All Hands on Deck
for your IT Security

Shipping companies are increasingly targeted by hackers. Why has this issue so long been ignored by the shipping companies?

So far, there have been few relevant losses of or attacks against ships that we know of. It was only after the cyber attack against Maersk Line that shipping companies have been alerted to the danger, and since then, they are addressing the issue of cyber security with diligence. Furthermore, many shipping companies unfortunately do not officially report cyber attacks. There is no legal basis or organisational regulation that stipulates that cyber security is a prerequisite for a vessel to be seaworthy. The idea that ships are not connected to the mainland is false. They are fully integrated into the shipping companies' IT system, sometimes continuously transmitting engine data and position data to the shipping company. This gives hackers an opportunity to interfere with navigation, misdirect ships, and rob them or send them into a collision.

Do most shipping companies negligently ignore the increasing risk?

It is considered to be important. Since the IMO (International Maritime Organisation) announced the topic of cyber security to be part of the ISM Code for 2021, shipping companies have to prepare for this issue. Covering cyber risks by means of a corresponding insurance is one of many aspects.

How well are the shipping companies insured?

Not very well at this time because there is a gap in the coverage due to the Cyber Attack Exclusion Clause CL 380. Generally speaking, insurance solutions that resemble our model are available on the market, but not with a cohesive wording. Often, the cyber attack exclusion is simply annulled in a separate clause, which in our opinion does not ensure complete legal certainty.

What should shipping companies pay attention to when choosing an appropriate cyber marine insurance?

An integrated approach, which is possible with our policy. Common non-marine cyber policies cover all the shipping company's cyber risks except for cyber damage to the vessel. And this is where we come in with our new coverage, providing cover for property damage due to cyber attacks.
This is a separate policy that can be taken out independently of any existing hull insurance by Lampe & Schwartze.

Which components are important when choosing an appropriate cyber insurance, and which components can you do without?

The coverage consists of several components: We insure property damage to the ship, indemnity for collisions, general average, and salvage costs. All four components are important for the shipping company to achieve comprehensive marine insurance.

What is covered by the Lampe & Schwartze cyber marine coverage?

Our coverage not only closes the gap in coverage caused by CL 380 and covers physical damage to the vessel caused by a cyber attack, but also includes an important service component. Our extensive service package offers a decisive added value to the client. It starts with a detailed risk assessment: We check whether the risks are insurable at all. We work with the IT service provider Maritime Cyber Emergency Response Team (MCERT), who offers their services within the framework of the policy – starting with the reporting of cyber attacks through to an emergency hotline that offers assistance to shipping companies if there are indications of a cyber attack. We want to cooperate proactively with our clients to ensure that a cyber attack cannot cause damage in the first place.

What do you think the future of cyber marine insurance will be?

We believe that the coverage we offer is becoming ever more relevant due to events of damage. Furthermore, we believe that the CL 380 exclusion will persist in the years to come. In addition, competing products are being developed, making this topic ever more important in the marine sector. We structured our coverage in such a way that we can add a loss-of-hire component in the future, making our product even more attractive for shipping companies.