| dc.description.abstract | In a technical and digitally evolving world, cyber risk has grown to be the most relevant type of risk affecting every part of society. This is also the case for banks in Norway, which in the last years have become increasingly digitalized. On one hand, technical tools and development provide opportunities for efficient, practical, and cost-reducing banking services. On the other hand, the rapid progress of technological tools and systems promotes known and unknown cyber risks, that can be complex to comprehend. Thus, a strong understanding of how cyber risks are perceived, and how the perception has implications on the management of such risks, is deemed vital to enhance management and communication of cyber risks. This has been the core focus of this thesis, which has explored the following topic question:
“What influences the cyber risk perception within the Norwegian banking sector, and what implications does the risk perception have on the cyber risk management?”
This thesis has utilized a qualitative research design to explore the topic question. This includes a combination of document analysis of reports and previous literature and five semi-structured interviews of professionals working at different levels within the banking sector. Moreover, key theoretical concepts from the field of risk perception studies have been actively utilized to analyze the collected data.
On the foundational level, this thesis has highlighted the absence of a clear and collective risk definition and limited attention to uncertainties within the banking sector. Drawing from this, the overall results from of this thesis suggests that various factors shape the cyber risk perception of bank professionals in The Norwegian banking sector. Despite engaging in certain cyber risks voluntarily, the results from this thesis suggests that most cyber risks are perceived to be involuntary, and uncontrollable due to fast technological developments, geopolitical tensions, high complexity, and interdependencies. Moreover, the cyber risk perception is also shaped by the perception of high-stake consequences, and people’s knowledge about such risks. As for how the cyber risk perception has implications for the management of such risks, this thesis has highlighted that there is increased attention on the management of cyber risks across the financial industry. This entails frequent assessments of the threat landscape, technologies, and efforts to create a healthy risk culture. However, despite this, the banks are still open to understanding and manging cyber risk as they want if regulatory requirements are fulfilled. | |