This study examines expectations and responsibilities related to cybersecurity in societally important workplaces in Sweden. The quantitative survey and data analysis show how employees and managers perceive each other's knowledge levels and responsibilities before, during, and after a cyber-incident. Findings indicate a high "shared reality" before an incident, with both employees and managers feeling prepared. However, during an incident, managers believe employees are more competent than employees perceive themselves, suggesting possible overconfidence from leadership. After the incident, there is mutual agreement on responsibility, with managers expected to lead recovery. The study highlights the need for enhanced clarity in cybersecurity training, shared understanding, and clear policies to mitigate organizational vulnerabilities. Results emphasize the importance of a holistic approach to cybersecurity, incorporating technical and human factors to strengthen cyber resilience in societally critical functions.