Organizational Cybersecurity Journal (Apr 2022)
The role of organizational and social factors for information security in a nuclear power industry
Abstract
Purpose – The aim of this study was to explore the organizational and social prerequisites for employees' participative and rule-compliant information security behaviour in Swedish nuclear power production and its related industry. These industries are high-risk activities that must be meticulously secured. Protecting the information security in the related organizations is an essential aspect of this. Design/methodology/approach – Individual in-depth interviews were conducted with 24 employees in two organizations within the nuclear power industry in Sweden. Findings – We found that prerequisites for employees' participative and rule-compliant information security behaviour could be categorized into structural, social and individual aspects. Structural aspects included well-adapted rules, knowledge support and resources. Social aspects included a supportive organizational culture, collaboration and adequate resources, and individual aspects included individual responsibility. Originality/value – The qualitative approach of the study provided comprehensive descriptions of the identified preconditions. The results may thus enable organizations to better promote conditions important for information security in a high-risk industry.
Keywords
