Alex Ktorides Partner
New BIMCO Cyber Security Clause
With the increasing digitisation and use of information technology in the world today, the chance of becoming a victim of a cyber-attack is greater than ever. The energy industry is particularly susceptible as it seeks to increase the automation of processes in the interests of efficiency, safety and reducing the potential impact of human operational errors.
The potential fallout from a cyber-attack, therefore, could be devastating, resulting in damage to reputations, the environment or property, injury or death of personnel, and financial hardship to the company targeted.
Companies in the offshore oil and gas sector are, therefore, seeking to increase their resilience to such attacks; this is not only a question of strengthening the IT systems that protect the company, but also ensuring that personnel are fully trained to recognise the increasingly sophisticated tactics used by hackers.
Particular areas where operators and contractors may be vulnerable arise from the facility for offshore assets to be remotely controlled through networked systems. Whether that is a dynamically positioned drillship, or a remotely operated pipeline valve, any area where technology is used in operations is susceptible. There are particular concerns regarding the security of equipment within the sphere of the Internet of Things.
In order to regulate some of these risks between contracting parties, BIMCO has released its new Cyber Security Clause 2019. The clause broadly achieves four objectives: it sets out the cyber security arrangements that should be in place, it requires the parties to use reasonable endeavours to ensure that any third party contractors adopt the same arrangements, it contains a notification regime - which can quickly reduce and manage any risk that might arise - and it contains a standard provision to limit liability in the absence of gross negligence or wilful misconduct.
According to BIMCO’s own guidance, the intention behind its clause is threefold: (1) to raise awareness of the risk of cyber security attacks, (2) to ensure the parties have appropriate measures in place to mitigate against the risk, and (3) to manage the effects of an incident when it occurs through co-operation between the parties. It is expressly designed not to cover payment fraud since there is little that a generic clause can do to reduce the risk of this type of incident.
The standard BIMCO clause does not require cyber security insurance since the availability of different types of cyber security insurance policy can vary significantly between providers and across different jurisdictions. It is hoped by BIMCO that, although the clause does not require (or fully address) cyber insurance, it will help parties to secure affordable insurance protection based on the liability cap included in the clause.
Related news & insights
Insights / New UK restructuring tool set to jack up floundering offshore sector
16-07-2020 / Energy & Infrastructure
The Covid-19 pandemic has brought considerable challenges, as well as potential opportunities, to the offshore sector. Offshore drilling continues to face difficulties and is expected to be the worst performing subsector of the oil sector, with rig utilisation at around 60%.
Insights / Scottish Court sanctions the Premier Oil Scheme of Arrangement confirming the flexibility of the scheme of arrangement to implement novel restructuring solutions
12-05-2020 / Energy & Infrastructure
Successful creditor challenges to schemes of arrangement are incredibly rare, and ARCM’s challenge to Premier Oil’s scheme  has not bucked this trend. This scheme raised a broad range of issues which, subject to the outcome of the appeal, have been addressed to confirm the broad, flexible scope of the scheme of arrangement to implement creative restructuring solutions in the face of opposition from minority creditor groups. We provided an overview of the scheme of arrangement process and some of the issues raised by the Premier Oil scheme in our previous bulletins  .
News / Ince part of the winning Offshore Project Finance Deal of the Year for 2019
04-05-2020 / Energy & Infrastructure, Maritime
Golar LNG & Keppel Capital, FLNG Gimi – US$ 700m Senior Secured Term Loan awarded ‘Offshore Project Finance Deal of the Year’.
News / Ince announces new heads of Energy and Infrastructure Practice
23-04-2020 / Energy & Infrastructure
22 April 2020, London International legal and professional services firm Ince has today announced the appointments of Gillie Belsham and Chris Kidd as co-heads of its Energy and Infrastructure Practice.
Insights / Economic duress or commercial leverage? The Court of Appeal clarifies the scope of “lawful act duress”
25-03-2020 / Energy & Infrastructure
It is a well-established principle of English law that a contract resulting from a threat of an unlawful act or omission may be avoided at the option of the aggrieved party. The Court of Appeal’s decision in Times Travel (UK) Ltd v Pakistan International Airlines Corporation (Rev 2)  EWCA Civ 828 provides a long-awaited clarification on whether a contract may be avoided if it is entered into following pressure involving a threat to do something lawful i.e. “lawful act duress”.
Insights / Energy & Infrastructure The Smart Bulletin October 2019
09-10-2019 / Energy & Infrastructure
We are pleased to share with you the latest edition of the Ince Smart Bulletin. Our aim is to keep those working in the Energy & Infrastructure sectors up-to-date with relevant legal developments.