PhD position on Learning from cyberincidents in an ecosystem of shared responsibility

About the Project:

Organizations are increasingly subject to cyberattacks. In 2021 the volume and impact of cyberattacks on Dutch organizations rose significantly (NCTV, 2022). Furthermore, organizational disruption – and possibly societal disruption – caused by cyberattacks is perceived to be inevitable. Following a ransomware attack, Maastricht University (2020) reported from an internal investigation that about 20% of employees opens phishing mail. As the evaluation of this case indicates, it may take just one of a few employees to open a phishing mail for an organization to be disrupted.Therefore, it may not be a matter if an organization will be affected by cyberattacks, but when.

Broadly speaking, there are two possible reactions to this alarming situation: repression and resilience. With repression, designated officers (oftentimes the Chief Information Security Officer [CISO]) do everything possible to avoid a failure, with high costs and the awareness that a failure will eventually be still unavoidable. This is called Safety-1, “it sees the bad, but is blind to the good” Alternatively, one could focus on resilience engineering (or: Safety-2;). Here the appreciation of the system’s interdependence calls for the cultivation of cyberresilience – the collective ability to prevent cyberattacks, to contain the impact in case of infection, and to bounce back following an incident. Cyberresilience is a shared responsibility of different actors in organizations, since it may take just one person opening phishing mail to hijack an entire organization. So, cultivating shared responsibility for cyberresilience calls for awareness and inclusion of different types and levels of societal ecosystems.

In this project, they will explore how they can apply a Safety-II and ‘just culture’ approach that enables organizations to cultivate a shared responsibility for cybersecurtity based on the principles of trust, flexibility, and resilience instead of the implicit, contemporary Safety-I approach of cybersecurity rooted in the principles distrust, control and vulnerability.

Your profile:

• You are an enthusiastic and highly motivated researcher.
• You have, or will shortly, acquire a master degree in social sciences (e.g., Organisational Sciences, Psychology, Communication Sciences) preferably in relation to safety and security topics.
• You have proven experience with both qualitative and quantitative research methodologies.
• You have a creative mindset and excellent analytical and communication skills.
• You have a good team spirit and like to work in an interdisciplinary and internationally oriented environment.
• You enjoy working in multidisciplinary teams as well as with partners from practice. 
• You are interested in developing and providing workshops/training sessions for practitioners.
• You are interested in participating in educational activities (for practice).
• You are proficient in English (verbal and written).

Their offer:

• As a PhD student at UT, you will be appointed to a full-time position for four years, with a qualifier in the first year, within a very stimulating and exciting scientific environment;
• The University and partner institutes offer a dynamic ecosystem with enthusiastic colleagues;
• Your salary and associated conditions are in accordance with the collective labour agreement for Dutch universities (CAO-NU);
• You will receive a gross monthly salary ranging from € 2.443,- (first year) to € 3.122,- (fourth year);
• There are excellent benefits including a holiday allowance of 8% of the gross annual salary, an end-of-year bonus of 8.3%, and a solid pension scheme;
• A family-friendly institution that offers parental leave (both paid and unpaid);
• You will have a training programme as part of the Twente Graduate School where you and your supervisors will determine a plan for a suitable education and supervision;
• Part of this training programme will be filled by training developed especially by the CVD partners;
• They encourage a high degree of responsibility and independence while collaborating with close colleagues, researchers and other staff.

About the organization:

The Faculty of Behavioral, Management and Social sciences (BMS) aims to play a key role in understanding, jointly developing and evaluating innovations in society. Technological developments are the engine of innovation. As a technical university that puts people first, they tailor them to human needs and behavior and use social engineering to integrate them into society. They also ensure adequate governance at public and private level, and robust, inclusive and fair organizational structures. They do this by developing, sharing and applying high-quality knowledge in Psychology, Business Administration, Public Administration, Communication Sciences, Philosophy, Educational Sciences and Health Sciences. Our research and education in these disciplines revolves around tackling and solving societal challenges. The research programs of BMS are closely linked to the research of the UT institutes Mesa+ Institute for Nanotechnology, TechMed Center and Digital Society Institute.

As an employer, the Faculty of BMS offers work that matters. They equip you to create new possibilities for yourself and for their society. With them, you will become part of a leading technical university with increasing, positive social impact. They offer an open, inclusive and entrepreneurial atmosphere, in which they encourage you to make healthy choices, for example through our flexible, adaptable benefits.

By clicking the application button, you will be navigated to the website of the University of Twente. In case the link is not working anymore, the vacancy has expired and you will no longer be able to apply. We try to keep our job database as up-to-date as possible, we would very much appreciate it if you could let us know in case a link is not working? You can do this by sending an e-mail to vacatures@twente.com. 

Would you like to be kept up-to-date about other interesting jobs in Twente, then sign up here and create your own job account!