The grounding of the giant container vessel, the Ever Given in the Suez Canal had an immediate supply chain impact, coupled with the potential for substantial claims. Whilst the likes of specialist marine brokers McGill and Partners estimating losses in excess of $100 million, analysts at Morgan Stanley claim insured losses will be minimal, since there was no damage to the ship’s hull nor cargo and the refloating costs are relatively small.

Although direct insurance losses appear to have been extremely small when total losses arising from loss or damage to the vessel and/or its’ cargo, the overall claims could still be significant. With the ship grounded, totally blocking transit for 422 vessels, the supply chain losses have been estimated to be between $6-10 billion per day (Allianz estimate), with the Suez Canal Authority losing around $16 million per day in lost revenues (Refinitive estimate).

The reason for the grounding is still being investigated; however the Egyptian authorities so far have blamed the grounding on high winds and a sandstorm. Regardless of the cause of this current accident, the result was a disruption of more than 10% of global trade. According to marine analysts, such an event has been in the making for many years.

Financial implications arise from potential claims against the vessel owner and/or operator for consequential losses arising from delays in accessing the Suez Canal and may take years of litigation to resolve. The party most likely to cover such losses will be the protection and indemnity club that provides insurance through the pooled scheme covering the majority of the global fleet. This will feed into the global reinsurance market and with this being structured via a panel of providers the impact upon a single reinsurer will be manageable.

The Lesson for Cyber Impacts

Whilst the present incident appears to have been caused by naturally occurring events – high winds, a sandstorm and low visibility, the lesson should be that such instances may occur through hostile actions such as a cyber attack.

Certain geographical locations offer opportunities to threat actors, where the location of a vessel is effectively pre-determined (the alternative to the Suez Canal is a rounding of the Cape of Good Hope, adding 10 days transit time and vastly higher fuel and operating costs).

With tracking of vessels free to access online, coupled with ship-specific data, there are ever-increasing windows of attack by targeting specific IT/OT vulnerabilities. The global regulator, the International Maritime Organisation (IMO) has long recognised this and moved to instate cyber risk management requirements for all vessels as from January 2021.

However, the marine sector is one with threadbare margins and seeks to continually reduce operating costs through increased automation and outsourced provision of non-core activities. This combination makes for the likelihood of a cyber-induced major incident involving vessels of the class of the Ever Given increases over time. Using Quantar’s CyCalc® predictive cyber threat analytics can provide deep insight into a vessels vulnerabilities, its IT/OT interdependencies, as well as providing data support to fleet owners and their P&I Clubs.

Contact us for further information on how Quantar can provide financial quantification of cyber threats.