Warm Welcome for BIMCO Cyber Security Clause for Shipping Contracts

BIMCO, the world’s largest shipping association, is finalising a cyber security clause for charter party agreements and other contracts.

The move follows a spate of high-profile cyber attacks on Maersk, Cosco and shipbroker Clarksons.

The BIMCO cyber security clause will require parties to the contract to have “plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident”.

The association said: “Mitigating the effect of a cyber security breach is of paramount importance. The clause requires the affected party to notify the other party quickly, so that they can take the necessary counter-measures.”

The association added that the cyber clause was designed for use in a broad range of contracts, which means it can also cover arrangements with service providers, such as brokers and agents.

It will stipulate that, in the absence of an amount agreed during negotiations, the claims liability of each party to the contract will be limited to a maximum of $100,000.

BIMCO said the clause would fulfill two important functions: to raise awareness of cyber risks; and provide a mechanism for ensuring that parties to the contracts have procedures and systems in place to help minimise the risk of an attack, but if it does happen, to “mitigate the effects of such an incident”.

The clause is being drafted by a small team led by Inga Froysa, chief legal and compliance officer of Olso-based shipping group Klaveness, in association with other companies, including the UK P&I Club, and is due to be published in May next year.

Supporting the BIMCO team is law firm HFW. Senior associate William MacLachlan said: “As the shipping industry wrestles with how to respond to the cyber threat, this clause aims to lay down a benchmark for cyber security measures and explicitly address the question of liability for a cyber security incident.”

HFW is also helping BIMCO draft charter party clauses relating to the IMO’s 0.5% sulphur cap regulations, which become law on 1 January 2020.

The NotPetya virus that hit Maersk’s booking and operating systems in summer 2017 cost the transport and logistics group around $300m in contingency costs and lost bookings, although it arguably suffered a far greater cost to its reputation, despite the fact it was not the intended victim but rather “collateral damage”, in the words of industry analyst Lars Jensen.

Shipbrokers The Loadstar spoke to today have welcomed the BIMCO cyber clause, one broker saying it was “long overdue” and another that the attack on Clarksons in November last year had “focused the industry” on the need to protect itself.

Meanwhile, Naval Dome, an Israel-based cyber security platform developer, praised BIMCO for the inclusion of a limited liability clause. Chief executive Itai Sela said it could make cyber insurance-related policies a “potentially more attractive proposition for the insurer”.