BIMCO drafts new standard Cyber Security Clause

BIMCO reports that it has developed a new standard Cyber Security Clause that will require contracting parties to implement cyber security procedures and systems, to help reduce the risk of a cyber incident and mitigate the consequences of a security breach occurring.

The clause, for publication at the end of May, has been written by a small drafting team led by Inga Frøysa of Klaveness, with representatives from shipowners, P&I clubs and a law firm also involved, BIMCO says.

“I am very pleased to see BIMCO as the first mover on this important topic. Recent years have shown that there is a clear need for a clause addressing the contractual issues that can arise from a cyber security incident,” said Ms Frøysa.

BIMCO notes that the clause has been drafted in broad, generic language so as to be applicable in a wide range of contracts. The clause also aims to help contracted parties to more easily obtain affordable insurance for their cyber security exposure, as it includes a cap on liability for breaches.

“It was very important to the subcommittee to impose an obligation on the parties to keep each other informed if a cyber security incident should occur, and to share any relevant information which could assist the other party in mitigating and resolving an incident as quickly as possible,” added Ms Frøysa.

Information sharing will involve a two-stage notification process under the contract terms. An immediate notification must be made by the party who becomes aware of an incident to the other party upon discovery, which should then be followed by a more detailed notification once the affected party has had the chance to investigate the incident.

The clause also requires the parties to proactively share any subsequently discovered information which could assist the other party in mitigating the impact of the incident.

BIMCO notes that the level of required cyber security demanded by the clause will depend on elements such as the size of the company, its geographical location and the nature of its business, with the wording stipulating that the parties must implement “appropriate” cyber security.

The clause also requires each party to make reasonable efforts to ensure that any third-party providing services on its behalf, in connection with the contract, has appropriate cyber security.

Share this story

About the Author

Picture of Rob O'Dwyer
Rob O'Dwyer

Rob is Chief Network Officer and one of the founders of Smart Maritime Network. He also serves as Chairman of the Smart Maritime Council. Rob has worked in the maritime technology sector since 2005, managing editorial for a range of leading publications in the transport and logistics sector. Get in touch by email by clicking here, or on LinkedIn by clicking here.

Further Reading

News Archive