Skip to main content
SpringerLink
Log in

Cybersecurity-Related Behavior of Personnel in the Norwegian Industry

  • Conference paper
  • First Online:
Human Aspects of Information Security and Assurance (HAISA 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 674))

  • 455 Accesses

Abstract

Information security policies are formalized rules and regulations that employees should follow to avoid unwanted cyber incidents. This paper reports on the findings of a survey among personnel employed in the Norwegian industrial sector. The survey measured how the respondents self-assess their risky behavior and cognitive awareness regarding the importance and likelihood of cyber security events. A modified version of the Behavioral Cognitive Internet Security Questionnaire was used as the survey instrument. The results indicate that the employees in the target group have a low level of risky behavior and a high level of cognitive awareness and that minimal discrepancy between how respondents self-assess and act in the simulation exists. The result should be of interest to practitioners in the field of cybersecurity since training is attributed as the main driver of the obtained results. Furthermore, strong indications exist that the selected literature and theory do not hold true for the Norwegian industry sector.

This work has been funded by the Research Council of Norway under grants 323131 (How to improve Cyber Security performance by researching human behavior and improve processes in an industrial environment) and 310105 (SFI Norwegian Centre for Cybersecurity in Critical Sectors - NORCICS).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cox, A.L., Jr.: What’s wrong with risk matrices? Risk Anal. Int. J. 28(2), 497–512 (2008)

    Article  Google Scholar 

  2. The Brønnøysund Register Centr. https://w2.brreg.no/enhet/sok/index.jsp. Accessed 17 Apr 2023

  3. Fink, A.: How to Conduct Surveys: A Step-by-step Guide. Sage Publications, Thousand Oaks (2015)

    Google Scholar 

  4. Gliem J.A., Gliem R.R.: Calculating, interpreting, and reporting Cronbach’s alpha reliability coefficient for Likert-type scales. In: 2003 Midwest Research to Practice Conference in Adult, Continuing, and Community Education, pp. 82–88. Columbus OH, USA (2003)

    Google Scholar 

  5. Huang, D.-L., Rau, P.-L.P., Salvendy, G.: A survey of factors influencing people’s perception of information security. In: Jacko, J.A. (ed.) HCI 2007. LNCS, vol. 4553, pp. 906–915. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73111-5_100

    Chapter  Google Scholar 

  6. Kocak, C., Egrioglu, E., Yolcu, U., Aladag, C.H.: Computing Cronbach alpha reliability coefficient for fuzzy survey data. Am. J. Intell. Syst. 4(5), 204–213 (2014)

    Google Scholar 

  7. Kruger, H., Toit, T.D., Drevin, L., Maree, N.: Acquiring sentiment towards information security policies through affective computing. In: Proceedings 2020 2nd International Multidisciplinary Information Technology and Engineering Conference (IMITEC), pp. 1–6. IEEE Press, New York City (2020)

    Google Scholar 

  8. Kurowski, S.: Response biases in policy compliance research. Inf. Comput. Secur. 28(3), 445–465 (2019)

    Article  Google Scholar 

  9. Oueslati, N.E., Mrabet, H., Jemai, A., Alhomoud, A.: Comparative study of the common cyber-physical attacks in industry 4.0. In: Proceedings 2019 International Conference on Internet of Things. Embedded Systems and Communications (IINTEC), pp. 1–7. IEEE Press, New York City (2019)

    Google Scholar 

  10. Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Command, Control, Communications and Intelligence Division DSTO Defence Science and Technology Organisation, Edinburgh South Australia 5111, Australia (2010)

    Google Scholar 

  11. Reeves, A., Parsons, K., Calic, D.: Whose risk is it anyway: how do risk perception and organisational commitment affect employee information security awareness? In: Moallem, A. (ed.) HCII 2020. LNCS, vol. 12210, pp. 232–249. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50309-3_16

    Chapter  Google Scholar 

  12. Vaske, J.J., Beaman, J., Sponarski, C.C.: Rethinking internal consistency in Cronbach’s alpha. Leis. Sci. 39(2), 163–173 (2017)

    Article  Google Scholar 

  13. Velki, T.: Psychologists as information-communication system users: is this bridge between information-communication and behavioral science enough to prevent risky online behaviors? In: Proceedings of 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO), pp. 1048–1052. IEEE Press, New York City (2022)

    Google Scholar 

  14. Velki, T., Mayer, A., Norget, J.: Development of a new international behavioral-cognitive internet security questionnaire: preliminary results from Croatian and German samples. In: Proceedings of 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1209–1212. IEEE Press, New York City (2019)

    Google Scholar 

  15. Velki, T., Šolić, K.: Development and validation of a new measurement instrument: the behavioral-cognitive internet security questionnaire (BCISQ). Int. J. Electr. Comput. Eng. Syst. 10(1.), 19–24 (2019)

    Google Scholar 

  16. Velki, T., Šolić, K., Žvanut, B.: Cross-cultural validation and psychometric testing of the Slovenian version of the Croatian behavioral-cognitive internet security questionnaire. Elektrotehniški Vestnik 89(3), 103–108 (2022)

    Google Scholar 

  17. Kannelønning, K., Katsikas, S.K.: A systematic literature review of how cybersecurity-related behavior has been assessed. Information and Computer Security ahead-of-print (ahead-of-print) (2023). https://doi.org/10.1108/ICS-08-2022-0139

  18. McCormac, A., Calic, D., Butavicius, M.A., Parsons, K., Zwaans, T., Pattinson, M.R.: A reliable measure of information security awareness and the identification of bias in responses. Australas. J. Inf. Syst. 21 (2017)

    Google Scholar 

  19. Kitchenham, B., Pfleeger, S.L.: Principles of survey research part 4: questionnaire evaluation. SIGSOFT Softw. Eng. Notes 27(3), 20–23 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Security and Communication Technology, Norwegian University of Science and Technology, 2815, Gjøvik, Norway

    Kristian Kannelønning & Sokratis Katsikas

Authors
  1. Kristian Kannelønning
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sokratis Katsikas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kristian Kannelønning .

Editor information

Editors and Affiliations

  1. University of Nottingham, Nottingham, UK

    Steven Furnell

  2. University of Plymouth, Plymouth, UK

    Nathan Clarke

Rights and permissions

Reprints and permissions

Copyright information

© 2023 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kannelønning, K., Katsikas, S. (2023). Cybersecurity-Related Behavior of Personnel in the Norwegian Industry. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38530-8_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38529-2

  • Online ISBN: 978-3-031-38530-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation