StopLoss: risk focus - cyber
The maritime industry's reliance on computers and its increasing interconnectivity within the sector makes it highly vulnerable to cyber incidents. Cyber poses a threat to all parts of the shipping sector; Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and technological networks.
With the number of cyber attacks targeting the shipping industry on the rise, TT Club and worked with the UK Club and industry experts to produce the following guide for Members on how they can help prevent losses and disruption due to malicious cyber activity.
Introduction
On 27 June 2017 the shipping giant A.P. Moller Maersk fell victim to a global malware attack known as ‘NotPetya’ also referred to as ‘ExPetr’. Online cargo booking was consequently impacted, forcing staff to use personal email accounts to respond to critical emails. As key processes relied predominantly on IT systems, personnel were forced to resort to manual processes. It took almost one week for all services to resume and for the shipping firm to regain total control of its systems.
Maersk has since revealed the attack caused congestion in as many as 80 ports operated by APM Terminals and cost the company as much as USD 300 million. Estimates suggest the global ransomware attack resulted in losses of at least USD 850 million, with predictions of future attacks to be in the billions as economies increasingly rely on IT infrastructure.
This untargeted incident highlights the shipping and logistics industry’s vulnerability and perhaps more importantly, the need to adopt appropriate response protocols. In early 2017, SeaIntel revealed 44% of the top 50 carriers have weak or inadequate cyber security policies and processes, including weak passwords, delayed installation of security patches and the use of unencrypted web browsers. Given this current state and increasing automation in the maritime and logistics industry, it is inevitable companies will require a robust information security management system.