kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cyber-threat perception and risk management in the Swedish financial sector
KTH.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.ORCID iD: 0000-0002-2677-9759
KTH, School of Electrical Engineering and Computer Science (EECS), Human Centered Technology, Media Technology and Interaction Design, MID. RISE Research Institutes of Sweden.ORCID iD: 0000-0003-2017-7914
2021 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 105, article id 102239Article in journal (Refereed) Published
Abstract [en]

The financial sector relies heavily on information systems for business. This study sets out to investigate cyber situational awareness in the financial sector in Sweden, by examining what information elements that are needed for a common operational picture, and exploring how key actors perceive cyber-threats.

Data was collected through a survey and a series of interviews with key actors in the sector in conjunction with a national level crisis management exercise. The data was then analyzed and contrasted to theory. Conclusions were drawn and results discussed. Finally, possible mitigation actions were suggested.

It was found that actors in the Swedish financial sector have a well developed crisis management working concept. However, information about rational adversaries that cause prolonged disturbances is possibly not collected, analyzed and utilized systematically. Much effort is put into ensuring that timely and relevant information from organizations is shared in an efficient manner. The sector perceives cyber-threats against the underlying financial infrastructure, as well as for IT-service availability and data confidentiality, besides financial theft. The sector has particular concerns for the potential of reputational loss due to cyberattacks. There are also special concerns about the insider threat.

Respondents agree that riskmanagement has to account for cyber risk. A possible route to enhance risk management practices is to ensure that cyber personnel are integrated in crisis management teams.

Place, publisher, year, edition, pages
Elsevier, 2021. Vol. 105, article id 102239
Keywords [en]
Situation awareness; Common operational picture; Cyber security; Information assurance; Risk management; Financial sector
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-295001DOI: 10.1016/j.cose.2021.102239ISI: 000643675100012Scopus ID: 2-s2.0-85104154982OAI: oai:DiVA.org:kth-295001DiVA, id: diva2:1555368
Funder
Swedish Armed Forces
Note

QC 20210602

Available from: 2021-05-18 Created: 2021-05-18 Last updated: 2022-06-25Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Varga, StefanBrynielsson, JoelFranke, Ulrik

Search in DiVA

By author/editor
Varga, StefanBrynielsson, JoelFranke, Ulrik
By organisation
KTHTheoretical Computer Science, TCSMedia Technology and Interaction Design, MID
In the same journal
Computers & security (Print)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 123 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf