Cyberattacks on APAC Ports: The Potential Economic ImpactReport Concludes Economic Losses Would Be Global
A new study produced in partnership with Lloyd's and other insurers concludes that a single virus attack affecting 15 major ports across Singapore, China, Japan, South Korea and Malaysia potentially could lead to losses of up to $110 billion worldwide. The impact would be so large because of the interconnectivity of the maritime supply chain, researchers say.
See Also: Role of Deception in the 'New Normal'
The report, prepared by the University of Cambridge Center for Risk Studies on behalf of the Cyber Risk Management Project, was designed to illustrate the risks posed by port attacks.
The report looked at various scenarios of attacks, with the least severe scenario leading to loss of $40.8 billion and the worst-case scenario amounting to losses of $110 billion. The losses were calculated by a mock-up of the impact of a computer virus carried by ships that scrambles cargo database records at the ports.
The study notes that so far, cyberattacks have impacted only individual ports, and an attack on systematic vulnerabilities across ports of this scale has never happened. "However, the combination of aging shipping infrastructure and globally complex supply chain makes the shipping industry vulnerable to extreme losses," the report states.
The new report "highlights the need for effective risk management, which includes a clear and comprehensive understanding of the risks and mitigating factors in the global supply chain," says Elizabeth Geary, global head of cyber at insurance company TransRe, another co-producer of the report.
Economic losses from an attack targeting APAC ports would affect almost all sectors with business interruptions, the report states. Transportation, aviation and aerospace sectors would be the most affected with losses amounting to $28.2 billion followed by manufacturing sector at losses up to $23.6 billion and retail sector with losses of $18.5 billion," according to the report.
Asia has nine of the world's 10 busiest ports, and these are a crucial part of the supply chains for companies across the world.
Lack of Insurance
The report concludes that 92 percent of the total economic costs stemming from ports attacks would be uninsured.
"Comparing the insurance loss estimates to the economic losses shows insurance industry losses are between 8 per cent and 9 per cent of the total economic loss, which shows that there are high levels of underinsurance for this type of cyberattack," the report notes.
Angela Kelly, Singapore country manager at Lloyd's, notes that cyber risk is one of the most critical and complex challenges facing the Asia Pacific maritime industry.
"As this risk grows with the increasing application of technology and automation in the industry, collaboration and future planning by insurers and risk managers are critical," she says.
The shipping industry across the world has been targeted by cybersecurity incidents.
In 2018, a ransomware attack affected the Port of San Diego, disrupting the commercial shipping industry (see: Ransomware Crypto-Locks Port of San Diego IT Systems).
In June 2017, the NotPetya ransomware attack affected Danish shipping giant A.P. Møller - Maersk, the world's biggest shipping firm. The company was then forced to reroute ships and was unable to dock or unload cargo ships in dozens of ports (see: Maersk Previews NotPetya Impact: Up to $300 Million).
Maersk estimated that it would lose about $300 million because of the ransomware outbreak.
And the U.S. Coast Guard recently issued a warning about malware (see: Malware on the High Seas: US Coast Guard Issues Alert)