The world’s largest international shipping association has a team working on drafts of a contractual clause to deal with the risks and potential incidents that could arise from cyber security-related causes.
BIMCO has appointed Inga Froysa of Klaveness to lead what it calls a ‘small team’ that includes delegates from Navig8, UK P&I Club, and HFW.
BIMCO has set its team a deadline of May 2019 to complete a clause that is designed to fulfil two functions, according to BIMCO’s website.
“The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.”
BIMCO’s contracts and clauses assistant manager Mads Wacher Kjaergaard said that, while work on the language is still underway, “as it currently stands, it would be possible to incorporate it into any contract”, not just charter party agreements.
Mr Kjaergaard said the clause is being written with shipping in mind.
One area that the BIMCO team has decided to leave out of the clause is fraudulent payments.
“The risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details,” according to BIMCO.
At least one cyber security organisation has come out in support of BIMCO’s decision to introduce a cyber security clause into its charter party agreements and other contracts.
Israel-based Naval Dome, whose CEO Itai Sela spoke at last week’s Tanker Shipping and Trade Conference & Awards in London released a statement saying the timing of the BIMCO cyber clause – set to precede by nearly two years the 2021 IMO-mandated deadline for cyber security concerns to be added to the ISM Code– meant shipowners were taking cyber security seriously.
“The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves,” the statement said.
It is the potential inclusion of a cyber liability clause, however, that Naval Dome sought to highlight.
“The problems shipowners face insuring their PC-based systems against cyber attack has been well documented, but this issue could be resolved with the BIMCO clause,” Mr Sela was quoted as saying.
BIMCO said that liability for claims would be limited to US$100,000 unless a different amount is agreed during negotiations.
“This could mean that the end result of a cyber attack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” Mr Sela said.
The BIMCO decision follows a number of high-profile cyber-attacks in the shipping industry involving Maersk, COSCO, BW Group and shipbroker Clarksons.