Standard Club highlights cyber security risks for charterers

Standard P&I Club issued an article  focusing on the effect of cyber crime on charter parties. For charterers, the major risks are financial loss and data theft, which can lead to reputational damage, lawsuits, business interruption and regulatory action.

A 2016 PWC Global Economic Crime Survey recorded cyber crime as ‘the fastest growing global economic crime’, with Forbes projecting the cost of

cyber crime to reach $2 trillion by 2019.

The fraudulent diversion of hire and freight is becoming increasingly common. Hackers infiltrate an email system to find out the details of business contacts. They then email the charterer impersonating the accounts department of a payee to redirect payment, either attaching an invoice with a specified bank account or specifically requesting hire to be paid into a different account than normal. Often the email address used by the hacker is almost identical to the email address of the true counterpart, with only a small variation which can easily go unnoticed.

It is not always apparent that a charterer has fallen victim to cyber crime until the owner complains that hire is unpaid. Generally, hire is only considered paid when the funds have been received in the owner’s designated bank account. Therefore, if the charterer makes a payment which does

not reach that account within the payment date, the charterer will be in breach of the charterparty. The owner may then be entitled to withdraw the vessel from service if the charterer does not pay again pursuant to the terms of any anti-technicality clause. This can result in the charterer paying twice.

Whilst operators cannot always prevent a cyber-attack from occurring, they can seek independent legal advice to protect their position contractually, for example, by:

    making ‘Cyber Event’ a defined term

    including a clause allowing more time to pay in the event of a Cyber Event

    including ‘Cyber Event’ as an offhire event in the off-hire clause

    excepting ‘Cyber Event’ from laytime and demurrage.

The Club advises the following:

    Always check email addresses carefully, especially when discussing payment details.

    Be aware. Treat any changes in the communication style or form with suspicion.

    Cross-check any bank account provided in the email against the bank account details contained in the charterparty.

    If you have any suspicions, do not respond by email as it may be intercepted.

    Always telephone the payee to verify the bank details.