Cyber security training in maritime needs improvement, with only 22% of respondents to an industry survey stating that the training they have received was high quality.
More than half of the respondents (63%) to the 2020 Safety at Sea and BIMCO Maritime Cyber Security survey said they received cyber security training; most (67%) said the training was just ‘good’, with a further 9% stating it was low quality. These results are consistent with the 2019 cyber security survey, with 64% having received cyber security training and 8% describing the training as poor. However, there has been a 4% rise in respondents stating that training was high quality, from 17% in 2019 to 22% in 2020.
Positively, a high number of respondents had little to complain about with the cyber security training they had received in the past 12 months: some respondents wrote that it was practical, easy to understand and relevant to their roles in maritime. However, this does not mean the industry should rest on its laurels. Other respondents noted training was “basic”, “rudimentary” or was just one short course. Furthermore, while the majority of cyber training was provided by an employer (71%) or an external organisation (43%), 17% said they had to organise or fund it themselves.
Often the key to providing quality training is to ensure that feedback is gathered from students and improvements can be made or additional information provided to staff. Maritime firms seem to be getting this right half the time; 50% of respondents said their company gathers feedback on the effectiveness of any cyber training their staff have received, 40% said they did not receiving any requests for feedback and a further 10% were unaware if their company had requested this information following the training.
“Cyber security training and awareness is paramount to any organisation. People need to be aware of the threats they encounter, not only on work IT systems, but their own personal devices,” said Rachael Bardoe, director operations and cyber center of excellence, Digital Container Shipping Association.
Bardoe maintains further crew training is essential in combating cyber-attacks. “We have seen geotagging on social media being used by threat actors to track vessels. Or where crew devices may get plugged into vessel systems. Whilst there is an increased focus, there is still a way to go before security awareness becomes second nature and there will always be a need to keep revisiting the approach to training and awareness,” Bardoe told SAS.