jump to navigation

Armed Security; Increasing Competition & Decreasing Demand February 10, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , ,
1 comment so far

Recently I wrote about the armed security market and the inevitable shakeout.   A look at the most recently data supports this position and does not seem to fare well for the new entrants into the maritime security space.  As of February 1st, 2012 there are now 307 signatories of the ICOC with 55 signing on December 1st, 2011 and another 42 signing on February 1st, 2012.  While some of those signing are older, more established companies there is a large percentage of new entrants.  In short, competition is becoming fierce within the maritime security industry.

In January, 2012 the IMB released statistics on pirate attacks and hijackings.  From 2010-2011 pirate attacks in and around Somalia increased roughly 7.5% from 219 to 237 while at the same time hijackings decreased roughly 43% from 49 to 28.  In 2010 approximately 22% of the ships attacked were taken and hijacked while in 2011 the percentage dropped to just below 12%.  A combination of increased naval patrols, armed guards, and implementation of BMP is having a desired effect on hijackings.

There are several things that can be surmised from the information above.  First, competition within the maritime security industry is increasing rapidly.  With the wars winding down in Iraq and Afghanistan there is an increasing number of veterans entering the job market.  Some of these are founding security and maritime security companies to try take advantage of the perceived demand for the services.  This will have the effect of decreasing rates across the industry unless demand increases, as well.  The second thing that can be surmised is that demand for maritime security is likely to decrease significantly.  There are several reasons to anticipate a decrease.  As current efforts are showing success companies will logically begin to evaluate the need for expensive, armed guards when other controls may prove sufficient.  Additionally, it is expected that the number of ‘free riders’ will increase as companies begin to hedge their bets and forgo the use of security with the belief that other companies investment will have a residual affect on their security.  Finally, insurance rates should drop for ships traversing high-risk waters making the justification for the cost of engaging armed security more difficult.  As any first year economics student can attest; increasing competition and decreasing demand does not bode well for the industry.  Companies will have to drop their prices to compete for a rapidly decreasing pool of potential clients.  The end result is the inevitable shakeout of the industry.

Why Regulation Cannot Prevent CyberCrime (TransactionWorld) February 6, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

As the maritime industry is increasingly focused on protection of data assets, I thought it would be beneficial to include an article on the topic.  This article is one I wrote for TransactionWorld in July, 2011.  It is titled: “Why Regulation Cannot Prevent CyberCrime” and is a continuation on the discussion of the impact of deterrence on behavior.

“Data security and privacy regulation have increased significantly over the past 10 years. The U.S. now has 46 state breach notification laws and there have been numerous bills introduced in Congress that propose to regulate personally identifiable information and to dictate security of such data. In spite of this increasing regulation, data breaches continue to plague the industry. Some have proposed that more regulation is the answer. Unfortunately, regulation alone is inadequate to prevent data theft and protect data.

At its core, data theft and network intrusions are crimes. At the risk of oversimplifying the work of criminologists, crime prevention can be summarized as using deterrents to affect protection of assets and prevention of theft. Protection applies to the ‘hardening’ of targets by implementing controls that increase the level of difficulty of perpetrating a crime. A vault is a good example of a protective measure. While no vault is completely impenetrable, vaults do provide significant protective value. Data security controls are protective measures. They are designed solely to limit attempts to obtain the target of value. Without a deterrence effect, criminals are free to attack companies at will without fear of retribution. This article will explore the value of deterrence in the prevention of crime.” (read full article here)

Foriegn Security Team to Face Trial in Somalia February 6, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

SomaliaReport published a story today which said that six men arrested in May, 2010 for bringing $3.6 Million into Somalia as a ransom payment for a hijacked vessel will be in Banadir Court on Thursday to face charges.  The six, one American, three Britons, and two Kenyans have been held at the airport since their arrest 9 months ago.  According to the story, the money was to be used for the release of two vessels, the MV Suez and MV Yuan Xiang.

Chris Mark Speaking at Combating Piracy Week in Hamburg February 2, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

I will be speaking at the  Combating Piracy Week in Hamburg, Germany on the topic of CyberSecurity & CyberEspionage The topic will discuss the topics with a focus on who is trying to steal your data and why.  It  will also cover the technologies and tactics of how they can steal your corporate data and what the uses of such data.  You can get a preview of the topic by reading the Maritime Executive article in which I was interviewed.

If you have not attended one of the Hanson Wade Piracy events, it is worth attending.  Hanson Wade’ personnel do a great job of coordinating networking and the speakers are all very professional and very adept.  I have had opportunity to speak at nearly 100 events in the past 12 years or so and I would put the Hanson Wade events in the top 5 in terms of value for the money.  I highly recommend this event for security companies that want to meet decision makers and speak with the people who influence the industry from a security perspective.

A Rant about Risk- Rock Climbing with a 2 year old January 31, 2012

Posted by Chris Mark in Risk & Risk Management.
Tags: , , , , ,
add a comment

Today on NBC Sports there was an article about  woman rock climbing with her 2 year old strapped to her back.  The toddler is not wearing a helmet.  When asked she explained: “I can appreciate if you didn’t realize how safe the environment I was in, it could be worrying, but I was top-roping which means if you fall you don’t fall any further than where you came off.”  She further opined: “It is the safest form of climbing you can do…Health and safety legislation and the sue and blame culture mean so many people are nervous, so afraid of getting into trouble, and taking small risks. Life is all about risks, whether that’s something as simple as getting in your car every day or climbing up a rock face.”  This reminded me of a debate I had several years ago.

I was talking with a company about protecting personally identifiable information (PII) as required by law.  The company’s response was: “It is too expensive to comply.  I will take the risk.”  The problem lies in that the data that they are required to protect is not their information.  While the data itself (bits and bytes) may belong to the company the information represented by the bits and bytes is the property of the person to which it refers.  In short, it is not the company’s risk to assume as it is not their property.  If I want to publish my own personal data on the Internet, I can do so and assume the risk…it is my data.  A third party cannot assume risk for me…without my permission.   This is why companies are required to protect PII, NPI, PHI, and other forms of personal data.

In much the same way this woman can free climb naked (alone) if she chooses.  It is her risk to assume.  Whether her style of climbing is the safest does not mean it is without risk.  It is a less risky than free climbing but any form of rock climbing is an inherently risky activity.  The 2 year old does not have the ability to state whether she wanted to climb or not.  Where I have issue with the woman is her attitude of: “life is all about risks…”  Granted but some peoples’ lives are about taking more risks than others.  As adults we can make the decision to base jump, free climb, skydive, or race motorcycles.  When we include others in our risky behavior without their consent, it becomes problematic.