In today's digital landscape cyber threats are an evolving and rapidly growing problem. To counteract the growing threat organizations invest large amounts of financial resources in technical cybersecurity solutions to protect software and vital information. On the other hand, research shows that the weakest link in cybersecurity is the human factor. Therefore, establishing an organizational culture that enables the optimum cybersecurity risk management is vital for the safety of the organization's information and infrastructure. However, there is a lack of research showing the impact of organizational culture on cybersecurity risk.

This study aims to investigate the influence of organizational culture on cybersecurity risk. Furthermore, this study aims to spread awareness on the topic of cybersecurity and give new insights on how organizations can counteract cybersecurity on a social level.

To investigate this topic the authors aim is to answer the following research question: “What are the organizational culture factors that influence cybersecurity risk in a large Swedish company in the transport solution sector, and how do they do so?”

This research is carried out as a case study at one of Sweden's largest transport solution companies, Scania. Employing a qualitative approach, the study relies on interviews as the primary method of data collection. Five interviews were conducted and serve as the cornerstone of this investigation. The gathered data underwent thematic analysis to identify prevalent patterns and themes, providing valuable insights into the subject.

Our research found that effective leadership and open communication foster accountability, incident reporting, and understanding of security protocols. Employee engagement and a culture of respect and trust minimize insider threats and human errors. Continuous competency development ensures readiness for cybersecurity challenges. Scania's emphasis on values and communication builds trust and security, while a family-like atmosphere reduces insider threats.

The study highlights the role of trust and communication, nurtured by a leadership grounded in values when addressing cybersecurity challenges. Employees tend to perceive cybersecurity as less important, often seeing it as a burden. While the company's family atmosphere promotes equality and support, discussions about cybersecurity may be hindered. Despite efforts in training, there remains a significant lack of awareness among employees. Integrating cybersecurity seamlessly into the organizational structure could increase collective responsibility.