Allianz Report Details Cyber Threats to Global Shipping

On August 3, 2021, Allianz Global Corporate and Specialty released its Safety and Shipping Review 2021. A key takeaway from the report is the threat cyberattacks pose to the global shipping industry.

The report cites the May 2021 ransomware attack against the Colonial Oil pipeline as a “wake-up call for the maritime industry” about the risk posed by cybercrimes, as the shipping industry is a critical part of the global supply chain. See Report at 44. The Colonial Oil pipeline attack demonstrated the weaknesses in infrastructure cyber security. Its perceived success – a $4.4 million ransom payment – may encourage cyber criminals and nation states to target critical maritime infrastructure in the future.

Cyber risk is already a serious matter for the global shipping industry. Shipping and logistics firms saw three to four times as many cyberattacks in 2020 as in the past, and each of the world’s four largest shipping companies has been hit by a cyberattack. Report at 44. These developments underscore the need for targeted companies and their insurers to seek advice about mitigating risk and responding in the event of a ransomware or other cyberattack, without running afoul of sanctions or anti-money laundering regulations.

To date, most cyber incidents involving shipping have been shore-based incidents, such as attacks against ports and shipping companies themselves. But cyber threats to vessels will increase as more ships are linked to onshore navigation and performance management systems. Detailed cyber risk assessments are an important part of risk management in the maritime sector, particularly as the interconnectivity of the shipping industry continues to grow.

Along with greater awareness of the risk of cyberattacks targeting the maritime industry, demand for cyber insurance by shipping and logistics firms is growing. Not only is there the potential for greater frequency of cyberattacks, there is also potential for greater severity in losses. The recent trend of launching larger vessels, as shipping companies seek economies of scale and fuel efficiency through larger container ships and bulk carriers, has resulted in very large insurance claims. Examples include the $600 million sought by the Suez Canal Authority from the Ever Given’s liability insurer following its blocking of the Suez Canal in March 2021, and the hundreds of millions reportedly expended to remove the wreck of the Golden Ray and the 4,000 vehicles it was carrying outside of Brunswick, Georgia. See Report at 30. The size of these losses was driven in part by the complexity and costs of responding to incidents involving large vessels and the specialized port facilities and salvage equipment needed to handle them. 

As the Allianz report points out, while the Ever Given and Golden Ray losses may not have been cyber losses, they illustrate the potential for similarly large losses if a ship’s steering or propulsion mechanisms were hacked, for instance. Just as shipping and logistics firms evaluate their increased risk from ransomware and other cyberattacks, insurers also should be carefully reviewing the increasing frequency and severity of cyber risks in this sector.