Due to the prevailing threat landscape in Norway, it is imperative for organizations to safe-
guard their infrastructures against cyber threats. One of the technologies that is advan-
tageous against these threats is defensive cyber deception, which is an approach in cyber
security that aims to be proactive, to interact with the attackers, trick them, deceive them
and use this to the defenders advantage. This type of technology can help organizations
defend against sophisticated threat actors that are able to avoid more traditional defensive
mechanisms, such as Intrusion Detection Systems (IDS) or Intrusion Prevention Systems
(IPS). In order to aid the adoption of defensive cyber deception in Norway, we asked the
question: "What affects the adoption of defensive cyber deception in organizations in Nor-
way?". To answer this question, we utilized the Technology, Organization, and Environment
(TOE) Framework to identity what factors affect an organization’s adoption of defensive
cyber deception. Through our use of the framework, we identified eighteen different factors
which affect an organization’s adoption of defensive cyber deception. These factors are the
product of the empirical data analysis from eight different semi-structured interview with
individuals from six different organizations in Norway. The main theoretical implications
of our research is the introduction of a TOE model for defensive cyber deception, focusing
specifically on organizations in Norway as well as contributing with a maturity estimate
model for defensive cyber deception. For the practical implications of our research, we have
identified seven different benefits that defensive cyber deception provides. We are also con-
tributing to raising the awareness of defensive cyber deception in Norwegian research and
we hope that our TOE model can aid organizations that are considering adopting the tech-
nology. We hope that these implications and contributions can act as a spark for both the
adoption of defensive cyber deception in organizations as well as the start of a new wave for
the cyber security researchers within Norway.
Keywords: Cyber Security, Defensive Cyber Deception, TOE Framework, Adoptio