How do Norwegian enterprises create awareness of cyber security?

Abstract

The increasing digitisation of society means that Norwegian enterprises experience daily cyberattacks. Most successful attacks today are due to human error, and cybersecurity awareness has never been more important. We therefore ask: How do Norwegian enterprises create awareness of cybersecurity? We have interviewed managers from 16 Norwegian enterprises of different sizes and from different sectors and compared them based on size, public versus private sector, and tolerance for cybersecurity breaches. The results show that almost all the enterprises offer some form of course or training, but completion is not always compulsory. Paradoxically, and somewhat worryingly, the informants who reported least security knowledge were the ones who expressed the greatest satisfaction with their security work and were least concerned about attacks. Many small and private enterprises had chosen to outsource cybersecurity, but did not always have detailed knowledge of the cyberdefences that were set up for them. The study indicates that Norwegian enterprises are implementing measures to create awareness around cybersecurity, but that many areas can still be improved, with different challenges facing different enterprise types.