Corporate digital responsibility - Managing cyberattacks in Swedish companies (CODIRES)

A person in black hoodie with the binary code in background.

The project wants to understand the social construction and organisation of digital responsibility of digitally active companies.

Little is known about how companies deal with cyber-attacks and how do roles, obligations, rights, and responsibilities of organizational members evolve in mastering these attacks. The effects of the digital transformation have had however far-reaching effects on society, politics, organizations, and individuals. As a result, both the benefits and risks associated with the emerging digital transformation are increasing. In Sweden, it is said that the annual cost as a result of cyber-attacks for technology companies is SEK 16 billion a year. Other sectors are affected likewise. Major cyber-attacks in Sweden forced, for instance, most Coop's stores to close after a global cyberattack that knocked out the grocery chain’s cash register system. Furthermore, the new European cybersecurity and data protection regulations indicate information and cyber security are an important issue. Against this background, the project aims to investigate how organizations construct and organize the company’s digital responsibility.

Our research results should contribute with new knowledge about how digitally active companies socially construct and develop digital (non-)responsibility. To this end, we no longer view organizations as recipients of societal expectations and regulations or victims of cyber-attacks. We perceive them as creators of digital responsibility. This theoretical shift is important to overcome a static approach to the digital responsibility of companies and to develop a process approach in which organizations can learn from the (un)intended consequences of digital (non-)responsibility and develop a proactive attitude towards digital demands. The results will also benefit governmental agencies and industry organizations who will gain a better understanding of how organizations can effectively manage and prevent cyber-attacks.

The project uses a mix method approach which combines expert interviews about cyber-accidents, a qualitative multi-case study, digital text analysis with further quantitative data from a survey among digitally active companies in Sweden.

A reference group established alongside the project involves other disciplines and secures the perspective of further national and international stakeholders.

Between 2022 and 2024, the project is financed by the Swedish Research Council (project no. 2021-06313).

Contact

Publications

2024

Arne Jönsson, Subhomoy Bandyopadhyay, Svjetlana Pantic-Dragisic, Andrea Fried (2024) Analyses of information security standards on data crawled from company web sites using SweClarin resources Proceedings of the CLARIN Annual Conference 2023 (Conference paper)
Andrea Fried, Elif Härkönen (2024) Organising regulation - A discourse analysis of digital operational resilience in regulatory conversations
Josefine Rasmussen, Mikael Ottosson, Henrik Nehler, Andrea Fried (2024) CONSENSYS: Controllern - en outforskad aktör i omställningen mot hållbara energisystem: Resultat och praktiska implikationer

2023

Besmag Glaa, Andrea Fried, Per Frankelius (2023) Standardisation of technological innovations in agriculture: Avenues for future research on co-regulation Journal of Standardisation, Vol. 2 (Article in journal) Continue to DOI
Andrea Fried, Peter Walgenbach (2023) Organizing corporate governance - A process model of rule enactment in organizations. EURAS & SIIT conference proceedings 2023 (Conference paper)

Organisation