How many shades of NIS? Understanding organisational cultures and sectoral differences during cyber security policy implementation

Project Details


The project will develop an empirically-grounded understanding of the role and impact of organizational cybersecurity culture and practice across essential infrastructure sectors on the UK’s implementation of the NIS directive. Through fieldwork and subsequent analysis of the data and modelling of cybersecurity controls in the extensive Bristol Cyber Security testbed, we will uncover organizational and sectoral differences, for instance, in the way which people work, what technologies (software/hardware) are relied upon, what additional compliance requirements exist. This will yield key insights about the NIS objectives that are already achieved, the ones difficult to effectively realize and potential blind spots arising from organizational cultures and sectoral practices. This will lead to an understanding of the drivers and potential obstructions to UK’s implementation of NIS across operators of essential infrastructures. To achieve this, the project brings together an inter-disciplinary team at the University of Bristol drawing upon expertise in socio-technical approaches to cybersecurity of critical national infrastructure, human and organizational aspects of security and social and regulatory aspects.
Effective start/end date1/08/1931/03/21


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.