Cyber-threat perception and risk management in the Swedish financial sector
2021 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 105, article id 102239Article in journal (Refereed) Published
Abstract [en]
The financial sector relies heavily on information systems for business. This study sets out to investigate cyber situational awareness in the financial sector in Sweden, by examining what information elements that are needed for a common operational picture, and exploring how key actors perceive cyber-threats. Data was collected through a survey and a series of interviews with key actors in the sector in conjunction with a national level crisis management exercise. The data was then analyzed and contrasted to theory. Conclusions were drawn and results discussed. Finally, possible mitigation actions were suggested. It was found that actors in the Swedish financial sector have a well developed crisis management working concept. However, information about rational adversaries that cause prolonged disturbances is possibly not collected, analyzed and utilized systematically. Much effort is put into ensuring that timely and relevant information from organizations is shared in an efficient manner. The sector perceives cyber-threats against the underlying financial infrastructure, as well as for IT-service availability and data confidentiality, besides financial theft. The sector has particular concerns for the potential of reputational loss due to cyberattacks. There are also special concerns about the insider threat. Respondents agree that riskmanagement has to account for cyber risk. A possible route to enhance risk management practices is to ensure that cyber personnel are integrated in crisis management teams. © 2021
Place, publisher, year, edition, pages
Elsevier Ltd , 2021. Vol. 105, article id 102239
Keywords [en]
Common operational picture, Cyber security, Financial sector, Information assurance, Risk management, Situation awareness, Finance, Human resource management, Information management, Risk perception, Crisis management, Cyber threats, Financial sectors, Key Actors, Risks management, Swedishs
National Category
Information Systems
Identifiers
URN: urn:nbn:se:ri:diva-53044DOI: 10.1016/j.cose.2021.102239Scopus ID: 2-s2.0-85104154982OAI: oai:DiVA.org:ri-53044DiVA, id: diva2:1557257
Note
Funding details: Försvarsmakten; Funding text 1: This work was partially funded by the Swedish Armed Forces. We would like to thank the Swedish financial sector’s private-public partnership, FSPOS, and Josefine Rosén, 4C Strategies, for assistance in conjunction with the data collection phase, as well as all the survey respondents and interviewees.
2021-05-252021-05-252023-06-08Bibliographically approved