An investigation into cyber security risk mitigation and the human factor in developing a cyber security culture - A comparative analysis of two maritime companies in Norway

Abstract

The objective of this study is to conduct an analysis of two maritime companies located in Norway, investigating the participants knowledge and behaviours contributing as human factors shaping the companies cyber security culture. The aim for this research is to assess the risk mitigation measures implemented by the two selected companies in response to cyber threats. 5 employees from two separate companies were interviewed and there was performed an analysis on the results of 10 individual interviews. The results of the research show that there is a lot of information and guidelines regarding cyber security on the intranet of each company, however not all the employees check this site and therefore is not aware of the information and guidelines. In addition, communication from senior management regarding this issue is low and most of the information comes through the IT department. Also, it was detected that onboarding cyber security training was at high priority, however the yearly training and awareness courses varied. Based on findings the study proposes as solutions for a “cyber security champion” in every office in the organization to help improve the awareness and make sure that all of the employees understand the guidelines.