What is P&I cover for cyber risks if an electronic trading system goes wrong?

Standard Club has noted that some shipowners choose to use electronic bills of lading (EBoLs) rather than traditional paper bills. Standard Club said that by their very nature such EBoLs were susceptible to cyber attack, and reported that some members had asked what there insurance position would be in the event of such an attack causing them a loss.

The Club said that, provided the cyber attack did not constitute ‘terrorism’ or another war risk that would be subject to the club’s war risks exclusion, then the member’s normal P&I cover would respond to covered losses arising, provided the electronic trading system being used had been approved by the club’s managers.

Some confusion appeared to have arisen because there was an electronic trading exclusion in the Club’s rules. Standard clarified that liabilities arising out of the use of an electronic trading system approved by the managers were expressly excepted from the electronic trading exclusion in the club’s rules, which only excluded liabilities “arising under a non-approved electronic trading system to the extent that such liabilities would not have arisen under a paper trading system”.

Therefore P&I liabilities arising out of the use of approved electronic systems were covered, although cover would still be subject to the normal exclusions applicable under the club’s rules.

The three electronic trading systems currently approved by the club’s managers (along with the other International Group clubs), are essDOCS, Bolero and E-Title.

The Club went on to note that, as a general principle, there was no specific cyber exclusion in the club’s rules or in the International Group Pooling Agreement. “This being the case, if such an approved electronic trading system were hacked into, resulting in a claim, the member’s P&I cover would continue to respond unless the hacking event were deemed to be ‘terrorism’ or another war risk. Whether or not an act constituted terrorism would largely depend on the motivation behind the act.”

In the context of war risks, terrorism has broadly been understood by English courts to generally mean an act or acts aimed to kill, maim or destroy indiscriminately for a political, religious or ideological cause. Standard Club observed that it was “difficult to envisage that someone would hack into an electronic trading system for the purposes of killing, maiming or destroying indiscriminately for such a cause”, since the most that could result would appear to be, say, a misdelivery claim.

“As such, it is unlikely that the act of hacking into an approved electronic trading system would constitute ‘terrorism’ for the purposes of the war risks exclusion. The member’s normal P&I cover should, therefore, continue to respond to a resulting misdelivery claim”, Standard Club said, although it noted that “the question of whether or not an act constitutes terrorism for the purposes of the club’s rules and, therefore, whether a member’s normal P&I cover responds would ultimately be decided by the club’s board” whose decision would be final.