AHFE Open AccessCybersecurity Standards in Critical Infrastructure Protection: A Maturity Model for Finnish SMEs
Abstract
The protection of critical infrastructure such as energy grids, water supply systems, and transportation networks has become a central concern in national and organizational security strategies. These systems form the backbone of societal functionality, and disruptions can lead to severe economic losses, safety risks, and societal instability. As digitalization accelerates, their vulnerability to cyber threats increases, making cybersecurity standards essential for both operational resilience and strategic preparedness. This study investigates whether Finnish companies utilize cybersecurity standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework to safeguard critical infrastructure, and how their adoption influences strategic decision-making, operational practices, competence development, and stakeholder collaboration. These standards support regulatory compliance and unify practices across sectors, but their effective implementation requires leadership commitment, resources, and continuous development, especially in environments where regulation may lag technological change. The findings show that standards are widely adopted, but the extent and effectiveness vary significantly depending on organizational size, industry, and cybersecurity maturity. Larger organizations tend to integrate standards into strategic decision-making and risk management, whereas smaller firms often apply them reactively. The effectiveness of standards is highest when combined with continuous improvement, maturity assessments, and targeted training. Cybersecurity standards are not merely technical guidelines but strategic tools for leadership, planning, and culture-building. To enhance their impact, companies should integrate standards into business strategy and governance, invest in staff training and competence development, leverage expert networks and collaborative partnerships, and actively engage stakeholders, especially in sectors where cybersecurity directly affects operational continuity. This research provides actionable insights for companies, policymakers, and security professionals aiming to improve national resilience through standardized and proactive cybersecurity practices.
Keywords: Security standards, critical infrastructure, risk management, cybersecurity culture, cyber readiness, cyber strategy, strategic decision-making
DOI: 10.54941/ahfe1007043
Cite this paper
More from this volume
- Warnings and Multilingual Audiences
- EAT Da Vinci 3.0_Translating Cinematic Narrative into Media Art Installation
- From Manual to Automated: Enhancing Inclusivity in Foreign Language Education with Technology
- The effect of multi-sensory physical experiences in daily emotional self-tracking service for emotion self-awareness
- Parametric generation based graphic design and spatial expression research
- Gender Stereotypes in Video Gaming: Impacts of Anxiety Levels, Verbal Communication, and Performance
- Exploring Usability And User-experience Metrics With A Novel AR App In The MASTERLY Project
- Drawing Dialogues Between Generative AI and Children with Autism: A Qualitative Study on the Externalization of “Understanding”
- Human-Centered Design of Integrated Food Service Management Systems: Reducing Cognitive Load in Resource-Constrained Kitchen Operations
- The Design Futures Art-driven (DFA) Method: Structuring Art-Tech Collaboration for Sustainable Future of Food System
- Increasing importance of Instinct
- Bridging the Privacy Gap: Stakeholder Solutions to Support Transparent Data Management Practices in Digital Health Research