North of England phishing attack highlights ongoing cyber-threats

An emailed debit note sent to members of the North of England Protecting and Indemnity Association last month has reinforced the need for constant vigilance to avoid cyber scams.

The note purporting to be from a club employee asked for payment of outstanding funds but there was a clue that something was amiss — the request came from a neepia.com address rather than the correct nepia.com one.

It is not the first attempted phishing fraud on P&I clubs' members, with TradeWinds reporting last year on previous attempts involving fraudsters purporting to be from Gard or Britannia.

Shoreline's new integrated crime and cyber cover is for all risks, rather than named perils. So threats, whether to ship onboard systems or onshore operations, are covered.

Commercial crime includes theft of assets or data, deception or fraud, including action by employees.

“You have got to look at the ship but that is not enough," said Nicholas Taylor, an independent director to the North of England P&I Club and a consultant to Shoreline.

"You have to look at the whole enterprise and develop a strategy to protect yourself both from the cyber and the crime angle.

“I went to a big tanker company in Oslo last week who said all their technical and crewing management is sub contracted out. Well yeah, but what about the threat to chartering and commercial contracts?”

Cyber insurance covers risks such as a computer system being infected, either unintentionally or maliciously, including denial of service-type attacks.

The perpetrators may be criminals, terrorists, activists, nation states or, perhaps most threatening of all, disgruntled employees.

But when does a cyber attack turn into commercial fraud if the motivation is financial, such as extracting a ransom? In other cases, funds may have been diverted by plausible emails, contact with employees or other "social engineering" ploys rather than a computer virus.

Taylor says it is hard to draw the line, but where the line lies does not matter if there is an integrated crime and cyber cover.

There are few exclusions from the cover other than the standard market restrictions relating to nuclear and biochemical risks and of war between the "great powers" of the US, Russia, China, the UK and France.

The CL380 cyber-attack exclusion clause is widely used in the marine-insurance market, with buy back of cover usually available when it is invoked.

Hull cover typically includes the CL380 exclusion but it is not used by the P&I clubs.

The CL380 exclusion does not figure in Shoreline’s approach, as it is a business interruption-type insurance rather than for physical damage, and the clause is increasingly seen as creating as many problems as it solves.

Taylor predicts that crime and cyber insurance will become a fairly standard cover in the shipping industry in a decade’s time.

Apart from owners trying to pre-empt the threat, he expects IMO requirements and ship inspection reports to become increasingly focused on maritime security.

“If you suffer a cyber incident, your approvals may get suspended and you could lose charters," he said. "There may even be a question mark over whether a ship is seaworthy.”

Shoreline will technically be a delegated underwriter of its new cyber cover but control over acceptance of risk and pricing will stay in the Lloyd’s of London market. Shoreline will be the policy administrator and deal with marketing and distributing of the cover.

Underwriting will be carried out by Duane Folkard, a former Marsh and Willis broker who now heads XL Catlin’s tech and cyber-risks operation.

One of the attractions of Shoreline is that it is an established insurance brand, providing certificates of financial responsibility guarantees of up to $575m for one-third of the oceangoing fleet trading to the US. It also provides war blue cards required under the Athens passenger liability regime and international carrier bonds for US and Canadian trading.

Shoreline, as a business with mutual roots, has 2,200 shipowners as members and is neutral in terms of being equally acceptable to all the main broking groups.

XL Catlin runs the biggest Lloyd’s operation — syndicate 2003 — and will lead the cover, which will be 100% written in the Lloyd’s market.