Understanding real-world cybersecurity incident responses in Sweden

This pilot study delves into a comprehensive analysis of real-world cybersecurity incidents that have impacted various sectors within society. By examining the measures taken during and post-incident and the reevaluation of organisational security strategies, this study aims to uncover insights that could reshape future security practices.

The core hypothesis driving this study is multifaceted. Firstly, it postulates that organizations that have previously experienced major cybersecurity incidents are better equipped to handle subsequent incidents due to their transition to a heightened state of readiness for the vulnerabilities encountered in attacks, as well as for future cybersecurity threats in general. These experiences comprises both elevated security and awareness of vulnerabilities, as well as resilience through adapting practices that can cope operationally with disturbances in IT-systems, no matter their cause.

Furthermore, the study acknowledges the intricate interplay of human, organisational, and technological factors within cybersecurity incidents and their aftermath. It recognizes that robust security encompasses not only technological prowess, but also effective people-centric processes. The triad of people, processes, and technology forms the backbone of security, with individuals as the linchpin binding them together. Relatedly, the study recognises the importance of designing both technology and organisational structures to empower individuals to make informed decisions and navigate emerging risks in the rapidly evolving digital landscape.

The research draws on our ongoing investigation in human-centred cybersecurity leveraging insights from behavioural science to understand the decision-making processes involved in incident responses. The pilot study encompasses a diverse set of cybersecurity incidents that have occurred across different sectors in Sweden. From a ransomware incident that had far-reaching consequences for a local municipality to high-profile attacks on multinational corporations and sensitive medical records leakage, the study spans incidents with significant societal implications. The insights collected from these cases are expected to pave the way for continued research with tangible societal relevance, empowering stakeholders to effectively navigate the aftermath of cybersecurity incidents.

The outcomes of this pilot study are anticipated to extend beyond academia. The methods and competences cultivated through this research are poised to become invaluable assets, sought-after by industries and stakeholders alike to bolster their readiness and resilience against future incidents. As industry players grapple with the ever-present threat of cyberattacks, the research conducted here holds the potential to forge a path towards systematic learning from real-world incident experiences.