Naval Dome has called on marine insurers to revoke the controversial Clause CL 380 and implement policies that insure against the risk of cyber-attacks on ship systems.
Speaking in Cape Town, South Africa, today during the International Union of Marine Insurance's (IUMI) annual conference, Naval Dome CEO Itai Sela said that with the maritime industry increasingly moving towards connected, cloud-based technologies and autonomous operation, a 15-year-old Clause that excludes damage to computer systems, code or software is archaic.
The Clause in contention reads:
Subject only to clause 1.2 below, in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software program, malicious code, computer virus or process or any other electronic system. 2.1: Where this clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, Clause 1.1 shall not operate to exclude losses (which would otherwise be covered) arising from the use of any computer, computer system or computer software program or any other electronic system in the launch and/or guidance system and/or firing mechanism of any weapon or missile.
"Why do insurers continue to implement CL 380 when there is a high probability that a computer will be hacked and, importantly, when there are many different ways and means of protecting shipboard computer systems?" Sela asked IUMI members.
"What we have is an industry on the cusp of a technological change. The rapid implementation of advanced autonomous technologies and machine learning capabilities will change the way in which ships are operated, but such developments will also leave the industry open to more system breaches and unauthorized intrusion unless there are systems and policies in place to mitigate against such risks."
Sela suggested the maritime industry should follow the automotive sector's lead. The sector has introduced software-based safety solutions to road vehicles that, despite not being initiated by the insurer, have proven to protect drivers (and insurers) against theft or damage, which helps towards mitigating risk and reduce premiums.
As an example, MobilEye, a technology Intel bought in 2017, is now commonplace in vehicles and has helped improve road safety, reduce human error, possibly determine culpability and reduce insurance premiums for those that have it.
"Why then, considering the current evolving maritime situation and the increase in cyber-attacks - which the insurance sector repeatedly warns of a need to protect against - is there no cyber insurance policy? Sela pondered.
While we await the insurance industry response, the MobilEye analogy is a useful one in that the Naval Dome solution could well be the maritime industry equivalent.