The release of CyNav for Ports and Terminals is a direct response to growing calls from operators for a bespoke product that addresses the specific risks faced by their high-value asset class and closes the gaps found in the standard cyber policies of today’s insurance market.
Due to the outsized role its practitioners play in supporting the global economy, the maritime logistics sector is increasingly a target for extortion, hacktivists and state-sponsored networks of cyber criminals. Cyber-attacks on maritime transport assets rose 400% in 2020.
Since then, the number of cyber-attacks on global maritime infrastructure have continued to escalate, especially in the first quarter this year (2022); in the port sector, there were recent attacks on a cross-section of strategic facilities, from marine oil terminals in Western Europe to container ports in South Asia and South Africa.
As port operators navigate their way through the Fourth Industrial Revolution, their assets are becoming increasingly reliant on connectivity and new technologies, especially those that automate communications and operations. Third-party services providers are now routinely connecting to port systems to support and monitor the performance of their products.
While this has provided unprecedented levels of operational transparency and efficiency throughout the ports’ value chains, it has also significantly raised the risk of network intrusions. As connectivity builds between partners, each connection point offers cyber criminals another gateway to mission-critical systems and commercially sensitive or private data.
Theft of the latter potentially opens the operators of inadequately protected systems to significant fines under legislation such as the EU’s General Data Protection Regulation; a failure to adequately protect personal data could see a company anywhere in the world fined up to the equivalent of 4% of its global revenue, provided the data breached was the property of EU citizens.
A specific area of vulnerability for port operators – and a new focus of activity from cyber criminals – is the connections to the operational technologies that control activities such as vessel berthing, port traffic, cargo handling and ancillary equipment such as gantry and ship-to-shore cranes.
Awareness campaigns about the vulnerability of transport-related IT access points has helped to strengthen those systems. For example, there has been some progress in securing maritime IT systems from third-party intrusion: in general, the adoption of defensive software products such as privilege access management controls, multi-factor authentication firmware and endpoint detection and response solutions is better protecting system-entry points.
But the ports sector’s operational technology is less well defended, according to digital security experts, who say attacks through those systems can still provide access to the IT systems, and are less likely to be covered by standard cyber policies.
To help close some of the gaps in standard policies, CyNav for Ports and Terminals focuses on helping to transfer the risks of nominated business interruptions to provide a wider cover. It was designed to be customised and to address risks specific to the operators of ports and terminals, including:
- Losses from business interruptions
- Business interruption losses from vulnerabilities in the IT supply chain
- Property damages
- Crisis management expenses
- Property damage liability
- Wrongful delivery of cargo
- Regulatory actions (where insurable)
The launch CyNav for Ports and Terminals comes about a year after WTW brought the award-winning CyNav for Shipowners to market. Both were created in direct response to industry requests for more comprehensive and customised cover from the growing maritime cyber threat.