To read this content please select one of the options below:

Enhancing cyber security behavior: an internal social marketing approach

Hiep Cong Pham (School of Business and Management, RMIT University Vietnam, Hanoi, Vietnam)
Linda Brennan (School of Media and Communication, RMIT University, Melbourne, Australia)
Lukas Parker (School of Media and Communication, RMIT University, Melbourne, Australia)
Nhat Tram Phan-Le (School of Business and Management, RMIT University Vietnam, Hanoi, Vietnam)
Irfan Ulhaq (School of Business and Management, RMIT University Vietnam, Hanoi, Vietnam)
Mathews Zanda Nkhoma (School of Business and Management, RMIT University Vietnam, Ho Chi Minh City, Vietnam)
Minh Nhat Nguyen (School of Business and Management, RMIT University Vietnam, Hanoi, Vietnam)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 14 October 2019

Issue publication date: 14 October 2019

1615

Abstract

Purpose

Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees’ interactions within an organization’s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance.

Design/methodology/approach

This study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework.

Findings

The study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users’ security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the “pain points” of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance.

Originality/value

The study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.

Keywords

Citation

Pham, H.C., Brennan, L., Parker, L., Phan-Le, N.T., Ulhaq, I., Nkhoma, M.Z. and Nhat Nguyen, M. (2019), "Enhancing cyber security behavior: an internal social marketing approach", Information and Computer Security, Vol. 28 No. 2, pp. 133-159. https://doi.org/10.1108/ICS-01-2019-0023

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited

Related articles