Cyber Threats Evolving Fast

By Wendy Laursen 2015-09-09 16:48:37

Cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately $445 billion a year. A new generation of cyber risks is appearing and evolving fast.

The threats are moving beyond the established ones involving data breaches, privacy issues and reputational damage and moving to operational damage, business interruption and even potentially catastrophic losses.

This new generation of cyber risk is more complex: future threats will come from intellectual property theft, cyber extortion and the impact of business interruption (BI) following a cyber-attack or from operational or technical failure; a risk which is often underestimated.

In a new report – A Guide to Cyber Risk: Managing The Impact of Increasing Interconnectivity – specialist insurer Allianz Global Corporate & Specialty (AGCS) examines the latest trends in cyber risk and emerging perils around the globe.

“Awareness of BI risks and insurance related to cyber and technology is increasing. Within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape,” says Georgi Pachov, cyber expert in AGCS’s global property underwriting team.

Ships at Risk

In June 2013, a radio navigation research team from The University of Texas at Austin was able to successfully spoof an $80 million private yacht using the world’s first openly acknowledged GPS spoofing device. Spoofing is a technique that creates false civil GPS signals to gain control of a vessel’s GPS receivers.

Unlike GPS signal blocking or jamming, spoofing triggers no alarms on the ship’s navigation equipment. To the ship’s GPS devices, the team’s false signals were indistinguishable from authentic signals, allowing the spoofing attack to happen covertly.

“This type of attack could lead a vessel off course and result in a grounding, collision or similar serious marine incident,” says Captain Andrew Kinsey, Senior Marine Risk Consultant at AGCS. “Choke point transits are just one of numerous areas where vessels are vulnerable, shoal areas could be even more of a hazard because the Mate on watch may not have a good radar return to back up his GPS position with. Examples such as this spoofing attack should reinforce in Bridge Watch Keepers the old adage: The prudent mariner will not rely solely on any single aid to navigation or a single source of information when fixing the position of his vessel.”

Connectivity Creates Risk

Increasing interconnectivity of everyday devices and growing reliance on cloud technology and real-time data at personal and corporate levels, known as the ‘Internet of Things’, creates further vulnerabilities. Some estimates suggest that a trillion devices could be connected by 2020, while it is also forecast that as many as 50 billion machines could be exchanging data daily.

Kinsey cites an example that indicates ports are among the entities at risk: Drug traffickers recruited hackers to breach IT systems that controlled the movement and location of containers. The attack on the port of Antwerp is thought to have taken place over a two-year period from June 2011. Prosecutors say a Dutch-based trafficking group hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America.

The organized crime group allegedly used hackers based in Belgium to infiltrate computer networks in at least two companies operating in the port of Antwerp. The breach allowed hackers to access secure data giving them the location and security details of containers, meaning the traffickers could send in lorry drivers to steal the cargo before the legitimate owner arrived.

Workers were first alerted to the plot when entire containers began to disappear from the port without explanation. Drug smugglers planted an extraordinary array of ingeniously disguised remote access devices as part of the long term breach.

Catastrophic Losses

While there have been some very large data breaches, the prospect of a catastrophic loss is becoming more likely, but exactly what it will look like is difficult to predict. Scenarios include a successful attack on the core infrastructure of the internet, a major data breach or network outage for a cloud service provider, while a major cyber-attack involving an energy or utility company could result in significant outage of services, physical damage or even loss of life in future.

Responding to Cyber Risk

The AGCS report highlights steps companies can take to address cyber risk. Insurance can only be part of the solution, with a comprehensive risk management approach being the foundation for cyber defense. “Once you have purchased cyber insurance, it does not mean that you can ignore IT security. The technological, operational and insurance aspects of risk management go hand in hand,” explains Jens Krickhahn, expert for cyber and fidelity at AGCS Central & Eastern Europe.

Cyber risk management is too complex to be the preserve of a single individual or department, so AGCS recommends a think-tank approach to tackling risk whereby different stakeholders from across the business collaborate to share knowledge.

In this way, different perspectives can be challenged and alternative scenarios considered: for example, these might include the risks posed by corporate developments such as mergers and acquisitions or by the use of cloud-based or outsourced services. In addition, cross-company involvement is essential to identify key assets at risk and, most importantly, to develop and test robust crisis response plans.

The industry is Taking Action

In April of 2015 a round table of international shipping associations comprising BIMCO, ICS, Intercargo and INTERTANKO met to develop standards and guidelines to address the major cyber security issues faced by the shipping industry. “Protection against malicious attacks on computer based systems onboard ships is now hitting the top of the agenda for shipping organizations in all corners of the world,” the group said in a release.

Angus Frew, secretary general of BIMCO, said: “The standards under development are intended to enable equipment manufacturers, service personnel, yards, owners and operators, as well as crew, to ensure their shipboard computer based systems are managed securely – and kept up-to-date to protect against the ever-growing threat from exploitation by criminals.”

