Cyberattack as a covered danger in marine insurance

Michalopoulos, Theofanis; Μιχαλόπουλος, Θεοφάνης

dc.contributor.advisor	Daniil, Georgios
dc.contributor.advisor	Δανιήλ, Γεώργιος
dc.contributor.author	Michalopoulos, Theofanis
dc.contributor.author	Μιχαλόπουλος, Θεοφάνης
dc.date.accessioned	2023-11-13T14:03:49Z
dc.date.available	2023-11-13T14:03:49Z
dc.date.issued	2022-12
dc.identifier.uri	https://dione.lib.unipi.gr/xmlui/handle/unipi/15893
dc.identifier.uri	http://dx.doi.org/10.26267/unipi_dione/3315
dc.format.extent	88	el
dc.language.iso	en	el
dc.publisher	Πανεπιστήμιο Πειραιώς	el
dc.rights	Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα	*
dc.rights.uri	http://creativecommons.org/licenses/by-nc-nd/3.0/gr/	*
dc.title	Cyberattack as a covered danger in marine insurance	el
dc.type	Master Thesis	el
dc.contributor.department	Σχολή Ναυτιλίας και Βιομηχανίας. Τμήμα Ναυτιλιακών Σπουδών	el
dc.description.abstractEN	This work was concerned with the following essential elements concerning the coverage of the insurance risk deriving from the cyber-attack on maritime transport. In particular, cyberspace, as it has drastically penetrated the shipping industry, its lack or malfunction creates damage and losses to shipping giants with the biggest examples being Moller Maersk and Cosco, and many other examples worth millions of dollars each (company). The types of cyberattack, such as Ransomware, Phising, Wi-fi, DDos, used by different types of actors (crackers) such as activists, criminals, opportunists, terrorists, are sometimes detected, sometimes not, and the need to delineate the elements of the cyberattack, i.e. the illegitimacy, the mode of action, the motive of action and the eventual result of damage or loss in extent, temporal and financial, has firstly mobilized the companies themselves to secure themselves within their own structures by using IT departments as internal or external partners, but further from 2016 onwards, with the pioneer once again, the International Maritime Organization is the start of engaging maritime organizations and bodies to combat cyberattacks, with the aim of restoring the safe use and operation of cyberspace, which was followed by the Security Committee in 2017, the international shipping organizations in the same year, while the International Organization for Standardization and the European General Data Protection Regulation (GDPR) assisted in this move. In June 2016, the “Interim Guidelines on Maritime Cyber Risk” is published by the International Maritime Organization as a guide that provides recommendations for cyber risk management at a proactive cyber security level. On 5 July 2017, these recommendations are being replaced by a full set of guidelines with the same objective as above ``Guidelines on Maritime Cyber Risk Management'', which was heavily influenced by the document published two months ago ``Measures to Enhance Maritime Security'' '' which was presented at the 98th Meeting of the Marine Safety Commission in the United States of America. All of the above promoted the adoption of the resolution "Maritime Cyber Risk Management in Safety Management Systems'' of June 16, 2017, which was integrated into the then already existing safety management systems (SMS), which began to be implemented in the form of compliance by shipping companies for cyber security from 1-1-2021. Alongside these moves, in 2017 international shipping organizations jointly reissued the third edition of the International Shipping Organization's guidelines, "The Guidelines on Cyber Security Onboard Ships", which assists companies in developing appropriate cyber risk management. Finally, in all these mobilizations carried out for cyber security, the use of the ISO/IEC27001 standard on Information technology and the European Organization for the protection of personal data, which were used and are used for prevention purposes in the event of a cyberattack, had a very important contribution. In any case, however, the protection against damage or loss of each company or organization is a continuous and permanent request in the risk insurance market, calling on underwriters to do what managers are called to do in cases of difficult choices, to think out of the box, in order to be able to respond to the new development of the market in general and of the buying public of insurance today. From the research data, which were presented and analyzed in this paper, the conclusion of an internal desire of insurers to insure cyber risk and an external reluctance to document and formulate in a concrete way the cyber risk they insure, having covered the extent of the possible damage or loss of the companies as well as the period of time that it will be active. In my view it must be recognized that the work of underwriters