Primary data: the interview approach

As an important part of providing a holistic view of the exploratory study of cyber security in Denmark, we have conducted interviews from sources with a close relation to the core issues of cyber security. In line with our philosophic stance and our ethnographic approach when interviewing, we are strongly interpretivistic. Thereby the meaning will be analysed from the statements of the interviewees and used to answer our research question.

We conducted a total of 19 interviews with relevant actors that we believe are core actors within the field of cyber security in Denmark (see data sample below) which lasted from between 30 minutes to 1,5 hours. The interviews consist mostly of semi-structured interviews, which have therefore been non-standardized, while some have been unstructured. This has given us the possibility of obtaining in-depth information from relevant actors from both public institutions and private organizations, as this type of data collection is particularly useful when “the research problem refers to a wide-ranging problem area and you as a researcher need to detect and identify the issues relevant to understanding the situation” (Blumberg et al., 2008: 386). As we wanted to discover what our respondents considered most important concerning cyber security and what concerns (if any) they had with the current solutions, the interview approach became the most suitable. They shared similar opinions, without being encouraged. Conducting interviews is also important in answering our research question and the data from the interviews is therefore a core element because the interviewees are providing us with unique knowledge about a very closed and inaccessible field.

As an extension of the research approach, the choice of methodological approach was to make an ethnographic study through interviews. We found this approach most ideal, because it allowed us to

meet the people working with this highly sensitive area and thereby it was easier to have an honest conversation and thereby create trust. An ethnographic study “is a concrete version of the semantic explanatory program” (Abbott, 2004: 27), which “explains the world of social particulars by assimilating it to more and more general patterns, searching for regularities over time or across social space” (Ibid.: 28). The function of the ethnographic study is that it allows us to, through the interviews, search for common regularities across the different sectors (social space) and thereby analyse these in regards to the theory of securitization. This type of study is contextual, which is related to situated knowledge. It also allows us to have a direct interpretation of the statements from the interviews (Ibid.).

By using the small-N analysis, there are some critical reflections one needs to consider. A critical argument towards a small-N analysis is that if there is more than one researcher, which in our case is the situation, then the researchers involved might not be viewing the same data in the same way (Ibid.). We carefully considered this before conducting the interviews and therefore we were both present during all the interviews. By both being present during the interviews this prevented us from potential conflicts or misunderstandings of the data collected because we both analysed the same data.

The interviews were all semi- or unstructured, which means that we did not predefine possible explanations or ideas. Hence, we ensured that we covered important areas, based on the secondary data, but left it open to the interviewee to express novel and intriguing thoughts on an issue. At the same time, we as researchers, still had the possibility to define and control the situation as we introduced important topics and were able to follow up with critical questions to the answers given by the interviewees (Kvale & Brinkmann, 2009). In semi-structured interviews there is a list of themes that one wants to cover. The method is very open and therefore we had certain themes that we wanted to discuss, but they were not organized in a strict order. The questions varied from interview to interview as the context of the interviewee and the organization interviewed in relation to the research topic also varied. We therefore had an interview guide that contained questions in order to cover certain topics during the interview. Although the interviewees were asked the same core questions, some questions were added as the interview process proceeded because some of the interviewees raised interesting concerns and issues we wanted to further address in later interviews. And as Kvale and Brinkmann state that it depends on the study how strictly the researcher sticks to the questions and the sequence of these (Ibid.), we decided to leave this rather open in order to

invite the interviewee to give their perspective on the topic, as seen in the examples from our research themes and questions:

Themes:

-­‐ The position of the company/state organization -­‐ Level of threat

-­‐ Relationship between state and private corporations -­‐ Difficulties for the current state of cyber security -­‐ Potential solutions for better handling cyber security General questions:

-­‐ What do you see as the largest threats within cyber security?

-­‐ What are the biggest challenges for securing cyber space/IT systems? -­‐ Is the organization you work for subjected to attacks?

-­‐ How do you view the current situation of cyber threats for companies/state organizations in general?

-­‐ Do you cooperate with any other firms/public actors? Who do you cooperate with? -­‐ What are the benefits/challenges of cooperating with other actors?

-­‐ How could cyber security become better?

The topics and questions were chosen after studying the field of cyber security in Denmark and finding issues that we wanted to further research. We found private and public cooperation on the issue important, as well as discovering potential problems in how cyber threats were dealt with in Denmark. The questions were therefore chosen in line with these findings. Furthermore, these questions and topics were chosen because we wanted to get an overview over how cyber threats are currently dealt with in Denmark. Therefore we chose questions that gave the interviewee the possibility to speak broadly on the topic, and we could thereby get into the issues that were intriguing.

As the flow of the conversation was unique for each interview, the order of the questions also changed for each single interview, which is a characteristic of semi-structured interviews (Saunders et al., 2007). This was because certain interviewees addressed issues that were interesting and important to our research, and we therefore added those themes to the following interview in order

to get further insight into the topic and to test if there were common opinions on the topic. An issue that we were made aware of during our interview with Kirstine Rytter, exemplifying this, was that there is currently no security strategy in accordance with the digitalization strategy and that this is a severe problem. This was an interesting statement that we wanted to get further insight into. We therefore addressed this issue in later interviews with both public and private actors, which gave us interesting insight into what was the general discussion on this. Furthermore, questions were also added to the set of questions prepared when the interviewee addressed certain issues of interest that we found intriguing and therefore wanted to address further in the interview. The interviews took form as a conversation, meaning that we did not interrupt the interviewee if s/he wanted to address certain issues that were not prepared by us. This led to discussions that were highly valuable to our data set.

The unstructured interviews with people in academia, Kristian Søby Kristensen and Peter Lauritsen, as well as with journalist Anders Rostgaard, were conducted to give a critical perspective towards our approach to cyber security. Søby Kristensen researches the military within the social sciences and has had little contact with cyber security, he was therefore rewarding to interview to see which direction cyber security was interesting. Likewise was Peter Lauritsen intriguing to interview, because his expertise within surveillance provided an interesting perspective. These interviews were also in-depth, but we did not have a set of questions we wanted answered. Rather we had an idea of the aspects we wanted explored with their expertise, and the interviewee was therefore given the opportunity to talk freely on topics they found relevant. This form of interview has been labelled an informant interview, as it is the interviewee´s ideas that guide the interview (Ibid.). The information they presented was used as guidance for further research, it was therefore highly usable and was a part of the theoretical delimitation considerations we had.

After all the interviews were conducted and before we started working with the analysis, we listened through all the interviews and divided their main arguments into groups. By dividing the main arguments into groups, this gave us an overview of core issues and thereby we could conduct meaning condensations of the interviews. Meaning condensation means creating a synopsis of shorter statements based on all the meanings expressed in the interviews (Kvale & Brinkmann, 2009). The meaning condensation we carried through was based on the steps proposed by Kvale and Brinkmann. We listened through the interviews in order to gather the core argument. We then

thematised to search for consistency in the statements from the interviewee´s point of view as understood by us, and thereby related the meaning unit with the purpose of the study. Lastly we made the themes into descriptive statements. When finishing off the work of the meaning condensation we collected the condensation from each interview and compared them, with the aim to extract the main sense of what was said and thereby create some core arguments, on which to build the analysis. But before we go on to the analysis we will look at the issues of reliability and validity.