Send message to Contributor

Short abstract:

Workshop

Abstract:

In the field of cybersecurity, it is a common frustration for authorities and cybersecurity experts that people in small and medium-sized enterprises (SMEs) do not follow official advice. At times, the ‘incompliant behaviour’ of SMEs is even depicted as a severe risk for digitized societies such Denmark. A hole in the national defense so to speak. Stepping into this rather tense situation of shaming and blaming narratives, we have conducted a large ethnographic study of 30 Danish SMEs. Through more than 50 interviews we examined the intricacies of local practice, and we uncovered what we described as “’good’ organizational reasons for ‘bad’ cybersecurity practices” (Kocksch & Elgaard Jensen 2023). We found that many cybersecurity problems in SME do not come in the shape of a clearly defined problems which can be solved by a technical solution. Instead, SMEs often encounter cybersecurity problems as dilemmas they must endure or manage in ad hoc and sometimes clumsy ways. To bring these practical realities to the attention of authorities and cybersecurity experts we have developed a dilemma board game. Each game starts with the dramatized depiction of a dilemma we have encountered in our field work. The 3-4 players are then asked to develop ideas for handling these dilemmas. The game includes a series of cards that suggest various resources and strategies that are often available to SMEs. The Making & Doing presentation invites participants to play a 20-minute version of the dilemma game.