> Back to Insights
27 August 2020 | 5-minute read
The Prudential Regulation Authority (PRA) and Lloyd’s initiatives to identify, quantify and manage cyber risks have led to a rapid adoption of wordings that would exclude casualties occurring as a result of a cyber attack. Is this a problem? Well to date no, but as shipping becomes more automated and cyber attacks more frequent, it is only a matter of time before a collision or grounding occurs, and the cause will be established as some form of introduced failure of some type of electronic device.
When previously casualties were caused more by human means, this should automatically result in provision of General Average and/or salvage security to ensure timely release of insured goods. As shipping advances however, a loss that could have been caused by a cyber failure should be covered, but a cyber attack would not, with security presumably having to be refused until the cause of loss were established. In an age of increasing awareness of delivery times, and likely exclusions for damage caused by delay, this can hardly be ideal.
To establish the cause of an event and then the intention behind it, is an insurmountable challenge when dealing with many of the demands of a customer, under pressure to on-ship goods to destination. Will this only be realised when a 20,000 teu container ship has grounded due to some form of electronic failure? Imagine how many cargo owners, with buyers’ or sellers’ needs to be catered for, would have to be managed when insurers cannot be sufficiently confident of coverage to confirm liability and issue General Average and Salvage Guarantees.
Fortunately, there is a solution in the two clauses that have been drafted by the Joint Cargo Committee and released last year. (Cyber Coverage Clause JC2019-004 and JCC Cyber Exclusion and Cyber Exclusion and Writeback Cl.437). They give nuanced cover, and can provide a requirement for cyber security, but both are deliberately intended to avoid the difficult situation otherwise presented, whereby cause needs to be established. Deadlines placed upon insurers to affirm coverage for this most complex of causes had led to a market position whereby a rapid, cross class and familiar solution needed to be found.
The market met the compliance requirements, but are the measures taken now in need of refinement to ensure nothing is lost when compliance was achieved? Any lack of harmony in understanding at a time when shipping is more automated, varied and complex than ever could only serve to leave insureds, intended to be protected by regulators requirements, more exposed than ever. Underwriters must clearly work with brokers to establish or confirm that understanding.