With the Cargo market insuring the movement of vast amounts of value and global trade, it’s not difficult to imagine why a malicious actor would be tempted to prey on the goods insured here. Given the breadth of possible weak points and goods on offer, the motivation could be political as well as financial.

The real, and far from novel, challenge for insureds in this increasingly complex arena is that for large parts of their journey their valuable goods are in the hands of third parties who (i) may not be known specifically to the insured and (ii) may have wildly fluctuating standards of cyber security. Additionally, owing to the sheer speed and volume of modern trade, while insureds will have in-depth knowledge about much of their supply chain, it’s difficult to gain much visibility of the cyber security of the third party component. The rise of cyber-attacks presents a whole new dimension of uncertainty in the already frantic world of supply chains.

The length, complexity and interconnectedness of modern supply chains mean that there are numerous companies involved, each bringing their own vulnerabilities to the table. To name a few, major targets could include ports, shipping companies and freight forwarders. This is without insureds considering the same risks at their own premises. Insureds place their valuable goods in the hands of these parties every single day and without them global supply chains would collapse, hence the consequences of a major cyber event could be just as significant as a traditional cargo peril.

With the Cargo market insuring the movement of vast amounts of value and global trade, it’s not difficult to imagine why a malicious actor would be tempted to prey on the goods insured here. Given the breadth of possible weak points and goods on offer, the motivation could be political as well as financial.

The real, and far from novel, challenge for insureds in this increasingly complex arena is that for large parts of their journey their valuable goods are in the hands of third parties who (i) may not be known specifically to the insured and (ii) may have wildly fluctuating standards of cyber security. Additionally, owing to the sheer speed and volume of modern trade, while insureds will have in-depth knowledge about much of their supply chain, it’s difficult to gain much visibility of the cyber security of the third party component. The rise of cyber-attacks presents a whole new dimension of uncertainty in the already frantic world of supply chains.

The length, complexity and interconnectedness of modern supply chains mean that there are numerous companies involved, each bringing their own vulnerabilities to the table. To name a few, major targets could include ports, shipping companies and freight forwarders. This is without insureds considering the same risks at their own premises. Insureds place their valuable goods in the hands of these parties every single day and without them global supply chains would collapse, hence the consequences of a major cyber event could be just as significant as a traditional cargo peril.

It was recently reported that a major port in Iran was temporarily shut down by a cyber-attack (1). The port was disrupted for a period of time, allegedly causing disruption and severe queues. In this case the disruption was short-lived and the port was able to switch to a manual way of working. However, in a more modern port where there is a higher-level of automation and greater volumes of traffic, such as Rotterdam, the disruption and loss of goods could have been catastrophic. A report in 2019 by the Cyber Risk Management Project based in Singapore estimated that a major systemic cyber-attack on ports in the Asia-Pacific region could cause damage of up to USD 110bn (2),  

much of it currently uninsured. The report noted that “While cyber-attacks have impacted individual ports in the past, an attack on systematic vulnerabilities across ports on this scale has never been seen ... However, the combination of ageing shipping infrastructure and global complex supply chains, makes the shipping industry vulnerable to extreme losses.”.

If that were not bad enough, it would also appear that even one of the oldest forms of crime, piracy, has gone online in the digital age. This can manifest itself in several ways (3).  

First of all, pirates can aid their own precision by hacking into systems detailing what is on board a ship by accessing bills of lading (ironically this was paper-based until fairly recently and still is in some countries. It was also held up as an example of how antiquated some ways of trading were). When the pirates then board the ship, they will know exactly what they are looking for and have a good idea of where to find it, rather than just hoping to strike gold. Secondly, hacking in to cargo management systems can see containers re-routed to be collected by another party, along with all of the relevant documentation transferred to the name of another owner. I’m sure some people long for the good old days of paper bills of lading!

This is just one potential risk to goods while on the high seas. Another key risk is interference with on-board navigational systems. Systems can be ‘jammed’, meaning the receiver is deprived of signal or ‘spoofed’ meaning that they are tricked in to displaying a false location and time. There was one report of a captain seeing that rather than being in the sea (4), his ship was apparently 32km inland at an airport according to the ship’s navigational system … along with 20 other ships. It’s not hard to imagine how goods could end up in the wrong place.

It is feared that many incidents like these have already happened, but have been settled quietly and without public comment in order to protect the reputation of the parties involved.

These are just a few examples of how things could go wrong. It’s beyond the scope of this article to look in to all the areas of the global supply chain insured in the Cargo market, but suffice to say that malicious actors are weighing up attacks on every part of the chain looking to get their hands on a slice of the goods criss-crossing the globe.

If you’d like more information on this topic, please see our website to get in touch with a member of our teams.

 

(1) https://www.ft.com/content/3ea57426-40e2-42da-9e2c-97b0e39dd967

(2) https://www.cips.org/supply-management/news/2019/october/cyber-attack-on-apac-ports-could-cost-110bn/

(3) https://eandt.theiet.org/content/articles/2019/04/cyber-pirates-terrorising-the-high-seas/

(4) https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon/