A lens towards reality : A comparison between theory and reality regarding employees IT-risk awareness at B2B-companies

Abstract: The development of IT-resources today has reached a level towards making companies,especially B2B-companies, depend on the use of IT-resources to a certain level.This contributes to a large scope of important data being used on a daily basis, as a result thisdata becomes an important factor that can help a company succeed or lead them the otherway. The use of IT-risk planning becomes a great factor that can help direct the company inthe correct route. Nevertheless, the amount of time that is put on IT-risk planning today isquite high due to the development of IT-resources. Still there are some human factors thatcontinually get forgotten about that could help make this IT-risk planning even morerighteous. Underlying reasons to why every company within B2B slows down their processeswhen handling a crisis varies pretty often and there is really no consensus to which the mainreasons are. For this cause we’ve had the intent to study the most important factor withinevery business, the human factor e.g. the employees of the business. Thus this study treats thesubject of B2B-employees information security awareness. This work intends to research ifB2B-companies follow information security frameworks that have been developed in thesubject of information security awareness. The aim is to summarize existing theory and createan understanding of different key elements that are needed for an operative business and see ifthese key elements can be recognized within B2B-companies. To be able to investigate thisarea an empirical study has been created and conducted with six different B2B-companies.The primary data consists of semi-structured interviews with employees within both Swedishand European B2B-companies. The collected theory comes from published materials andprevious studies done about IT-risks and employees awareness. Comparison between theoryand empiricism will give answers about B2B-employees information security awareness andwhat can be improved. As result of the research findings it was concluded that there are somekey elements developed about how to improve IT-risk awareness. It has also been empiricallyproven that B2B-employees have lack of knowledge about how to handle IT-risks andmajority of the key elements in information security framework have not been adapted in theinterviewed B2B-companies.