Anchoring Cybersecurity: The Need For Vendor Agreement Clauses In Shipping

by John Konrad (gCaptain) In the age of increased cyber threats and vulnerabilities, safeguarding a business extends beyond the perimeter of one’s organization. Speaking at the Marine Money Week Conference in New York yesterday, Sameer Bhalotra, Co-founder & CEO of ActZero, a ABS Wavesight partner, emphasized the critical role of cybersecurity measures in vendor contracts and partnership agreements.

The interconnected nature of the shipping industry presents unique security challenges. In an industry where shippers, carriers, bunker providers, and service providers are intertwined, the risk of cyber-attack extends to the entire supply chain. As often stated, “you’re only as strong as the weakest link.” Major cybersecurity incidents, such as the attack on Maersk in 2017, have spotlighted the vulnerability of this sector. Even if your company is well-protected, a breach at any link in the chain – like a bunker provider that can’t deliver fuel or a terminal provider that can’t handle your cargo because of a ransomware attack on their systems – could put your operations at risk.

According to Bhalotra, companies that have invested in cybersecurity for years and have a trustworthy and tested team are doing a good job. However, they must consider the next level – securing their vendors. Two methods were proposed: making cyber defense services available to vendors and incorporating cybersecurity requirements in vendor contracts.

Firstly, companies can invest in cyber defense services for their principal vendors and incorporate these services into their own comprehensive cybersecurity response plan. As time passes, vendors will come to recognize the critical nature of these services and assume the associated costs. This proactive investment fortifies the most vulnerable links in the chain, ensuring they meet industry standards and contribute to the overall security of the industry.

The second approach involves incorporating cybersecurity clauses in vendor contracts. This trend is already prevalent in the US, especially in the defense sector. Contracts now often stipulate that partners and vendors must have insurance, liability protection, and cyber defense. In case of non-compliance, vendors would be in breach of contract, necessitating a certification process.

By requiring a certain level of cyber defense from vendors, companies not only protect themselves but also strengthen the entire industry’s security. The integrated nature of shipping means that cybersecurity cannot be an isolated effort. It must be a collective undertaking, starting from the individual companies and extending to their vendors and partners.

In conclusion, cybersecurity clauses in vendor and partnership agreements are no longer an optional add-on. They are an integral part of the modern business landscape, crucial for securing operations, protecting financial assets, and maintaining the trust of stakeholders in an interconnected industry fraught with cyber threats.

Unlock Exclusive Insights Today!

Join the gCaptain Club for curated content, insider opinions, and vibrant community discussions.

Sign Up