BIMCO to Complete Cyber Security Clause in May 2019

Shipowner association BIMCO is developing a cyber security clause in cooperation with shipping companies Klaveness and Navig8.

BIMCO sad that the small team includes also representatives from the UK P&I Club and HFW law firm, which aim to complete the project in May 2019.

The clause will deal with cyber security risks and incidents that might affect the ability of one of the parties to perform their contractual obligations. It requires the parties to have plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident.

Furthermore, the clause requires the affected party to notify the other party quickly, so that they can take any necessary counter-measures. It is designed for use in a broad range of contracts, including arrangements with third-party service providers, such as brokers and agents.

BIMCO said that the liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of USD 100,000 will apply if no other amount is inserted.

The two key functions of the clause are said to be raising of awareness of cyber risks among owners, charterers and brokers, and provision of a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring and, if it does occur, to mitigate its potential effects.

“In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details,” BIMCO added.

The clause is considered to be of great importance in the age of digital transformation of the shipping industry, especially taking into account the threats of cyber attacks.

One of the most well known examples from the industry is the cyber attack that impacted Maersk Group’s operations in June 2017.

Maersk was one of many global companies that were hit by a malware later known as NotPetya in June 2017. The company was forced to shut down infected networks to contain the impact, resulting in a considerable financial blow worth up to USD 300 million.