Five Top Tips for Sourcing Port Cyber-Attack Insurance Cover

Photo Credit: Tumisu from Pixabay

Port cyber-attacks are now one of the biggest and most sophisticated threats facing port operators, notes Ed McNamara, President & CEO, Armada Risk Partners, and a port insurance broker in Cleveland, Ohio. Nagoya, Japan has become the latest in a long line of global ports to be targeted by a ransomware attack. The incident in early July had severe consequences disrupting cargo packing procedures, deleting large amounts of data and forcing the suspension of operations at the container terminal. With criminal gangs and nation states now pumping resource into cyber warfare, how can ports get the best possible cyber-attack insurance in place?

1) Undertake a thorough cyber review before sourcing insurance. As Ports are now painfully aware the nature of their set up makes them vulnerable to attack. Hosting large numbers of vessels operated by a wide variety of companies employing a range of different IT systems provides a perfect environment for network intrusions, hacks and ever more sophisticated ransomware attacks.

When looking at cyber insurance, evaluating your organization’s overall cybersecurity capabilities across all areas and the exposure to risk is a good starting point for port and terminal operators.

It is important to undertake this review as part of a strategic approach to sourcing port cyber insurance. It is now more vital than ever to get your systems and processes as secure and up-to-date as possible before engaging with insurance companies.

At Armada, we advise ports to present the strongest picture to would-be insurers in order to secure the best coverage and reduce premiums.

Insurers are looking for hard evidence of robust risk management policies and protocols, including well-prepared cybersecurity policies, along with regular assessments and continuous employee training.

This should include identifying potential threats, assessing the value and sensitivity of the data that you handle, and evaluating your current security measures.

2) Commit to continuous cybersecurity improvement. Cyber insurance is a vital consideration in any cyber risk mitigation strategy. Insurance can play a key role in helping pay for recovery costs if you suffer a ransomware attack, data breach and any business interruption. It can also cover third-party liabilities. Moreover, there are polices that provide incident response support, giving access to expert teams to provide guidance and support in the event of an attack, again helping mitigate the damage caused.

However, it is important to stress that cyber insurance cover doesn’t release any organization from the responsibility of managing its cyber risks. It requires ports and terminal operators to sustain a cybersecurity program with continuous improvement at its heart.

3) Be aware as cyber insurance market is changing. The insurance marketplace is responding sharply to the increased threat of cyberattacks on ports.

The result is a fluid and constantly changing market. Cyber premiums are rising, driven by the increasing activity and claims, while coverage is, in many cases, diminishing.

We advise searching for policies that cover a wide range of cyber risks. including data breaches, ransomware attacks, business interruption, and third-party liabilities. Consider the policy limits and deductibles that best suit your port’s risk profile. Ensure that the policy’s limits adequately cover potential financial losses, including costs associated with breach response, recovery, and legal expenses.

4) Stay alert to new threats. Be aware cyber risks are evolving rapidly. And it is vital that port operators keep up to speed. That means being thoroughly informed and acting when it comes to emerging threats, regulatory changes and industry best practices. Even after your insurance is in place ensure you should regularly review that insurance coverage to ensure it is still adequate.  Be aware your current policy may not be addressing the latest threats.

5) Work with a port specialist. It is good practice to work with a broker who is well-versed in understanding the nuances of cybersecurity and is keeping abreast of the changing port insurance landscape.

It is wise for CEOs themselves to examine the fine print of any insurance renewal and work with the broker who should go the extra mile and source a wide variety of quotes. Do not automatically renew with your existing provider, check the coverage itself as this could have changed significantly. And do not base the renewal on cost, as this could result in you being dangerously exposed and under insured.

Your broker needs to fully understand your business and research the policies  best suited to your port’s set up, risk profile and type of operations. They can also provide advice on specific compliance standards that your port may have to follow.

About the Author

Edward X. McNamara is the President & CEO of Armada Risk Partners, a Cleveland-based insurance broker. Previous to Armada, Ed was Senior Vice President at Aon, where he led the sales team for the Ohio, Indiana and Kentucky region. Before that, Ed served as “Rainmaker” at Oswald Companies, an insurance brokerage. Prior to joining the insurance world, Ed ran his own technology and software company. He is co-founder of the Prayers From Maria Foundation, and is married with four sons.