Web Alert: P&I cover for cyber risks arising out of the use of electronic trading systems
News & Insights 18 October 2017
Electronic trading systems are, by their nature, susceptible to the risk of cyber attack. What would the P&I cover position be should a claim arise under those circumstances?
Some shipowners choose to use electronic trading systems (electronic bills of lading), rather than traditional paper bills. However, these systems are, by their nature, susceptible to the risk of cyber attack. What would the P&I cover position be should a claim arise under those circumstances?
As long as the cyber attack does not constitute ‘terrorism’ (or another war risk) under the club’s war risks exclusion, then the member’s normal P&I cover would respond to covered losses arising, provided the electronic trading system being used had been approved by the club’s managers.
Liabilities arising out of the use of an electronic trading system approved by the managers are expressly excepted from the electronic trading exclusion in the club’s rules (ie the rules do not exclude liabilities arising under an approved electronic trading system – they only exclude liabilities arising under a non-approved electronic trading system to the extent that such liabilities would not have arisen under a paper trading system). As such, P&I liabilities arising out of the use of such approved electronic systems are covered, although cover would still be subject to the normal exclusions applicable under the club’s rules.
There are currently three electronic trading systems that have been approved by the club’s managers (along with the other International Group clubs), being essDOCS, Bolero and E-Title.
As a general principle, there is no specific cyber exclusion in the club’s rules or in the International Group Pooling Agreement. This being the case, if such an approved electronic trading system were hacked into, resulting in a claim, the member’s P&I cover would continue to respond unless the hacking event were deemed to be ‘terrorism’ (or another war risk) under the war risks exclusion in the club’s rules.
Whether or not an act constitutes terrorism will largely depend on the motivation behind the act. In the context of war risks, terrorism has broadly been understood by English courts to generally mean an act or acts aimed to kill, maim or destroy indiscriminately for a political, religious or ideological cause. It is difficult to envisage that someone would hack into an electronic trading system for the purposes of killing, maiming or destroying indiscriminately for such a cause. The most that could result would appear to be, say, a mis-delivery claim. As such, it is unlikely that the act of hacking into an approved electronic trading system would constitute ‘terrorism’ for the purposes of the war risks exclusion. The member’s normal P&I cover should, therefore, continue to respond to a resulting mis-delivery claim.
However, the question of whether or not an act constitutes terrorism for the purposes of the club’s rules and, therefore, whether a member’s normal P&I cover responds would ultimately be decided by the club’s board and their decision is final.