Cybersecurity and Safety: A Clash or a Union of Cultures? with Claire Blackett, 23/10, 2024

What?

During the last few years, events and breaches connected with cybersecurity have on a global scale shown why cybersecurity is something that needs to be handled and managed within organisations. With the rise of AI, the risk of accidently being fooled and attacked is also constantly increasing. Furthermore, with new directives from the EU such as NIS2 and DORA, legislation is soon implemented that will have an impact on how organisations are handling and aiming to achieve a common level of cybersecurity.

Much like in the early days of safety culture, some surveys relating to cybersecurity events state that between 75% and 95% of the causes leading to the breach are labelled as “human error”. Some organisations have therefore started to take steps toward implementing a cybersecurity culture with the aim of promoting desired cybersecurity behaviors. Some of these organisations also have an aim and a process of implementing a parallel safety culture relating to occupational health and safety.

But are the aims and goals of cybersecurity culture and safety culture able to be combined or are they conflicting?

Not much research has been done on cybersecurity culture, but SÄKU was happy to invite Claire Blackett, senior researcher at SÄKU member Risk Pilot, to present her thoughts and preliminary results on the topic. During the autumn of 2024, Claire and Asreen Rostami, senior researcher in Technologies for Interaction at the Swedish state owned research institute RISE, are also working on drafting a white paper on the subject.

The webinar held aimed to be a first stepping stone in introducing this important subject to SÄKU members and the potential risks that might happen if not we learn from the lessons of safety culture implementation when addressing cybersecurity issues. We believe that you as safety professionals have a lot to add to the cybersecurity discussion, and the webinar featured lots of interaction and Mentimeter online polling with with the participants. Together we think we can start a broad discussion on this subject regardless of sector and perhaps open up the possibilities of further research.

As always, we had a Q&A part to end the webinar.

The webinar was held in English.

About Claire Blackett

Dr. Claire Blackett is a Senior Human Factors Consultant at Risk Pilot in Sweden. Claire has almost 20 years’ experience working as a Human Factors specialist in both industry and research, including 11 years as a research scientist at the Halden Reactor Project in Norway. Claire has a background in root cause analysis for accident investigation, with a PhD in this topic. She has worked primarily in the nuclear industry throughout her career, providing human factors and human reliability analysis support to nuclear safety cases, as well as conducting human factors engineering assessments and providing input to event investigations at commercial nuclear sites. Claire also has experience from the petroleum, maritime, rail, healthcare, and process industries, and continues to work in these domains today.

Material

Presentation

Claire's presentation from the webinar can be downloaded HERE.

Research report

During the presentation, Claire mentioned a research paper that tries to find the source of the “80% of accidents due to human error” claim. You can find the paper HERE.

Claire's Conference Paper on Safety Culture & Cybersecurity Culture

In the spring of 2025, Claire published a Conference Paper on the subject of Safety Culture & Cybersecurity Culture. The paper goes a little further into safety culture theory, identifying where cybersecurity culture efforts have mirrored safety culture, and also where there are opportunities for further learning from safety culture. You can find the paper HERE.

Mentimeter

Ten Mentimeter questions were asked to the participants. The questions were:

1. What are the top three words that come to mind when you think of “cybersecurity culture”?

2. How important do you believe cybersecurity culture is to the overall safety culture of an organization?

3. Which of the following best describes your organization's current approach to cybersecurity?

4. How frequently are cybersecurity and safety culture discussed together in your organization?

5. Which of the following would you consider the greatest challenge in building a strong cybersecurity culture?

6. What do you think is the most critical element of a successful cybersecurity culture?

7. In your view, how could a strong cybersecurity culture positively impact organizational safety?

8. What are the top three lessons from safety culture that could benefit cybersecurity culture?

9. Do you believe there is potential for conflict between the goals of safety culture and cybersecurity culture in your organization? If yes, in what areas do you think these conflicts arise

10. What is one action your organization could take to improve its cybersecurity culture?

The result from each of the ten Mentimeter polling questions can be seen below.

You can also download the results to all ten questions in a combined pdf file HERE.

Q7: In your view, how could a strong cybersecurity culture positively impact organizational safety? The result can be downloaded HERE.

Q8: What are the top three lessons from safety culture that could benefit cybersecurity culture? The result can be downloaded HERE.

Q10: What is one action your organization could take to improve its cybersecurity culture? The result can be downloaded HERE.

Contact information

If you want to get in touch with Claire, you can connect with her on LinkedIn and/or through her email:

• Claire Blackett: claire.blackett@riskpilot.se 

Recording

A recording of the webinar can be seen on SÄKUPlay (Youtube) below.