ETO X: The anonymous voice of ETOs.
Where do ETO responsibilities end when it comes to keeping systems safe from attackers, and is cyber–insurance becoming more of a necessity? Not all ETOs are aware that Clause 380 excludes cyberattacks from standard policies, but with more viable insurance choices now coming to market we talked to an ETO about their thoughts. We also look forward to our September MYS special edition, where we will be bringing you a range of insurance options that include cybersecurity protection.
“I try very hard to not get sucked into all the current propaganda surrounding cyber–danger. After all, I’m busy enough with the day to day running of on board tech, and as we reach mid-season this has never been truer. However, I do find myself worrying about how I would go about solving the issues that an attack could cause; that were something to happen that I could ‘t solve, owners and guests may face very upsetting consequences such as money loss and identity theft.
As an Electro-Technical Officer on a superyacht, it is my job to provide excellent technical support to high-profile clients with a lot of technology. In theory, I believe that with the right systems in place the right protection should follow, and that this will always be enough to ensure cybersecurity. However, in practice I do sometimes wonder that with cyberattacks posing such a heightened risk to those with high-status and wealth, it might be prudent to have some kind of additional safety blanket. I did previously consider whether for particularly high-profile boats a special Cybersecurity Officer would be a good addition to the team. Giving the matter more thought though, the relatively small chance that a terrible cyberattack could happen would likely not be enough to convince owners that a whole new staff-member is needed. This may be a job role that gains more validity though, as hacking technology continues to develop.
Another option to explore is insurance. However, I have come to understand that most/all general yacht insurance policies have a section in them called Clause 380, which is basically a catch all to exclude all cyber-related attack from protection. I have also heard that a few companies are developing specific policies that cover cyberattacks for superyachts. However, I wonder if this will cause a disconnect between the yacht owners, who may not want to pay out for a whole separate insurance policy just for this one area, and the ETOs who want it. If there was a way to incorporate cybersecurity into a more inclusive package this may be a good solution, as long as the package was attractive enough to the owner.
There are also some companies who offer technological solutions to yacht cybersecurity, some including cyber as part of a wider platform and some focusing solely on the issue. Again, I’m inclined to favour the broader package just from the point of selling it to the owner. There is a worry that diversifying the package could leave cybersecurity watered down, but I am sure tech businesses out there have found ways to ensure this isn’t the case.
A high number of attacks happen through yachting crew opening messages using their own devices, and so another solution may be more training for crew on the matter. This could be done by making attendance at marine cybersecurity conferences mandatory, or by getting an expert in to train all staff before departure. I fear banning BYOD would just make everyone fiercely unhappy. To be honest, I also think it could be beneficial for us ETOs to refresh ourselves with some yearly training around best practice if a cyberattack was to occur. Whilst truly devastating attacks are very rare, the possibility is still enough to lose me sleep, and to make me wonder whether the responsibility to prevent and remedy them should be entirely my own.”