Elda Paja

Asmita Dalela, Saverio Giallorenzo, Oksana Kulyk et al.

Increased levels of digitalization in society expose companies to new security threats, requiring them to establish adequate security and privacy measures. Additionally, the presence of exogenous forces like new regulations, e.g., GDPR and the global COVID-19 pandemic, pose new challenges for companies that should preserve an adequate level of security while having to adapt to change. In this paper, we investigate such challenges through a two-phase study in companies located in Denmark -- a country characterized by a high level of digitalization and trust -- focusing on software development and tech-related companies. Our results show a number of issues, most notably i) a misalignment between software developers and management when it comes to the implementation of security and privacy measures, ii) difficulties in adapting company practices in light of implementing GDPR compliance, and iii) different views on the need to adapt security measures to cope with the COVID-19 pandemic.

Camilla Nadja Fleron, Jonas Kofod Jørgensen, Oksana Kulyk et al.

Although Denmark is reportedly one of the most digitised countries in Europe, IT security in Danish companies has not followed along. To shed light into the challenges that companies experience with implementing IT security, we conducted a preliminary study running semi-structured interviews with four employees from four different companies, asking about their IT security and what they need to reduce risks of cyber threats. Our results show that companies are lacking fundamental security protection and are in need of guidance and tools to help them implementing basic security practices, while raising awareness of cyber threats. Based on our findings and with the inspiration of the latest reports and international security standards, we discuss steps towards further investigation towards developing a framework targeting SMEs that want to adopt straightforward and actionable IT security guidance.