Cybersecurity-Related Behavior of Personnel in the Norwegian Industry
Original version
IFIP Advances in Information and Communication Technology, vol 674 10.1007/978-3-031-38530-8_20Abstract
Information security policies are formalized rules and regulations that employees should follow to avoid unwanted cyber incidents. This paper reports on the findings of a survey among personnel employed in the Norwegian industrial sector. The survey measured how the respondents self-assess their risky behavior and cognitive awareness regarding the importance and likelihood of cyber security events. A modified version of the Behavioral Cognitive Internet Security Questionnaire was used as the survey instrument. The results indicate that the employees in the target group have a low level of risky behavior and a high level of cognitive awareness and that minimal discrepancy between how respondents self-assess and act in the simulation exists. The result should be of interest to practitioners in the field of cybersecurity since training is attributed as the main driver of the obtained results. Furthermore, strong indications exist that the selected literature and theory do not hold true for the Norwegian industry sector.