Two reports from commercial insurers have highlighted the growing importance of cyber risk and insurance for the shipping and automotive sectors, as they embark on a journey of automation.
THE AUTONOMOUS SHIPPING
Next year will see the testing of a fully electric 120 teu autonomous ship, Yara Birkeland. The vessel is expected to commence full autonomous operations in 2020, transporting products from a fertilizer plant at Herøya, to the Norwegian ports of Brevik and Larvik.
Autonomous ships like the Yara Birkeland are becoming a reality. However, their use is initially likely to be limited to highly controlled conditions, well away from major shipping lanes. Yet, technology is increasingly becoming an important risk factor for the maritime industry, a trend highlighted by global insurer Allianz in its Safety and Shipping Review 2018.
Modern day ships contain a multitude of sensors that measure and monitor a wide range of parameters, such as; weather and sea conditions, hull stress monitors, cargo hold temperature and humidity, and a host of machinery health and performance indicators.
Vessels are also increasingly connected to the outside world via electronic navigation and ship-to-ship and ship-to-share communications.
Smart containers and ports are also emerging, as companies look for greater efficiencies and automation in cargo supply chains. Maersk, for example, is developing a logistics blockchain system to digitally track cargo and share information with supply chain partners.
The use of industrial IoT and more integrated digitised supply chains will no doubt bring efficiencies, as well as considerable safety and risk management benefits for the maritime industry, but they will also give rise to increasing levels of technology and cyber risk. This will bring technical challenges and require radical changes in practices, Allianz says.
Major attacks like the NotPetya malware incident have been a wake-up call for the shipping sector, creating a renewed urgency around tackling the threats posed to vessels and supply chains, as well as prompting an increasing interest in cyber insurance, according to Allianz.
The NotPetya cyber attack of June 2017 affected some 2,000 organisations across 65 countries. It caused estimated economic losses of USD 2.5 billion to USD 3 billion and exposed vulnerabilities in the marine supply chain. The virus led shipping group Maersk to suspend operations, as it was forced to reinstall 4,000 servers, 45,000 computers and 2,500 applications; causing congestion at a number of ports worldwide and resulting in business losses in excess of USD 300 million.
According to Allianz, cyber attacks like NotPetya increase awareness of the potential for cyber business interruption losses and physical damage to vessels arising from a cyber attack. Shipping companies realise that their vessels and the logistics supply chain are all connected and are now engaged in more detailed discussions with insurers about how to protect against cyber exposures, it says.
At the same time, new regulations will exacerbate the fall-out from any future failure, says Allianz. For example, the EU Network and Information Security Directive (NIS) will necessitate “essential services” providers, such as large ports and maritime transport services in the EU, to demonstrate that they have taken sufficient measures to manage cyber security risks. It also requires companies to report cyber incidents, including those that disrupt services.
WINDS OF CHANGE
The shipping industry and regulators are now taking cyber security far more seriously. For example, the International Association for Classification Societies (IACS) plans to publish guidelines covering cyber security practices in the shipping industry by the end of 2018.
Last year, the IMO issued guidelines on maritime cyber risk management and called for cyber risks to be addressed in existing safety management systems by 2021. According to Allianz, shipping companies should act now, and not wait until 2021.
The insurer notes that cyber is a non-traditional maritime risk and, given the potential impact of the failure to adequately protect a vessel, a new approach is warranted. The insurer is calling for robust training and auditing – including independent cyber security audits – and dedicated personnel assigned to provide captains with effective guidance and procedures for cyber risks.
Crewless shipping may be some way in the future, but autonomous cars are already being tested in cities the world over. The UK government, for example, wants “fully driverless cars” to be in use on British roads by 2021 - just three years away.
The adoption of autonomous technology into private and commercial vehicles will bring many benefits, including the potential to make journeys more energy efficient and safe. UK insurer RSA says that increased automation will mean fewer accidents, deaths, injuries and less car damage and claims. However, there are many challenges to overcome, not least cyber security.
Cyber attacks are already a potential threat to vehicles. Cyber security researchers have exposed various cyber security flaws in vehicles, including those manufactured by Tesla, Ford and Toyota. Fiat Chrysler recalled 1.4 million cars after a researcher hacked a Jeep Cherokee in 2015. New generations of assisted and autonomous vehicles are likely to be more susceptible to such attacks and the results more serious.
According to UK insurer RSA, cyber risk could present itself in a number of ways in relation to an insurable event including; a malicious cyber attack, accidental damage during system maintenance, the inability to recover data due to error, and insecure or untested hardware or software. Such events could be caused by the deliberate or accidental spread of viruses, as well as vehicles connecting to other vehicles, infrastructure or networks.
In its autonomy and motor insurance report, RSA says that manufacturers will need to take appropriate technical and organisational measures for protecting the integrity of the vehicles and their systems. Suitable cryptography, layering, separation and identity authentication, should be continuously refined for the software, firmware and hardware of the vehicles, it says.
Drawing on its experience with the insurance partner for the GATEway project, a London-based autonomous driving research programme, RSA concludes that cyber risk cover will likely need to be developed as a dimension of motor policies. With an increasing level of automation, insurers need to consider their future approach to cyber and motor vehicles, including suitable limits and conditions, says RSA.
At present, a motor claim caused by a cyber event would be covered to the extent of the existing policy limits. Motor insurance policies will need to be adapted, with new categories of cover, like cyber. New claim heads of and policy wordings will also need to be updated to include new definitions and conditions, it says.
JLT recently launched a new global automotive practice to meet the rapidly changing risk landscape currently facing auto manufacturers and suppliers. The launch of the new automotive division comes amid the increasing appetite for autonomous vehicles and significant advances in vehicle connectivity.
With the accelerated pace of connectivity and autonomous vehicles, JLT projects a significant rise in cyber and technology risks. These risks could include hacking whether it is hacking driverless cars or electronic communication errors and breakdowns from the complex electronic systems. As automotive products become more technology focused, there will also be an inevitable shift from human to product liability. According to KPMG, product liability insurance will rise from 0% of total auto losses in 2017 to 57% in 2050 to cover the autonomous technology in vehicles.
To address these growing concerns faced by manufacturers and suppliers, JLT’s automotive division will deliver a seamless insurance solution that will respond to the convergence of a broad range of risks from cyber, technology and products liability to product recall.