Danish shipping giant Maersk has reported that the recent cyberattack which shut down its computer systems has cost a massive USD200-300 million in lost revenue, due to business interruption.

Maersk is one of the world's top two shipping lines, holding approximately 18% of the global container trade market. The 'Petya' / 'NotPetya' cyber-attack hit Maersk in June 2017, requiring it to shut down a number of its infected networks as a precaution while it took steps to contain the incident. During the shutdown period, no containers were delivered.

Similarly, international logistics company FedEx recently reported that it anticipates significant losses from the Petya attack as a result of lost revenue. FedEx also confirmed that it does not have cyber or other insurance in place to cover these losses.

Recent ransomware incidents – including 'Wannacry' and 'Petya' – have shown that the potential for the transport industry to be impacted by cyber incidents is very high, due to:

  1. The interconnectedness of players in the supply chain: To move goods across borders involves not only exporters and importers but also port operations, security, customs, forwarders, port agents, container yard operators, hauliers, screening and biosecurity services, surveyors, warehouses and distributors. Numerous interactions occur around this port user community as movements of goods are scheduled, coordinated, tracked andrescheduled, or information about the goods is shared and updated. This generates a high frequency of interaction among multiple parties. Common contingencies such as changed instructions or terminal queues will add yet more interactions.
  2. Under-resourced supply chain participants: The large number of small to medium enterprises (SMEs) networked in the supply chain are not sufficiently resourced to use latest security patches, or have not upgraded their antivirus protection, or have not undertaken adequate staff training around cyber risk. This increases the risk of both an attack succeeding, and it penetrating a number of systems. In the supply chain, time is of the essence and emails are often acted on swiftly increasing the risk that a phishing attack will succeed.
  3. Low value services provided: The value of goods and the business interruption implications of the supply chain being broken or stopped are many times a multiple of the cost of the services being provided and/or the earnings of the individual SME participants. The loss exposure to customer claims is heightened if perishable goods are involved, and particularly so if cold chain integrity has been compromised (as it will be if continuous temperature records are not available). A single carrier's own business interruption costs are potentially no more than the tip of the liability iceberg.

How cyber insurance can minimise losses

To reduce the costs of a cyber incident, transport companies should progressively improve their systems and training and also consider purchasing cyber insurance to cover business interruption losses arising from a cyber event.

While cyber insurance policies have been available in the international market for some time, cyber insurance is relatively new in Australia. Despite recent headlines, a recent survey suggests that the uptake of cyber insurance remains slow.

Anecdotally, there are reports that instead of purchasing cyber cover, many organisations are investing in cyber security defence infrastructure. While this is commendable, it is important to recognise that there is no such thing as perfect security. The cyber threat landscape is constantly evolving, so even the most robustly protected networks will always remain vulnerable.

Take away

Transport and logistics businesses have specific vulnerabilities (and attractions to cyber criminals) which make it all the more important for them to defend their operations, reputations and valuable customer relationships from cyber threat. As the consequences of a cyber breach become better understood, robust action will restore customer trust and help to create competitive advantage.

IT solutions are central to defending against cyber attacks. But cyber incidents are often caused by non-technical failures such as human error, or failures of third party vendors with access to an organisation's network or information.

We recommend that transport companies and those businesses highly reliant on their supply chain focus on improving their ability to respond to cyber incidents and mitigate losses. This includes establishing and testing incident response protocols. Organisations should also consider whether cyber insurance is appropriate as a way of transferring cyber risk.