32
FINANCE, INSURANCE & ACCOUNTING
RAILSTAFF MARCH-APRIL 2022
UNDERSTANDING RISK AND RAIL INSURANCE
T
he Rail industry spans countless companies, each facing complex and unique risks in their day-to-day operations. Working on the rails is one of the most hazardous professions, with rail environments carrying specific and complex dangers. All companies operating on the rails must therefore protect themselves from operational risk, but how do they do this? How does rail insurance work, what does it cover, and how complicated are available products? The UK’s rail network is one of the safest and busiest in Europe, but it faces major challenges. Despite the setbacks of the past few years, passenger numbers are improving, reaching 80% of pre pandemic levels in March 2022, according to the Department for Transport. And, with rail leading the way as a sustainable means of transport, both for freight and passengers, the next decade will see increasing traffic and major works across the network. All of this means increased risk exposure for rail firms.
EXPECT THE UNEXPECTED When we discuss risk, what exactly do we mean? Incidents are varied and range in severity but, broadly speaking, can fall into the following categories, says Matthew Whitehurst, Account Director at Marsh Commercial. “Operational risk includes loss and damage to rolling stock, internal breakdown, collision, derailment, theft, and fire damage; loss and damage to plant and equipment; and Schedule 8 Penalties, where damage causes a delay on the mainline. “Liability risk covers injury to volunteers and employees during the course of their activities; injury to members of the public; damage to third party property, such as infrastructure and track; negligence acts by trustees or directors; and professional negligence. “Static risk is loss and damage to property, infrastructure, and theft of property at a premises. And finally, business interruption is loss of revenue following damage to rolling stock or at premises.
EVOLVING THREATS Cybercrime has been a threat to commerce and industry for many years now, with criminals targeting businesses for financial gain. And as state actors increasingly turn to cyberattacks to achieve their own aims, the risk to key infrastructure targets such as the rail is at an all time high. With the railway becoming increasingly digitised, this threat will only grow in years to come. So how can rail companies limit the damage? RAILSTAFF.CO.UK | @RAIL_STAFF | FACEBOOK.COM/RAILSTAFF
“A major cyber incident could potentially bring the rail network to a standstill for hours, days, or even weeks,” says Matthew, “and because rail is critical infrastructure, disruptions can ripple through supply chains, causing significant delays and other issues. In addition, cyberattacks could lead to physical damage that threatens not only operations, but the safety and security of workers and others. “Such risks underscore how important it is for rail to invest in a smart digitalisation strategy that identifies and addresses vulnerabilities and creates a resilience that is able to withstand and recover from a cyberattack.” A critical first step towards improving cybersecurity is to carry out an in-depth cyber assessment with third-party stakeholders focused on the identification of key IT assets. Companies should also engage in scenario planning to help them understand the impact of potential attacks and rehearse the response to them. Understanding third-party risks is also crucial. “Rail operates within a complex ecosystem of suppliers, users, and customers,” Matthew says. “The network can have hundreds of stakeholders providing services, each with various cybersecurity strengths and weaknesses. Mapping out the touchpoints and how operations connect will help in the understanding of how each player contributes to cybersecurity vulnerabilities.” Training and education also cannot be stressed enough. Many employees at all levels within the rail industry do not receive the appropriate technology and digital training to prepare for their role in managing the cybersecurity risks faced by an increasingly digitalised industry.
