Fathom World

Mapping the transformation of shipping and the oceans

Digital & ElectronicsFeatured

Counting the costs of an Asian ports cyber-attack

A new report from CyRiM calculates that a cyber-attack on 15 ports in Asia-Pacific could result in losses of around $110bn in addition to major disruptions to global trade.

A single cyber-attack on major ports across Asia-Pacific could result in losses worth $110bn, says a new report from Cyber Risk Management (CyRiM), a research project led by Nanyang Technological University in collaboration with Lloyd’s of London and the University of Cambridge Centre for Risk Studies. To put this into context, the report’s authors note that while this represents “an extreme scenario in which a computer virus infects 15 ports across Japan, Malaysia, Singapore, South Korea and China”, it nevertheless equates to roughly half of the entire $225bn in losses incurred from all 394 natural catastrophes recorded last year.

“World trade depends on the reliability and health of the international shipping industry,” the report states, noting that the sector is responsible for 90% of world trade by volume. “Almost every aspect of the shipping industry lends itself to cyber means. Global positioning satellites (GPSs) allow ships to stay on course, reducing waiting times. Marine Automatic Identification Systems (AISs) track and monitor ships, allowing suppliers and customers to know where their goods are and allowing for ‘just in time’ timelines to develop for fewer spoiled goods and wasted warehouse time. Electronic Chart Displays and Information Systems (ECDISs) and the associated digital nautical charts mean fewer crew members are needed, keeping costs down. These are only a few of the technologies that have allowed the maritime industry to grow and continue supporting world trade.”

However, the 85-page report, entitled Shen Attack: Cyber Risk in Asia Pacific Ports, argues that the global economy “is underprepared for such an attack with 92% of the total economic costs uninsured, leaving an insurance gap of $101bn”. Moreover, according to “the plausible scenario depicted in the report”, an attack via a computer virus carried by ships “could scramble the cargo database records at major ports and lead to severe disruption”. Indeed, even if such a virus only directly affected ports in Asia-Pacific, the “economic losses would be felt around the world due to the global interconnectivity of the maritime supply chain”.

“An attack of this scale targeted at ports would cause substantial economic damage to a wide range of businesses through reduced productivity and consumption, incident response costs and supply chain disruption,” Lloyd’s states. In terms of the most affected sectors, the report estimates that transport, aviation and aerospace would be the hardest hit, incurring total losses of $28.2bn. Meanwhile, manufacturing would likely incur losses of $23.6bn, followed by retail with losses of $18.5bn.

With productivity losses affecting “each country that has bilateral trade with the attacked ports”, the report perhaps unsurprisingly identifies Asia as the worst effected region, suffering indirect economic losses of $27bn. This compares to $623m in Europe and $266m in North America. The report also calculates that ‘Business interruption’ and ‘contingent business interruption’ insurance coverages “would be the main drivers of the insured losses”. In the most extreme scenario, these would together account for some 60% of total losses.

At the same time, ‘non-affirmative cyber’, viz cyber risk that is not explicitly mentioned in an insurance policy, would account for up to 57% of the total insured losses. Breaking this down, the authors note that 50% of the total insured losses would arise from port operators; 21% from companies “along the supply chain”; and 16% from logistics and cargo handling firms. Of these loses, non-affirmative cyber claims would account for 63%, 89% and 65%, respectively. Additionally, ship management companies would carry 3% of the total insured losses, of which 87% would be under a non-affirmative cyber policy, and ship owners less than 1%, with all such claims being non-affirmative cyber in nature.

“Cyber risk is one of the most critical and complex challenges facing the Asia-Pacific maritime industry today,” says Lloyd’s Singapore Country Manager Angela Kelly. “As this risk grows with the increasing application of technology and automation in the industry, collaboration and future planning by insurers and risk managers is critical. With nine out of 10 of the world’s busiest container ports based in Asia, and high levels of underinsurance in the region, this exposure must be addressed.”

Taking its name from a shapeshifting Chinese clam monster, the Shen Attack report analyses the effects of a hypothetical cyber-attack based on three levels of increasing severity: one that is limited to six ports across Japan, Malaysia and Singapore; a second that also includes three more ports in South Korea; and a third that adds another six in China, which Lloyd’s describes as “the world’s largest shipping export country”.

Copies of the report can be freely downloaded as a PDF here:

About Author

Brian Dixon is a business and industry journalist with more than 20 years' experience writing about ports and logistics. A member of the Chartered Institute of Journalists, he has covered stories on six continents. He divides his time between the UK and East Asia