A survey of cyber security in the Swedish manufacturing industry
2020 (English)In: 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020, Institute of Electrical and Electronics Engineers Inc. , 2020Conference paper, Published paper (Refereed)
Abstract [en]
In this paper we explore cyber security practices in Swedish manufacturing firms. Manufacturing is being transformed by new technologies under the label of smart industry or industry 4.0. Most of these technologies are either digital themselves or depend on digital connectivity. Their use is made possible by electronic sensors, actuators, and other devices as well as by data-driven analysis. This technological change entails a fundamental shift in risk and security as devices become interconnected, making information and control transmissible both within and to varying degree outside the firm's organization. These issues must be addressed to prevent both unintentional and intentional security incidents. Thus, there will be no smart industry without cyber security. Based on a sector-wide survey with 649 respondents (17% response rate) carried out in collaboration with the Association of Swedish Engineering Industries, we map risk perception and the controls put in place to address these risks across firms. We present three primary findings: (i) Compared to how firms value further investments in digitalization, risk perception related to cyber security issues is fairly low and business interruption is a greater cause for worry than data breach, (ii) there is a gap between the anticipated impact of digitalization and the perceived need for cyber security measures across business functions within firms, and (iii) the implementation of cyber security measures is still in its infancy with a significant bias towards technological measures, leaving organizational and social cyber security measures underrepresented. The paper is concluded with the identification of a few interesting follow-up questions for future work.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc. , 2020.
Keywords [en]
Cyber Insurance, Cyber Risk Assessment, Cyber Risk Propagation, Manufacturing, Security Controls and Standards, Sweden
National Category
Natural Sciences
Identifiers
URN: urn:nbn:se:ri:diva-46816DOI: 10.1109/CyberSA49311.2020.9139673Scopus ID: 2-s2.0-85089231300ISBN: 9781728166902 (print)OAI: oai:DiVA.org:ri-46816DiVA, id: diva2:1460609
Conference
2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020, 15 June 2020 through 19 June 2020
Note
Funding details: Stiftelsen för Strategisk Forskning, SSF; Funding details: Marianne and Marcus Wallenberg Foundation, MMW; Funding text 1: This research was supported by the Marianne and Marcus Wallenberg Foundation, grant no. MMW.2016.0054. U. Franke was also partially supported by the Swedish Foundation for Strategic Research, grant no. SM19-0009.; Funding text 2: 1The first author is currently a part-time guest researcher in cyber insurance at Länsförsäkringar, funded by the Swedish Foundation for Strategic Research.
2020-08-242020-08-242025-09-23Bibliographically approved