting businesses.
Their highly sophisticated cyber attacks can cause untold harm to property, operations, finances and reputation by seizing control of industrial control systems.
And that’s very bad news for the maritime industry thanks to our dependence on software that’s necessary for the secure and stable running of operations, both on board vessels and in ports: ship navigation systems, cargo handling systems, propulsion systems, dockyard inventory systems, container tracking systems…The list goes on and the potential for catastrophe is huge.
Furthermore, this is not just a hypothetical situation, a what-if, or a ‘it won’t happen to us’. Accomplished cyber security hackers have proven that they have the capabilities to infiltrate many of the systems that shipping companies use today.
You only have to read the maritime industry news to see just some of the devastating attacks that some very well known companies have had to weather. It is a sad, but necessary, fact of life that cyber security is something that maritime organizations now have to spend time, energy and money fighting.
A crucial focal point for the maritime industry
One of the organizations helping to tackle cyber security issues in the shipping industry is BIMCO which has developed the BIMCO Cyber Security Clause and co-authored Industry Guidelines on Cyber Security Onboard Ships.
A joint venture by a team that was headed up by Inga Frøysa of Klaveness and included law firm representatives, P&I clubs and shipowners, the guidelines were published at the end of May.
Helping shipowners and managers combat cyber security risks
Purposefully written in comprehensive terms so that it may be used in a variety of different contracts, the clause aims to help those affected by cyber security issues obtain financially viable insurance in the event of a cyber attack thanks to its introduction of a price cap on liability for breaches of security.
Using a two-pronged approach, the clause also demands that a party affected by a security breach is held accountable for sharing immediate relevant, and then more detailed subsequent, information with the other parties.
The aim being, of course, damage limitation and quick resolution of the issue.
As for the degree of cyber security that is demanded, this will be contingent on factors such as the size and location of the company and the nature of its business.
However, participants are obliged to enforce an ‘appropriate’ level of security of their own and use reasonable effort to make sure that anyone who provides third party services in relation to the contract also operates using a satisfactory degree of protection.
How to protect your shipping company from cyber crime
All shipowners and managers owe it to themselves, their company, their employees and their clients to maintain a secure posture in the face of the ever increasing cyber attacks on the maritime industry.
That includes ensuring that the systems and platforms you use are running on the most up-to-date (and therefore most secure) versions - preferably in the cloud.
You need to make sure employees are trained in basic elements of cyber security such as creating secure passwords and not clicking on links or attachments in emails, you use two-factor authentication for logins, and you carry out risk assessments.
At Martide we take our clients’, our users’, and our own safety extremely seriously which is why we host our SaaS platform on Google Cloud Google Security Whitepaper. We also strive to maintain the privacy of all users and contacts within our system.
For you, as a shipowner or manager, you get peace of mind knowing that we separate your data through an access control feature that is based on company, users, and roles.
It allows you to invite only those employees and team members that you want to have access to your data, and set permissions so you can control what they can see and do.
To learn more about how our efficient and safe recruitment and crew management solution can make your life easier, get in touch with us now.
Eve is Martide's content writer and publishes regular posts on everything from our maritime recruitment and crew planning software to life at sea.