The IMO will need to act on the standards and guidelines developed in order to see that they are universally adopted within the maritime industry.

Tougher Regulatory Regimes

Increasing awareness of cyber exposures as well as regulatory change will propel the future rapid growth of cyber insurance, says AGCS. With fewer than 10 percent of companies currently purchasing cyber-specific policies, AGCS forecasts that cyber insurance premiums will grow globally from $2 billion per annum today to over $20 billion over the next decade, a compound annual growth rate of over 20 percent.

“Growth in the U.S. is already underway as data protection regulations help focus minds, while legislative developments and increasing levels of liability will see growth accelerate in the rest of the world,” says Nigel Pearson, who is globally responsible for cyber insurance at AGCS.

“There is a general trend towards tougher data protection regimes, backed with the threat of significant fines in the event of a breach.” Hong Kong, Singapore and Australia are among those looking at, or already enforcing, new laws. Even if the European Union fails to agree its planned pan-European data protection rules, tougher guidelines on a country-by-country basis can be expected.

Allianz also predicts that the scope of cyber insurance must evolve to provide broader and deeper coverage, addressing business interruption and closing gaps between traditional coverage and cyber policies. While cyber exclusions in property and casualty policies are likely to become commonplace, standalone cyber insurance will continue to evolve as the main source of comprehensive cover. There is growing interest among the telecommunications, retail, energy, utilities and transport sectors as well as from financial institutions.

Education – both in terms of businesses’ understanding of exposures and underwriting knowledge – must improve if insurers are to meet growing demand. In addition, as with any other emerging risk, insurers also face challenges around pricing, untested policy wordings, modeling and risk accumulation.

The report is available here.

Details

Retail Imports Climb As Holiday Season Approaches

By MarEx 2015-09-09 15:37:06

Import cargo volume at the nation’s major retail container ports is expected to increase 1.2 percent this month over the same time last year as retailers head toward the holiday season, according to the monthly Global Port Tracker report released today by the National Retail Federation and Hackett Associates.

“After supply chain worries earlier this year, inventories are plentiful this fall,” NRF Vice President for Supply Chain and Customs Policy Jonathan Gold said. “Shoppers should have no worries about finding what they’re looking for as they begin their holiday shopping.”

Ports covered by Global Port Tracker handled 1.62 million Twenty-Foot Equivalent Units in July, the latest month for which after-the-fact numbers are available. That was up 2.9 percent from June and 8.1 percent from July 2014. One TEU is one 20-foot-long cargo container or its equivalent.

August was estimated at 1.6 million TEU, up 5.5 percent from 2014. September is forecast at 1.61 million TEU, up 1.2 percent from last year; October at 1.62 million TEU, up 3.8 percent; November at 1.5 million TEU, up 7.9 percent, and December at 1.44 million TEU, down 0.2 percent.

Those numbers would bring 2015 to a total of 18.2 million TEU, up 5.4 percent from last year. The first half of 2015 totaled 8.9 million TEU, up 6.5 percent over the same period last year.

January 2016 is forecast at 1.44 million TEU, up 16.9 percent from weak numbers seen a year earlier just before West Coast dockworkers agreed on a new contract that ended a months-long labor dispute.

Hackett Associates Founder Ben Hackett said economists have been watching a “stubbornly high” inventory-to-sales ratio this summer. But he said the cause appears to be the flood of cargo that came after the new West Coast dockworkers’ contract was signed rather than weakness in demand.

Details

Shedding Light On Maritime Sector’s Importance

By MarEx 2015-09-09 15:17:37

Her Royal Highness Princess Anne, Patron of London International Shipping Week 2015, addressed guests at the Welcome Reception at Lancaster House on Tuesday evening with the message that raising awareness of the industry was of prime importance to all sectors of business.

The event was hosted by Maritime UK and Her Majesty’s Government.

Speeches were also given by Chairman of Maritime UK Lord Mountevans, and the Secretary of State for Transport The Rt Hon Patrick McLoughlin, MP.

Introducing The Princess Royal, Patrick McLaughlin said: “On behalf of the Government I am pleased to welcome you all here tonight to Lancaster House during London International Shipping Week. London is the capital city of world shipping, home of the Baltic Exchange, Lloyds of London and the IMO, and the UK as a whole is a home for the world’s greatest concentration of maritime services. Maritime trading, financing, ship brokering, legal services, insurance – all sectors are investing for growth.

“In recent decades international shipping has undergone incredible change as the result of globalization and the opening of new markets. It is also the result of innovation in the shipping industry. And that is why LISW is so important because it offers the chance to make new connections.

The Princess Royal then addressed the room telling guests that through her work with seafaring charities she has seen how workers out at sea have become “invisible” to many, adding that this is why events like this are so important.