is not easy, as the cyber risk, to be covered in its entirety, will create a risk financially unprofitable for insurers, which from measurements and statistics is the reason why there is the aforementioned external reluctance of insurers to insure it. The extent of the risk, the uncertainty and the non-existence of stable variables that characterize the cyber risk and its effects, prevent insurers from satisfying this insurance risk in its entirety. So the reservations that justifiably exist on the part of insurers are a case study, which we notice is being resolved gradually and methodically. The thirteen (13) P&I Clubs and their group, which are responsible for civil liability in cases of conflict, take a conservative stance both in insuring the risks arising from maritime cyber-attacks and in the use of clause 380, the opt-out clause, which they slightly complement in some cases, especially in cases of specifically excluding cyber risk insurance from electronic freight transactions. Lloyd's of London insurance market is introducing a new maritime cyberattack exclusion clause at the end of 2019, replacing the above, making it mandatory for any new war risk or Hull & Engine ship and engine insurance contract. Machinery, while they created several new insurance products which are now available on the market. Finally, the International Insurers Association (IUA) publishes two new clauses, the Cyber Loss Absolute Exclusion and the Limited Cyber Loss Exclusion, which were published in June 2019, offering a clear wording in relation to Clause 380 mentioned above. From the above it is observed that the insurance markets in the new era requests for cyber insurance move conservatively using the already existing insurance risks mentioned in the Act 1906 and 2015, while introducing innovations mainly in the exclusion clause for the insurance of the said risk, the cyber risk. In my view, all this fluidity that has arisen on the question of insurance cover for cyber risk in maritime transport, is to be delineated when the English courts take up their position on this issue. However, in order for this to be implemented, first there should be in the world of contracts the coverage of the insurance risk of the cyberattack, which until now in practice the reluctance of the insurers creates an obstacle for things to evolve and the situations to be consolidated. Of course, this does not mean that the insurers are obliged to do so, as the risk insurance is a contract in which the parties to the insurance contract have rights and obligations after it is signed, as before the signature the right of freedom of contract or not applies. No one is forcing them to do so, and the insurers themselves are placing their financial benefit on a future and uncertain future. As a result, the use of cyberspace gives companies the speed of information and the accuracy of the company's movements in the market, increasing quantitatively the property benefit and qualitatively the supply and demand of the buying public. A price is the antithesis of the positive use of cyberspace, the cyber risk of a cyberattack, which at the punitive level, in which there is damage or loss to the company, which insurers are asked to cover. However, their only pressure, as it has always been and continues to be, is the constant and continuous demand for insurance risk coverage from the market, justifying them in my view, as there is the great risk of the future and uncertain coverage of the cyber risk they will receive, if the latter has not been defined and specified first, something which also needs its time to complete its cycle like all the elements in nature which are under the natural process of “metabolism”.	el
dc.contributor.master	Shipping Management	el
dc.subject.keyword	Cyber-attack	el
dc.subject.keyword	Κυβερνοεπίθεση	el
dc.subject.keyword	Ασφαλιστικός κίνδυνος	el
dc.subject.keyword	Insurance risk	el
dc.subject.keyword	Insurance hazard	el
dc.subject.keyword	Piracy	el
dc.subject.keyword	Κάλυψη	el
dc.subject.keyword	Cover	el
dc.subject.keyword	Danger	el
dc.subject.keyword	Insurer	el
dc.subject.keyword	Underwriter	el
dc.subject.keyword	Cybersecurity	el
dc.subject.keyword	Κυβερνοασφάλεια	el
dc.subject.keyword	Marine insurance	el
dc.subject.keyword	Θαλάσσιες μεταφορές	el
dc.date.defense	2023-11-10

Αρχεία σε αυτό το τεκμήριο

Name:: assignment cyberattack as a ...
Μέγεθος:: 1.232Mb
Τύπος:: PDF
Description:: Master thesis

Προβολή/Άνοιγμα

Αυτό το τεκμήριο εμφανίζεται στις ακόλουθες συλλογές

Τμήμα Ναυτιλιακών Σπουδών
Department of Maritime Studies

Εμφάνιση απλής εγγραφής

Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα

Εκτός από όπου διευκρινίζεται διαφορετικά, το τεκμήριο διανέμεται με την ακόλουθη άδεια:
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα