Umeå University's logo

Organizations need to protect themselves from cyber threats and a variety of methods exist to mitigate these risks. Factors such as rapid digitalization, expedited by Covid-19, have only made cybersecurity threats a growing concern. Most research within the IS field has focused on technical methods to mitigate risk, leaving non-technical methods less explored. The aim of this study was to develop a deeper understanding of managers’, at different levels, perceived understanding, and influence to achieve cybersecurity readiness in order to identify barriers. Further, an objective was to develop possible strategies to mitigate identified risks associated with these barriers. To fulfill this aim, a case study was conducted at a municipality-owned organization who have taken the initiative to raise cybersecurity awareness. Six interviews were conducted with managers from both senior- and middle management, and cybersecurity governance documents were collected. In our findings, we identified three main themes with associated barriers to achieving cybersecurity readiness. These include barriers associated with (1) organizational and managerial factors, (2) pitfalls in communication, and (3) policy and instructions. The study contributes to an understanding of different barriers that managers at different levels might perceive and suggests possible strategies for mitigating the risks associated with said barriers.