Clause 380 a controversy at IUMI 2018

The Institute cyber-attack exclusion clause, better known as Clause 380, divided opinion at this week’s IUMI 2018 conference, held in Cape Town, South Africa. While most participants who mentioned the clause accepted that it was not ideal, the difference was on what should be done about it. Some underwriters felt that it was best to keep it until a thorough review came up with a sound basis under which cyber could be included or excluded from a marine policy, while others felt that it was not fit for purpose and needed to be scrapped.

Naval Dome was firmly in the latter camp. It has called on marine insurers to revoke the Clause CL 380 and to implement policies that insure against the risk of cyber-attacks on ship systems.

CEO Itai Sela said that, with the maritime industry increasingly moving towards connected, cloud-based technologies and autonomous operation, a 15-year-old Clause that excluded damage to computer systems, code or software is archaic.

Subject only to clause 1.2 below, in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software program, malicious code, computer virus or process or any other electronic system. 2.1: Where this clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, Clause 1.1 shall not operate to exclude losses (which would otherwise be covered) arising from the use of any computer, computer system or computer software program or any other electronic system in the launch and/or guidance system and/or firing mechanism of any weapon or missile.

“Why do insurers continue to implement CL 380 when there is a high probability that a computer will be hacked and, importantly, when there are many different ways and means of protecting shipboard computer systems?” Sela asked, adding that “What we have is an industry on the cusp of a technological change. The rapid implementation of advanced autonomous technologies and machine learning capabilities will change the way in which ships are operated, but such developments will also leave the industry open to more system breaches and unauthorized intrusion unless there are systems and policies in place to mitigate against such risks.”

Sela suggested the maritime industry should follow the automotive sector’s lead. The sector has introduced software-based safety solutions to road vehicles that, despite not being initiated by the insurer, have proven to protect drivers (and insurers) against theft or damage, which helps towards mitigating risk and reduce premiums.

“Why then, considering the current evolving maritime situation and the increase in cyber-attacks – which the insurance sector repeatedly warns of a need to protect against – is there no cyber insurance policy? Sela asked.