Law firm HFW and maritime cybersecurity company CyberOwl have joined forces to provide comprehensive technology and legal services to the shipping industry around cyber risk management and compliance.
In recent years there has been a marked increase in cyber-criminal activity. Put simply, as technology advances, so too do the skills of those seeking to exploit it. The growth of IoT provides ‘bad actors’ with more devices and connections to target, allowing them to become more sophisticated. These developments have contributed towards a huge uptake in cyber insurance in recent years. Now though, victims of ransomware attacks have begun to pay. Attacks and breaches now dominate the IT security news headlines. It stands to reason then that insurers must act, so here we look at changes to cybersecurity insurance in the wake of this rise in cyber-crime.
We would recommend a call to your broker, as the previous terms are almost certainly going to be different. Ask about new services too, and of course ensure that you have robust cybersecurity practices in place. This will be subject to higher levels of scrutiny moving forwards, and rightly so.
In line with the acceleration in cyber-crime, cyber insurance has experienced a fertile period. More policies than ever before have been issued, and the amounts of protection available have increased. In 2020, according to sources at Harvard Business Review, the first $1 billion cyber insurance programmes were launched. This is not difficult to imagine when you see the results of recent cybersecurity-related surveys. For example, the Hiscox Cyber Readiness Report 2021 revealed a 50 per cent year-on-year increase in 2019 for cyber losses. It also revealed that businesses were devoting more resources to cybersecurity than ever. Further key findings are as follows:
Coronavirus has certainly had a huge impact on most, if not all sectors. Organisations the world over have lost vast sums of income, with many succumbing to their losses. It has subsequently made some view cyber insurance as a luxury. Yet there is another, far more critical issue to cybersecurity insurance that is ‘changing the playing field’.
Ransomware is perhaps the foremost cybersecurity threat. According to CRIBB Cyber Security’s Patrick Carolan, “it (ransomware) has achieved a lot of success in recent years. Ransoms were set at relatively low amounts and were largely ignored. Nowadays, I believe that the average is over $100,000. They are often paid now too, which means that insurance companies must adopt a more robust approach.”
During the period of growth, many cyber insurers retained 60 per cent on every dollar paid in premiums. Security frameworks, policies and procedures of clients were often not thoroughly examined. Their level of cybersecurity awareness was largely overlooked. Carolan foresees a huge change in this:
“A lot of the people in cybersecurity insurance are leaving that area of the industry. Some are point-blank refusing to insure for ransomware. The ones that remain are therefore charging a lot more and insuring for less. They are also asking for a much higher level of proof of strong cybersecurity controls before issuing any policies.”
It is difficult to predict exactly what lies in store for those seeking cybersecurity insurance. However, it does seem likely that:
Carolan points out the ransomware attempts at cyber insurance companies as being key. “Cyber-criminals can uncover how much ransom they could demand from potential targets. They can find this information directly or through the cybersecurity insurance companies they use. It is vital then to protect cybersecurity policies. I would say you should remove them altogether from areas where they could be found.”
There have been cases where insurance companies have stated they will not pay any ransoms. Subsequently, they have been the victims of attacks. It is clear then that the industry is in a vulnerable position right now.
As stated previously, requirements for insurance are (understandably) becoming more stringent. Some companies are even implementing external vulnerability scans themselves. It makes sense then to carry out a scan beforehand, and CRIBB can help.
This article has been republished with permission from CRIBB Cyber Security. Read the original article here.
Seably has launched a dedicated and comprehensive cybersecurity awareness training course for the maritime sector in collaboration with marine insurance providers Alandia and maritime cybersecurity specialists Deductive Labs.
The University of Plymouth has been recognised for its work in developing software to protect the maritime industry against cybercrime.
Following a number of virus attacks on Norwegian companies, including maritime companies, the Norwegian Maritime Authority (NMA) is warning the maritime industry against the various digital threats, and providing a reminder of the importance of being well prepared when an attack comes.
Cybersecurity innovator OceanShield has announced a US $800,000 funding round from seed investment company Masik Enterprise, several angel investors, and grant funding. The company launched in 2020, building on extensive experience with industrial control systems protection and two years of lab research and trials spearheaded by co-founder and CTO, Dr. Dmitry Mikhaylov.
With new International Maritime Organization requirements on cyber risk management imminent, Campbell Johnston Clark (CJC) senior associate Richard Murray and IEIT Cyberlogic conclude that making ships truly cyber secure involves a marathon not a sprint.
Maritime Payment Solutions, ( ShipMoney), a provider of payment solutions for maritime companies, has introduced ShipMoney Secure, a security feature developed to help keep seafarer accounts safe from cyber-attacks.
The heightened threat of targeted and complex cyberattacks is prompting the maritime sector to look for ways to improve network security. In response to perpetrators continuing to devise new ways to exploit the vulnerabilities of a vessels network, Port IT has launched a fully maritime tailored Network Detection and Response (NDR) solution.
A new book, "Maritime Cybersecurity: A Guide for Leaders and Managers" by Gary C. Kessler and Steven D. Shepard was published in September to explore cybersecurity aspects of the maritime transportation sector and the threat landscape that seeks to do it harm.
Digital Ship magazine provides the latest information about maritime satellite communications technology, software systems, navigation technology, computer networks, data management and TMSA. It is published ten times a year.
Digital Ship Ltd
Digital Ship - Digital Energy Journal
39-41 North Road