Managing the risks associated with IT security and data privacy in the software development industry : Challenges related to operational, financial, and reputational risks

Sammanfattning: This thesis examines how organisations within the IT software development industry manage risks associated with IT security and data privacy, with factors such as a growth in digitalisation and the Covid-19 pandemic. The research consists of four separate cases with interviewees in managerial positions in four different organisations.  The research shows the risks and challenges from an operational, financial, and reputational perspective. Development of the existing methods has been identified using cryptocurrencies as means to expose system vulnerabilities, an increase in monitoring and surveillance, which comes with considerations of follow-up and communication, along with the concept of moral hazards and their future implications. Furthermore, IT security organisations strive towards a risk tolerance approaching zero, as a result, discrepancies can occur between growth and risk. Considerations towards the compliance of data privacy must also be made, as new legislations take shape while being attentive to the stakeholders' changes in demands and expectations.  Contributions are made towards the field of risk management and IT security by taking a new era of digitalisation into consideration, giving the field an updated outlook for the future as the importance of data privacy and IT security is increasing. Therefore, the thesis provides valuable information that can be used as guidelines for organisations in this rapidly developing global environment.