Developing a maritime cyber safety culture: Improving safety of operations

Abstract

<jats:p>A rise in catastrophic loss-of-life events as a result of poor safety management (e.g., the capsizing of the Herald of Free Enterprise and the Costa Concordia) has driven the maritime sector to improve its safety management practices. This paper will explore the vital role of the human element within safety management, and why, as part of that safety management, organizations must foster a safety culture. This development must be achieved if organizations are to make a significant step forward in preventing similar catastrophes in the future. It is important to note that the development of safety cultures is not new to the maritime sector. However, the increase in connected systems within the sector (e.g., satellite communications) means these safety cultures must now consider the new, or altered, risks posed by digital systems. Therefore, the paper, through a high-level literature review, will consider what the core elements of a cyber safety culture are, and how an organization company can nurture its development, both internally and across the wider sector. The paper will discuss the various benefits of developing a robust cyber safety culture, including demonstrable compliance to the International Maritime Organization’s (IMO) cyber regulation, Resolution MSC.428(98). The paper will conclude by arguing the development of a cyber safety culture is not going to remove all risk completely, but rather will allow organizations to be better prepared for when incidents do occur. Highlights

This paper argues that managing maritime cyber risks is not easy. However, through the inclusion of cyber risk into an organisations safety culture, operations can become more resilient to cyber incidents. Safety cultures have been a mandated part of maritime risk management for many years. Through the ratification of the International Maritime Organizations Resolution MSC.428(98) cyber risks are now included within this remit. This paper explores the benefits to an organisation by developing a cyber safety culture, including: demonstration of compliance, reduction in the human risk, lower financial implications and potentially better insurance premiums. The paper also discusses the practical implications of developing a cyber safety culture, and how through experiencing these cultures early on in their career can have positive improvements on the safety of operations. </jats:p>