Under-insurance exposing shipowners to risk is a common problem
Thursday, June 17th, 2021 in: News
Many shipowners buy ship physical damage cover, but that doesn’t fully cover the risks that you are exposed to in relation to a cyber-attack.
One of the most common responses we hear when discussing cyber marine insurance with shipping companies is ‘we’re covered because we’ve reinstated a cyber exclusion in a hull policy.’ But what many shipowners don’t realise is that being underinsured only comes to light when a claim is made. The risks attached to a cyber-attack far exceed simply ship damage, and can have significant implications on the wider business operation.
The reality is that over time risks have changed dramatically; at one time physical damage cover was all that was available to the marine community – however the market has moved on and the risks around ship operations and cyber have changed.
Since the implementation of the IMO 2021 Cyber Guidelines there is a significant risk of business interruption should you be unable to provide evidence to a Port State Inspector that you are regulatory compliant, and therefore cyber-seaworthy.
A good example is the USCG, which has given clear instructions to inspectors to detain ships that fail basic cyber hygiene on board, and in the worst cases expulsion from the jurisdiction. Paris MOU nations will undoubtedly be following suit.
A large number of shipowners haven’t grasped this. Self-certification of standards is not sufficient; DOC is not sufficient, and a ship being in class is not evidence of seaworthiness. Failure to evidence seaworthiness with a cyber SMS that is comprehensive and well understood onboard, leaves shipowners potentially exposed on limitation rights and cargo exposures. Importantly this is a leadership challenge for shipowners and operators, and not a question of insurance; Astaara Risk Management can provide owners with support on evidencing implementation of IMO Cyber SMS ship and shore.
So do cyber hull physical buy backs give owners the protection that they need? No. They are leaving themselves open to huge costs by only opting for physical damage cover, which leaves the company exposed for the following:
- Emergency response costs
- Reinstatement of IT equipment on board (and shoreside)
- Civil fines and penalties arising from safety investigations following a cyber incident
- Head office risks – data liabilities, back-up and restoration, forensic investigation, loss of revenue, ransomware demands, e-theft
When renewing your covers, check with a broker or with Astaara whether the risks you are actually presented with are covered.
Contact Astaara for coverage that meets the risks you face.