Maritime Cyber Security: A Global Challenge Tackled through Distinct Regional Approaches

The paper is written in the first person plural, which is not recommended

We have revised the paper and change the 1^st person plural sentence. Many thanks

Literature review is well conceived, however the authors could include maritime critical infrastructure

We have renamed section 2.1 and included a foot note to demonstrate the importance of maritime critical infrastructure.

The number of surveyed research participants is satisfactory for the topic covered

Many thanks

The results of the research are presented clearly and understandably

Many thanks

The proposed future research is expedient

Many thanks

This study investigates cybersecutiy in the shipping industry by conducting interviews in Asia and Europe. The cybersecurity is very important for the shipping industry, and the attempt to conduct interviews to people with different cultures is academically interesting. The result shows us how the industry experts think of the cybersecuriy. The fact the results for Europe and Asia are different is also interesting.

Many thanks

The paper itself is well organized and presents the content clearly.

Many thanks

However, the conclusion is too strong, and it's beyond what can be discussed from the data. For example, the paper states "Applying this realisation to maritime cybersecurity, Western maritime transport stakeholders perceive cybersecurity as an impartial risk factor to be dealt with by IT professionals, while their Asian counterparts incorporate cyber risk into their overall business aggregated risk management." It's not clear how the conclusion is withdrawn from the data, and seems to be an estimate supported by Nisbett [28]'s research. It can be an hypothesis from the data, but if you want to suggest it is fact, it is required to show another data which directly supports the hypothesis

Many thanks for your comment. We agree and revised accordingly. (Please see revised text in lines 541-548).

The next paragraph L530 - 537 is also not sure from the data. The authors suggests maritime transport stakeholders don't understand how the cyber threats can affect their organization's daily operation. However, figure 2 shows around 70% experts answer that cybersecurity is important for their job. I recommend you to re-organize your conclusion section which should be supported by the data.

Many thanks for your comment, however we are slightly confused as we demonstrate in the sentence below the one highlighted in your comment (lines 549-551) that even though they understand that there is risk they do not comprehend the full potential impact for their business.

The paper certainly has a contribution in the segment of empirical research and the fact that the authors conducted two workshops to collect the data used in the paper. However, a more detailed description of the sample to confirm its relevance is missing.

We totally agree with your comment. Many thanks for picking up that point that we have now revised (please see lines 74-79 and 254-256). Leading on the later comments an important point that we have not made clear throughout the paper is that these workshops were not held for data collection per se. Instead, we took advantage of an opportunity to collect data while the workshops were taking place and our analysis attempted to make the most out of the data collected. As such, we did not have control over the profile of participants and we also did not have access to full participant demographic information (due to GDPR complications).

Also, I have great reservations about the fact that the whole analysis is based on qualitative assessments, without trying to quantify them and generate higher quality results, which would be suitable for a journal of this scientific level.

Many thanks for your comment. Drawing from our response to your previous comment we understand the value of conducting such analysis however due to the nature of the data collection process we decided not to do so, as we did not want to over interpret the information/ over analyse the data. In addition, we believe that our analysis will satisfy social scientists in terms of interpreting data collecting in this activity by using a qualitative lens (please see lines 528-532).

I suggest that the authors use the Likert scale to quantify their results and be able to present a statistical analysis of the results. The Likert scale with 5 levels would be the most acceptable, where the answers "I don't know" would be excluded from further statistical analysis, but only presented in the way it is given in the paper now. From the analyses, it is necessary to make descriptive statistics by countries, for both continents included in the research, to clearly see the number of experts in each and the exact number of answers with average price and standard deviation. Also, the quality of work would be significantly improved by applying ANOVA to determine the possible existence of statistically significant differences in the perception of experts on maritime cybersecurity in Europe and Asia.

Many thanks for your comment. Yes we can do the statistics but we do not have enough information for the participants. Therefore, we believe that by doing so we may lose the outputs collected as we do not want to over analyse the data. Having said that and as included in the last section of the paper we believe that this paper has some tantalising information which will help future researchers to design the questionnaire and collect more information related to participants so they could conduct more statistical analysis (please see lines 560-564).