Cybersäkerhet med medarbetare i fokus: En kvalitativ studie om medarbetares cybersäkerhetsbeteenden inom svenska SME

Vigh, Maja; Laremark, Hanna

Cybersäkerhet med medarbetare i fokus: En kvalitativ studie om medarbetares cybersäkerhetsbeteenden inom svenska SME

Mark

Vigh, Maja ^LU and Laremark, Hanna (2024) SYSK16 20241
Department of Informatics

Abstract: The number of cyberattacks has increased significantly following changes in the geopolitical landscape and as a result of the Covid-19 pandemic. For Swedish SMEs, a well-functioning cybersecurity culture can be crucial for the survival of the businesses. Consequently, a qualitative study was conducted in the form of semi-structured interviews with 5 Swedish SMEs in Skåne. The primary purpose of the interviews was to investigate how cybersecurity behaviors can be promoted among employees in various sectors, where the employees do not have IT security-related roles, and to examine the capabilities of Swedish SMEs in working with recognized technical frameworks. The results showed that medium-sized companies had more developed cybersecurity... (More); The number of cyberattacks has increased significantly following changes in the geopolitical landscape and as a result of the Covid-19 pandemic. For Swedish SMEs, a well-functioning cybersecurity culture can be crucial for the survival of the businesses. Consequently, a qualitative study was conducted in the form of semi-structured interviews with 5 Swedish SMEs in Skåne. The primary purpose of the interviews was to investigate how cybersecurity behaviors can be promoted among employees in various sectors, where the employees do not have IT security-related roles, and to examine the capabilities of Swedish SMEs in working with recognized technical frameworks. The results showed that medium-sized companies had more developed cybersecurity through an established IT department. The results also indicated that motivation and human factors such as responsibility, opportunities for development, praise, job satisfaction, and a sustainable workload, can impact cybersecurity efforts. A lack of knowledge and confidence in connection with cyber threats/cybersecurity was a prominent finding. It was also revealed that the majority of the companies do not include employees in the development of cybersecurity policies. None of the companies explicitly used Zero Trust or NIST as strategies, although they utilized parts of these frameworks. The conclusion is that organizations that consider organizational culture, competence, and human factors, as well as include employees in their cybersecurity strategy, can develop a more robust and sustainable cybersecurity practice. (Less)
Abstract (Swedish): Antalet cyberattacker har ökat markant sedan förändringar i det geopolitiska läget och som resultat under och efter Covid19 pandemin. För svenska SME kan en välfungerande cybersäkerhetskultur vara avgörande för företagens överlevnad. Därmed har en kvalitativ undersökning i form av semistrukturerade intervjuer genomförts hos 5 svenska SME:er i Skåne. Intervjuernas primära syfte är att undersöka hur cybersäkerhetsbeteenden kan främjas hos medarbetare inom olika sektorer, där medarbetarna inte har IT-säkerhetsrelaterade roller, samt undersöka hur svenska SME förmågor ser ut i arbetet med erkända tekniska ramverk. Resultatet visade att företag i mellanstorlek, hade en mer utvecklad cybersäkerhet genom en etablerad IT-avdelning. Resultatet... (More); Antalet cyberattacker har ökat markant sedan förändringar i det geopolitiska läget och som resultat under och efter Covid19 pandemin. För svenska SME kan en välfungerande cybersäkerhetskultur vara avgörande för företagens överlevnad. Därmed har en kvalitativ undersökning i form av semistrukturerade intervjuer genomförts hos 5 svenska SME:er i Skåne. Intervjuernas primära syfte är att undersöka hur cybersäkerhetsbeteenden kan främjas hos medarbetare inom olika sektorer, där medarbetarna inte har IT-säkerhetsrelaterade roller, samt undersöka hur svenska SME förmågor ser ut i arbetet med erkända tekniska ramverk. Resultatet visade att företag i mellanstorlek, hade en mer utvecklad cybersäkerhet genom en etablerad IT-avdelning. Resultatet visade även att motivation och mänskliga faktorer såsom ett ansvar, möjlighet till utveckling, beröm, trivsel och en hållbar arbetsbörda, kan ha en inverkan på cybersäkerhetsarbetet. Brist på kunskap och självförtroende i samband med cyberhot/cybersäkerhet var en framträdande upptäckt. Det framkom även att majoriteten av företagen inte inkluderar anställda i framtagandet av cybersäkerhetspolicyer. Ingen av företagen använde Zero Trust eller NIST som uttalade strategier, trots att företagen använde delar av dessa ramverk. Slustasen blir att organisationer som tar hänsyn till organisationskultur, kompetens och mänskliga faktorer, samt inkluderar medarbetare i sin cybersäkerhetsstrategi kan utveckla en mer robust och hållbar cybersäkerhetspraxis. (Less)

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9156565

author

Vigh, Maja ^LU and Laremark, Hanna

supervisor

Markus Lahtinen

organization

Department of Informatics

course

SYSK16 20241

year

2024

type

M2 - Bachelor Degree

subject

Business and Economics

keywords

Cybersecurity, Bottom-up, Human factors, Cybersecurity Strategy, Motivational factors, Social norms, Cybersecurity frameworks

language

Swedish

id

9156565

date added to LUP

2024-06-03 16:02:46

date last changed

2024-06-03 16:02:46

@misc{9156565,
  abstract     = {{The number of cyberattacks has increased significantly following changes in the geopolitical landscape and as a result of the Covid-19 pandemic. For Swedish SMEs, a well-functioning cybersecurity culture can be crucial for the survival of the businesses. Consequently, a qualitative study was conducted in the form of semi-structured interviews with 5 Swedish SMEs in Skåne. The primary purpose of the interviews was to investigate how cybersecurity behaviors can be promoted among employees in various sectors, where the employees do not have IT security-related roles, and to examine the capabilities of Swedish SMEs in working with recognized technical frameworks. The results showed that medium-sized companies had more developed cybersecurity through an established IT department. The results also indicated that motivation and human factors such as responsibility, opportunities for development, praise, job satisfaction, and a sustainable workload, can impact cybersecurity efforts. A lack of knowledge and confidence in connection with cyber threats/cybersecurity was a prominent finding. It was also revealed that the majority of the companies do not include employees in the development of cybersecurity policies. None of the companies explicitly used Zero Trust or NIST as strategies, although they utilized parts of these frameworks. The conclusion is that organizations that consider organizational culture, competence, and human factors, as well as include employees in their cybersecurity strategy, can develop a more robust and sustainable cybersecurity practice.}},
  author       = {{Vigh, Maja and Laremark, Hanna}},
  language     = {{swe}},
  note         = {{Student Paper}},
  title        = {{Cybersäkerhet med medarbetare i fokus: En kvalitativ studie om medarbetares cybersäkerhetsbeteenden inom svenska SME}},
  year         = {{2024}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Cybersäkerhet med medarbetare i fokus: En kvalitativ studie om medarbetares cybersäkerhetsbeteenden inom svenska SME