INSURANCE AND CYBER RISK A FOCUS ON CYBER

INSURANCE AND CYBER RISK: A FOCUS ON “CYBER SEAWORTHINESS OF VESSELS"

WHAT IS CYBER RISK? Cyber risk has been described as the “biggest, most systemic risk” facing the insurance market in the last half century. It essentially encompasses any risk arising out of the use of technology and data and, in this digital age, affects virtually every organisation around the world. CYBERCRIME ESPIONAGE HACKTIVISM CYBER WELFARE

CYBER RISK REGULATIONS • EU Directive 2016/1148 (NIS) on high common level of security of network and information systems The directive went into effect in August 2016 and all member states of the European Union were given 21 months to incorporate the directive's regulations into their own national laws • EU General Data Protection Regulation 679/2016 (GDPR) It becomes enforceable from 25 May 2018 • EU Directive 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties will become applicable from 2018 • EU Regulation No 910/2014 on Electronic Identification Authentication and Signature (EIDAS) • US NIST Cybersecurity Framework • IMO MSC. 1 Circ. 1526 (Interim guidelines on Maritime Cyber Risk Management)

NATURE OF THE CYBER DAMAGES ACCIDENTAL INTENTIONAL CYBER SAFETY CYBER SECURITY THREE DIFFERENT TYPES OF DAMAGE 1. Direct damages 2. Indirect damages 3. Third party damages Source: «Netdiligence claims study 2015»

EFFECTS AND CONSEQUENCES OF CYBER ATTACKS • Data theft • Financial losses suffered by activities interruption • Financial losses suffered by financial fraud • Material damage for clients and for the enterprises • Bear the cost of the communications for third parties • Bear the cost of legal advice and consultancy. • Loss of intellectual property rights • Reputation problems

CYBER RISK AND THE COVER PROVIDED BY TRADITIONAL LINES OF INSURANCE

CYBER RISKS AND MARINE INSURANCE: AN OPEN ISSUE FOR CARGO AND HULL POLICIES TODAY CYBER ATTACK EXCLUSION CLAUSE (Cl. 380) 10/11/2003 “ 1. 1 Subject only to clause 1. 2 below, in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process or any other electronic system. 1. 2 Where this clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, Clause 1. 1 shall not operate to exclude losses (which would otherwise be covered) arising from the use of any computer, computer system or computer software programme or any other electronic system in the launch and/or guidance system and/or firing mechanism of any weapon or missile”

CYBER RISKS AND MARINE INSURANCE: AN OPEN ISSUE FOR CARGO AND HULL POLICIES TOMORROW CYBER GAP COVER

CYBER RISKS AND MARINE INSURANCE: AN OPEN ISSUE FOR CARGO AND HULL POLICIES HOW MANAGE AND DETECT CYBER RISKS IN SHIPPING? A) FAIR PRESENTATION OF THE MARINE CYBER RISKS: 1. Insurance Consultant 2. Risk Assessment 3. Insurance Questionnaire 4. Preparation Insurance Coverage C) LOSS PREVENTION 1. Cyber Security Assessment 2. Cyber Security Plan B) RISKS TO BE COVERED: 1. First Party Damages 2. Third Party Damages

CYBER RISKS AND SEAWORTHINESS: AN OLD WARRANTY FOR A NEW DUTY IN GENERAL TERMS SEAWORTHINESS CAN BE DEFINED: AS A «QUALITY» OF THE VESSEL, OR THE ELEMENT WHOSE PRESENCE CAN BE DEDUCED FROM THE EXISTENCE OF THE MINIMUM CONDITIONS REQUIRED FOR SAFE MARITIME NAVIGATION IN RESPECT OF PASSENGERS, CARGO AND SHIPS ITSELF.

CYBER RISKS AND SEAWORTHINESS: AN OLD WARRANTY FOR A NEW DUTY HOW MANAGE CYBER-SEAWORTHINESS? a. SAFETY MANAGEMENT SYSTEM b. INFORMATION TECHNOLOGY ASSEST c. DATA d. DATA CONTROLLER SYSTEMS

CYBER RISKS AND SEAWORTHINESS: AN OLD WARRANTY FOR A NEW DUTY IN CONCLUSION THE SEAWORTHINESS IN CYBER RISKS IT WOULD IMPOSE TO INTERPRET THE CONCEPT OF SEAWORTHINESS IN A BROADER SENSE BECAUSE BREACH OF THIS DUTY MAY ARISE FROM A SHIPPING COMPANY AND ALSO AFFECT THE VESSEL

THANK YOU FOR YOUR ATTENTION ADV. ENRICO MOLISANI