Cyber threats to maritime organisations are becoming increasingly prominent. Given the significant likely impacts and the high-profile media attention surrounding previous attacks, it is unsurprising that leaders within maritime organisations are motivated to engage with cyber risks. This has catalysed the development of new cybersecurity guidance, however this focus on the organisational side has not been met with the same balance within scholarly discourse, with most research positioned within the technical aspects of cybersecurity. As limited research exists examining decision-making at senior leadership levels, this thesis seeks to address this gap by critically exploring the potentiality of simulation-based approaches for enabling more effective decision support at this level. The literature review develops an understanding of the risks, impacts and challenges influencing cybersecurity decision-making in the maritime domain. It also identifies game-based simulation as the most effective method for simulation-based approaches in cybersecurity. The research develops, tests, and applies two scenario-driven exercises for executive decision-makers which offers insights about cybersecurity risks and decision-making processes. Through these findings, it establishes the potentiality of game-based learning for raising awareness of cyber risks at the senior executive level.
A key implication includes building on existing literature to establish decision-making as a key factor in what makes executive decision-makers analyse cyber risk and respond to cybersecurity incidents effectively. By designing exercises that create a safe space environment, it also provides evidence to the senior leadership of such organisations, from which they can understand the potential eventualities of a cyber attack in the absence of an attack actually happening.