She said: “I would like to thank you for the invitation to become the Royal Patron for London International Shipping Week 2015. Judging by the turnout here tonight it I can see that the event is very well supported. “For the city and the traders the maritime sector is still very important and they recognise that. But for many others that’s not true.

“Once upon a time if you wanted to travel you travelled by sea. Everybody understood the importance of the sea to commerce but when people travel now they will probably fly, and this leads to quite astonishing levels of ignorance about the importance of the maritime industry to all areas of our lives. This is quite a worrying concept and means that a high profile event like London International Shipping Week really can make a difference.

“I do hope that those of you who have had the opportunity to visit the many seminars and events that make up London International Shipping Week can take back with them a broader understanding of the importance of the maritime sector.”

Details

Chinese Vessel and Crew Missing

By MarEx 2015-09-09 15:04:16

The Chinese-flagged general cargo ship Sah Lian has been missing in the South China Sea since Saturday, September 5. The vessel left Kuching on September 2 and was transporting 500 tons of general cargo. It was reported missing when it did not arrive at the Port of Limbang on schedule Saturday. The Malaysian Maritime Enforcement Agency (MMEA) has launched a search for the vessel and its 14 crewmembers.

The Sah Lian’s owner was last in contact with the ship’s captain on September 3.

While it is too early to link the missing vessel to piracy, the South China Sea has experienced a marked increase in piracy and robbery this year. In July, the Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia (ReCAAP) said that incidents of piracy and armed robbery had risen 18 percent in the first half of 2015 compared to the same time period in 2014. There were 106 incidents reported between January and June 2015 and just 90 last year.

The rise in Southeast Asian piracy has prompted the Association of Southeast Asian Nations (ASEAN) to establish a permanent security presence. Last weekend, pirates attacked six vessels in the Malacca and Singapore straits. Authorities believe the same group was involved in each incident.

In August, Malaysia and Indonesia formed a joint rapid deployment team to respond to the increasing number of incidents in the region. Southeast Asia has become a hotbed of maritime piracy in the past year.

Details

Vessel and Crew Missing

By MarEx 2015-09-09 15:04:16

The Chinese-flagged general cargo ship Sah Lian has been missing in the South China Sea since Saturday, September 5. The vessel left Kuching on September 2 and was transporting 500 tons of general cargo. It was reported missing when it did not arrive at the Port of Limbang on schedule Saturday. The Malaysian Maritime Enforcement Agency (MMEA) has launched a search for the vessel and its 14 crewmembers.

The Sah Lian’s owner was last in contact with the ship’s captain on September 3.

While it is too early to link the missing vessel to piracy, the South China Sea has experienced a marked increase in piracy and robbery this year. In July, the Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia (ReCAAP) said that incidents of piracy and armed robbery had risen 18 percent in the first half of 2015 compared to the same time period in 2014. There were 106 incidents reported between January and June 2015 and just 90 last year.

The rise in Southeast Asian piracy has prompted the Association of Southeast Asian Nations (ASEAN) to establish a permanent security presence. Last weekend, pirates attacked six vessels in the Malacca and Singapore straits. Authorities believe the same group was involved in each incident.

In August, Malaysia and Indonesia formed a joint rapid deployment team to respond to the increasing number of incidents in the region. Southeast Asia has become a hotbed of maritime piracy in the past year.

Details

Crack Could Delay Panama Canal Opening

By MarEx 2015-09-09 14:59:01

Just one week after saying a crack in one of the Panama Canal’s new lock chambers wouldn’t delay its April 2016 opening, the Panama Canal Authority (ACP) has backtracked and announced that, well, maybe it could.

In a statement released September 7, the ACP announced that it is awaiting a report from the contractor, Grupo Unidos por el Canal (GUPC), on the causes and solutions for the crack that appeared in the canal’s Cocoli Locks. The ACP will reassess the canal’s projected completion date after receiving the report.

Filling of the locks began on June 22, and the ACP announced in late August that the canal had sprung a leak. ACP and GUPC officials met on August 22 to discuss the steps that would be taken to repair the crack.

“At this time, ACP has designated two independent external structural engineers to conduct an objective evaluation of the reasons for this localized issue and to assess GUPC’s solution,” the Authority said in a statement. “While this important step takes place, the ACP is encouraged by the overall progress of the program, which has now reached 93 percent completion.”

The Panama Canal expansion was initially scheduled to be completed in 2014 to coincide with the 100-year anniversary of the opening of the existing canal, but cost overruns, work stoppages and delays have pushed the opening to April 2016.

Panama hopes the $5 billion expansion will stimulate its economy by increasing trade flows to and from the U.S. East and Gulf Coasts as well as Latin America. Upon completion, vessels up to 12,000 TEUs will be able to transit the canal.

Details