New BIMCO Cyber Security Clause

Insights /

With the increasing digitisation and use of information technology in the world today, the chance of becoming a victim of a cyber-attack is greater than ever. The energy industry is particularly susceptible as it seeks to increase the automation of processes in the interests of efficiency, safety and reducing the potential impact of human operational errors.

The potential fallout from a cyber-attack, therefore, could be devastating, resulting in damage to reputations, the environment or property, injury or death of personnel, and financial hardship to the company targeted.

Companies in the offshore oil and gas sector are, therefore, seeking to increase their resilience to such attacks; this is not only a question of strengthening the IT systems that protect the company, but also ensuring that personnel are fully trained to recognise the increasingly sophisticated tactics used by hackers.

Particular areas where operators and contractors may be vulnerable arise from the facility for offshore assets to be remotely controlled through networked systems. Whether that is a dynamically positioned drillship, or a remotely operated pipeline valve, any area where technology is used in operations is susceptible. There are particular concerns regarding the security of equipment within the sphere of the Internet of Things.

In order to regulate some of these risks between contracting parties, BIMCO has released its new Cyber Security Clause 2019. The clause broadly achieves four objectives: it sets out the cyber security arrangements that should be in place, it requires the parties to use reasonable endeavours to ensure that any third party contractors adopt the same arrangements, it contains a notification regime - which can quickly reduce and manage any risk that might arise - and it contains a standard provision to limit liability in the absence of gross negligence or wilful misconduct.

According to BIMCO’s own guidance, the intention behind its clause is threefold: (1) to raise awareness of the risk of cyber security attacks, (2) to ensure the parties have appropriate measures in place to mitigate against the risk, and (3) to manage the effects of an incident when it occurs through co-operation between the parties. It is expressly designed not to cover payment fraud since there is little that a generic clause can do to reduce the risk of this type of incident.

The standard BIMCO clause does not require cyber security insurance since the availability of different types of cyber security insurance policy can vary significantly between providers and across different jurisdictions. It is hoped by BIMCO that, although the clause does not require (or fully address) cyber insurance, it will help parties to secure affordable insurance protection based on the liability cap included in the clause. 

Alex Ktorides

Alex Ktorides Partner

Related sectors:

Related news & insights

Insights / Climate Change Litigation Continueth – The Scottish Case: Greenpeace v. BEIS and the OGA (and BP too)

15-10-2021 / Energy & Infrastructure

The Scottish Court of Session has declared that dealing with the global environmental impact of the consumption of oil is a political matter for the UK Government, not a legal issue for the UK Courts in considering the validity of approval to drill new oil wells in a single field.

Climate Change Litigation Continueth – The Scottish Case: Greenpeace v. BEIS and the OGA (and BP too)

News / AfCFTA and Energy & Infrastructure

11-10-2021 / Energy & Infrastructure, Maritime

This article is the third in a series of articles looking at the impact of the African Continental Free Trade Area (the “AfCFTA”) on various practice areas and industry sectors that our clients operate in. This article focuses on Energy and Infrastructure and addresses some of the key questions our clients have asked us.

AfCFTA and Energy & Infrastructure

Insights / Supreme Court clarifies lawful act of duress

21-09-2021 / Energy & Infrastructure

In Times Travel (UK) Ltd v Pakistan International Airlines Corporation (Rev 2) [2019] EWCA Civ 828, the Supreme Court confirmed the existence of the doctrine of ‘lawful act duress’ under English law and its limited scope in commercial transactions.

Supreme Court clarifies lawful act of duress

News / Shell agrees pay out to Nigerian community to settle long-running oil spill dispute

17-08-2021 / Energy & Infrastructure

In 1991, the Ejama-Ebubu people began a legal campaign to hold Shell Nigeria (“Shell”) accountable for an oil spill that occurred in 1970. Shell accepted that these oil spills had occurred, but argued that these were caused by “third parties” during the Biafran war, for which Shell should not be held liable. Almost 20 years later, in 2010, a Nigerian Federal court ordered Shell to pay 17 billion naira to the Ejama-Ebubu community. Shell has unsuccessfully attempted to challenge this ruling over several years and, in November 2020, the Nigerian Supreme Court ruled that Shell could no longer appeal the decision.

Shell agrees pay out to Nigerian community to settle long-running oil spill dispute

News / The Bribery Act: ten years on

19-07-2021 / Energy & Infrastructure

The Bribery Act: ten years on

Quick links

The Legal 500 2021

“Very available and responsive to company developments in real time. Frank, clear advice – not just the ‘easy’ answer.”

The Legal 500 2022

“The solicitors who have handled our employment related issues are of the highest quality in terms of their specialist area of expertise, their professionalism and their approach to us as clients and as people. Special mention has to be made of Laura Livingstone. Laura became a key member of our team and felt more like a colleague than an external adviser – a colleague you could rely upon. Laura’s attention to detail, professionalism and responsiveness was second to none. Laura has come to know and understand us as individuals and this has enabled her to personalise her advice and even sometimes to preempt our future requirements. We have a very special and extremely valuable relationship with her and the firm.”

- The Legal 500

The Legal 500 2022

“Ince are an excellent “fit” with our specific needs. The firm has consistently provided a broad range of personnel-related advice and in our experience that advice has been consistently of the very highest professional standard: it has been timely, comprehensive, accurate and at a cost which is commensurate with the budget of an organisation of our size.”

- The Legal 500

The Legal 500 2022

“The firm has an unusually high degree of insight into the practices and policies required by the Gambling Commission as regards compliance with its own requirements and conditions – particularly Andrew Tait, derived from his previous in-house experience.”

- The Legal 500