Increasingly popular electronic bills of lading are, by their nature, susceptible to the risk of cyber attack. Here, Standard Club considers the P&I cover position should a claim arise.

By
Philip Stephenson, Standard Club,

If a P&I claim arises as a result of a cyber attack on an electronic bill of lading, a member would be covered as long as the cyber attack does not constitute ‘terrorism’ (or another war risk) under the club’s war risks exclusion. The member’s normal P&I cover would respond to covered losses arising, provided the electronic trading system being used had been approved by the club’s managers.

Cyber attacks on e-Bills of Lading would likely be covered by P&I Club cover

Liabilities arising out of the use of an electronic trading system approved by the managers are expressly excepted from the electronic trading exclusion in the club’s rules (that is that the rules do not exclude liabilities arising under an approved electronic trading system – they only exclude liabilities arising under a non-approved electronic trading system to the extent that such liabilities would not have arisen under a paper trading system). As such, P&I liabilities arising out of the use of such approved electronic systems are covered, although cover would still be subject to the normal exclusions applicable under the club’s rules.

There are currently three electronic trading systems that have been approved by Standard Club’s managers (along with the other International Group clubs), being essDOCS, Bolero and E-Title.

As a general principle, there is no specific cyber exclusion in Standard Club’s rules or in the International Group Pooling Agreement. This being the case, if such an approved electronic trading system were hacked into, resulting in a claim, the member’s P&I cover would continue to respond unless the hacking event were deemed to be ‘terrorism’ (or another war risk) under the war risks exclusion in the club’s rules.

If an approved electronic trading system were hacked into, resulting in a claim, the member’s P&I cover would continue to respond unless the hacking event were deemed to be ‘terrorism’

Whether or not an act constitutes terrorism will largely depend on the motivation behind the act. In the context of war risks, terrorism has broadly been understood by English courts to generally mean an act or acts aimed to kill, maim or destroy indiscriminately for a political, religious or ideological cause. It is difficult to envisage that someone would hack into an electronic trading system for the purposes of killing, maiming or destroying indiscriminately for such a cause. The most that could result would appear to be, say, a mis-delivery claim. As such, it is unlikely that the act of hacking into an approved electronic trading system would constitute ‘terrorism’ for the purposes of the war risks exclusion. The member’s normal P&I cover should, therefore, continue to respond to a resulting mis-delivery claim.

However, the question of whether or not an act constitutes terrorism for the purposes of a P&I Club’s rules and, therefore, whether a member’s normal P&I cover responds would ultimately be decided by the club’s board and their decision is final.

Philip Stephenson is regional claims director at Standard Club. He can be contacted on philip.stephenson@ctplc.com or +30 210 429 1864.