Why do you need crime and cyber policies to cover financial losses?
We challenged the insurance world with this question on behalf of the marine transport industry. Ideally, a single policy would mean cost efficiencies and provide cover that matches modern operations, faced with increasing crime and cyber-related risk.
The answer: Integrated Crime Cyber Insurance from Shoreline.
This guide explains the pressing industry challenges and how our innovative cover helps to solve them.
‘Cybercrime’ is the major issue
When DNV GL talks about cyber security management, it uses the word ‘cybercrime’ readily. As do the media and public. But in the insurance market, a hybrid product to cover this new area has yet to be recognized in a single policy offering.
What’s currently required to cover financial losses
- Commercial crime (or fidelity) insurance for risks such as fraud and theft, including activities that use the internet.
- Cyber insurance for perils such as a computer system being infected, either unintentionally or with criminal or malicious purpose.
Covering insurance gaps and avoiding overlaps
Marine transport faces virtual pirates today: cyber criminals, activists, terrorists and organized crime. Phishing, malware, ransomware, jamming, employee fraud, the actions of a disgruntled team member or even a nation state… Not being fully covered is no longer an option.
Holding two types of insurance is a potential issue in the unfortunate event of a claim. Where lines are blurred, adjusters will question which policy provides what cover, at a stressful moment.
- security weaknesses in inter-connected IT systems and operational technology, on board ship and on shore
- a general lack of cyber security awareness and training
- human weaknesses too: often at the center of it all.
Are you covered for these events?
- A computer virus taking over an onboard system because a visitor inserted an infected USB stick.
- A ransomware attack leaving a company desperate to pay heavily to retrieve files or restart operations.
- Increasingly sophisticated criminal activity and ‘social engineering’, such as gangs using LinkedIn to impersonate company directors and demand cash transfers (as reported in The Times).
- Hackers introducing a virus that changes destination bank details contained in email instructions (source: HFW Circular).
For complete peace of mind
Our solution offers the scope of cover hinted at by the expression 'cybercrime', without the need to distinguish between a spectrum of activities and events.
For a single point of contact
Our solution means just one number to call and a clear way to prove financial loss against one set of insurers.
To support watertight operations
‘Cybercrime’ will grow ever-more sophisticated, and regulation in this area is tightening. The EU’s General Data Protection Regulation (GDPR), for example, makes breaches in processing personal data a boardroom agenda item, with hefty fines imposed for negligence here. Companies need to act now to get ahead in all matters cyber.
Getting smarter about cyber security
Adopted resolution MSC.428(98) will make cyber security a regulatory imperative. Risk management programs will have to evolve accordingly. Insurance for new risks such as cyber threats should be considered for those contingencies that cannot be eliminated at reasonable cost.
Questions worth asking
- How vulnerable are you to attack?
- What threats might affect you most acutely?
- How stringent are your ‘IT hygiene’ disciplines?
- How well trained is your treasury department?
- Is risk management a priority over risk transfer?
- Are you getting value from cyber security investment?
Links for guidance
DNV GL points out that the ship management industry already addresses risk by looking at three key areas: people, process and technology. Countering cyber risk can adopt a similar approach. The society publishes a cyber security ISM audit checklist and recommended practice for cyber security resilience management.
BIMCO gives key steps for cyber risk management that should be incorporated into ship management systems.
Source: With thanks to DNV GL and BIMCO for technical guidance.
- financial losses arising out of new cyber and traditional criminal events, without the need to distinguish between the two
- events onboard ship and shoreside
- 'all risks’ cover, subject to exclusions
- combined single limits and deductibles, subject to annual aggregate limits
- cover contingent to existing arrangements.
Developed specifically for:
- shipowners and operators
- crew and technical managers
- multi-modal and logistics companies
- port and terminal operators.
Covering the risk of direct financial losses, as a result of the following:
- Theft of financial assets
- Social Engineering¹
- Extortion Demands and the use of ransomware
- Network Compromise²
- Data Breach³
- Costs incurred on Defence and in Mitigation of loss.
Limits up to: US$30m
Security: 100% Lloyd's
A 24-hour hotline operated by Crawfords to supplement the claimant’s crisis management procedures and help to formulate a response plan within an hour of calling.