How to Optimise Risk Management

Opening Poll

Based on the above results, panelists were asked: How do you see the current risk landscape from your perspective?

As an insurer, Mr Michael Brown shared that he is involved in dealing with cyberattacks on a daily basis with customers. He shared that it is a very difficult aspect of insurance to navigate, and that it is becoming harder in general to find such insurances, because "limits are decreasing, deductibles are increasing, and costs are going up. Not only this, but there is often a multi-factor authentication needed to set it up."

He continued: "Certain types of coverage are being copied, but it’s an imperative coverage to have. We see people in response to the attacks thinking mainly about IT services being hit, but they don’t really look at what the business side looks like. For example, how do you contact your employees, because the employee list is on the server, the customer list too, and it may all be affected by an attack."

Ms Anne Masson shared that her company have just issued a report for the logistics industry on cyber security, with prevention schemes, and how companies can protect their systems from not being attacked.

Mr Niels Beuck focused on cargo theft and damage, which through his work as Deputy Director of the German Logistics Association (DSLV), he works with on a daily basis. He made the point that cargo theft in Europe is mainly the theft of goods, and is not very violent, but well-organised behind structures, mainly from Eastern Europe. He shared that these theft networks thrive on the European Union, because of the many borders and complications of uniformising border procedures. That’s an advantage for these groups, who steal cargo from lorries on motorways. It is then easy for them to sell these goods on legal platforms like Amazon and eBay. As many of us know, in other regions, these incidents can be very violent with weapons and even bulldozers involved, particularly in the case of high value cargo, however the chances of being caught in such regions is very low, which is why FIATA continues to work with cargo safety and security experts through its Advisory Body on Safety and Security, to advocate for stricter measures and regulations to reduce these thefts.

When asked to comment on Customs delays and inspections, Werner Rens responded that he likes to put himself in the position of the freight forwarder, specifically a Customs broker. He believes that many of the responses in the poll are interlinked, and that often one results in another. The first immediate danger, he said, is losing the first data source, which can result in Customs delays, due to a lack of data, and mainly an unwillingness to share the data. He noted that there is shared liability with customers, and that when something goes wrong, there is often a confusion and blame-shifting in terms of complete liability.

Mr Nicolas Collart shared of the big impact freight forwarders have on bringing knowledge to Customs, usually a bit later after clearance, and that when something goes wrong, a documentation error, a liability leak comes out, and that he as a broker need to go back to forwarder, asking them to connect him to the customer, but that in some cases it was a one-off job so they don’t know them, and that in the landscape of today, where interoperability and global digital standards are not yet a reality, it happens more and more.

Michael Brown gave an example of this, sharing a story of a freight forwarder who approached approximately 100 different customs brokers, with a counterfeit Nike goods shipment, who made shipments on Nike’s behalf. The value of the goods then deprived Nike of the sales, so they sued all involved customs brokers. This was an example of the freight forwarder not knowing their customer, which the two claim is the fault of the freight forwarder, saying that it is important for forwarders to know their customers.

Niels Beuck however countered this argument, saying that it is hard for freight forwarders to know and recognise counterfeit goods, let alone trained professionals, and that this liability should not be the forwarders, and that it should carry out all possible measures to not become liable for such claims.

Andrea Tang, moderator and FIATA International Trade Lawyer posed the question to the panel: What has your experience been in terms of industry coverage, are the majority adequately insured?

Michael Brown responsed, saying that in terms of cyber insurance, companies are still under-insured, but that the party who arranges for transportation can be brought into law suits and need to know that this coverage is very important. With larger vessels, he said, come higher concentrations of risk, and thus the problem becomes worse.

Anne Masson shared that some logistics companies have become uninsurable, because traditional carriers are backing off due to being hit by many claims. Her key message was to work on prevention, put in place cybersecurity systems, and most importantly not to forget adequate insurance.

Polls

In response to the first poll, Mr Brown and Ms Masson highlighted that after hospitals, transport is the worst hit sector from cyberattacks, and that 1 in 5 freight forwarders are at risk of attack.

Mr Beuck commented that cyberattacks can be defined differently by different people, but that such attacks can already be defined as small as emails from Amazon impersonators, attacks which are tailored to you and your data. Many people still define attacks primarily as big ransomware attacks, where all data is stolen and held hostage at a fee.

Based on her experience, Ms Masson recommends installing an Endpoint Detection and Response (EDR) system, which is a system that has an attack surface 24/7, which detects attacks on all levels, and can see when the hackers are present in systems.

As a closing note, Mr Brown urged those with existing cyber insurance to read their policies, because some coverage might be default, but money could be saved, and more relevant coverage could be added for that cost.

As a final question, Mr Werner Rens was asked how risk can best be mitigated.

"You can’t remove 100% of risk, but you can do things to screen your customers, such as visiting their website, checking whether what is claimed in an email is what they actually offer, their address on the website, for how long the company exists, etc. He highlighted the fact that official databases exist can be consulted too, for example to find VAT numbers.

Asked whether there are additional difficulties and challenges when vetting companies in different countries, and whether something needs to be done about this, Mr Rens shared that in his view, an important consideration in global data exchange is that the marketplace and eCommerce should be the liable party rather than the consumer, who cannot understand all issues surrounding global cybersecurity, because global data brings a whole new dimension to cyber risk. Data, he said, is at the heart of cyber risk. In recent years, he has been in contact with Amazon and Alibaba, who can retrieve all data in the purchasing and trade process, and they can use this data to mitigate risk, cover liability, and are in a position to say no to mystic suppliers. He shared that from what he had been told, these eCommerce giants don’t do this now, because they don’t bear any liability, but that it is time to make them liable. Governments and authorities would have to pass such reglation changes, however, and it is not always a given that they would do this. Amazon and Alibaba know they have the tools, but they say it should be compulsory to all such companies, then everyone is in the same boat.