BIMCO has cyber security charter party clause under development

NOVEMBER 21, 2018 — BIMCO is developing a charter party clause dealing with cyber security risks and incidents that might affect the ability of one of the parties to perform its contractual obligations.

The clause is being drafted by a small team led by Inga Froysa of Klaveness, Oslo. Other companies involved include Navig8, the UK P&I Club and HFW, and the project is due to be completed in May 2019.

The BIMCO cyber security clause requires the parties to have plans and procedures in place to protect their computer systems and data, and to be able to respond quickly and effectively to a cyber incident.

Mitigating the effect of a cyber security breach is of paramount importance and the clause requires the affected party to notify the other party quickly, so that any necessary counter-measures can be taken. The clause is also designed for use in a broad range of contracts. This way, the clause can cover arrangements with third-party service providers, such as brokers and agents.

The liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of $100,000 will apply if no other amount is inserted.

BIMCO says that the cyber security clause will fulfill two important functions. The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.

In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details.