Examining Bounded Rationality Influences on Decisions Concerning Information Security : A Study That Connects Bounded Rationality and Information Security

Abstract: This study investigates the impact of bounded rationality on information security decisions in public Swedish authorities. The research addresses how cognitive limitations and organizational dynamics shape decisions in this area. Utilizing qualitative research methods, in-depth interviews and document analysis, the study provides nuanced insights into decision-making processes. A thematic analysis identifies six recurring themes influencing decision-making: Awareness & Knowledge, Individual Characteristics, Organizational Culture & Behavioral Patterns, Organization & Execution, Regulatory Frameworks & Management, Responsibility & Obligation.  The findings reveal significant influences and barriers in implementing effective security strategies, making a theoretical contribution to information security management in public sectors. This research highlights the importance of understanding human behavior in information security, offering insights to shape strategic directions for policy and practical implementation to enhance organizational and national cybersecurity resilience.