Search results

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

The purpose of this paper is to investigate the cyber hygiene practices of remote workers.

This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.

The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.

This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.

This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.

There is a research gap in the explanation of cyber incident response approaches in management to increase cyber maturity for small–medium-size enterprises (SMEs). Therefore, based on the literature analysis, the chapter aims to (1) provide cyber incident response characteristics, (2) show the importance for SMEs, (3) identify cyber incident response feasibility and causal factors, (4) provide scenarios for consideration to create an incident response plan (IRP), and (5) discuss the cyber incident response and managerial approaches in SMEs. The authors used content analysis of scientific and professional articles to develop the theoretical foundation of incident response approaches in management for SMEs. The authors start from the fundamentals to obtain knowledge and understanding of the latest threats and opportunities, and how to defend themselves using the limited capacity of resources might be the starting point to building an extensive incident response capability. Incident response capabilities and maturity levels vary widely between various organisations. There is no simple one-size-fits-all process for incident response; each case is unique and requires continuous refinement. Differentiation and adaptation to different types of SMEs are pivotal to developing cyber maturity and defining requirements that fit the market’s needs and are therefore more efficient in achieving the goal of increasing cyber security (CS) among business management. SMEs may not have a mature IRP, but at least one readiness indicator could lead to the preparation of a mature IRP. Implementation of the secure undertakings and information processes requires using modern information and communication technologies, incident response processes, and other modules that could enhance support for decision-making processes in management. The approach requires a systematic approach to issues related to constructing these solutions. The authors highlight that building efficient incident response approaches in management to improve cyber maturity will begin with infrastructure and people factors.

Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.

This chapter critically evaluates opportunities and challenges associated with developing diversity and embracing inclusion of cyber security talent in a multinational consultancy firm and offers recommendations on how to optimize inclusion of young talent in this sensitive business area within a multinational company. Drawing on one of the author's experience as a young cyber security professional with a non-technical background, entering the profession through a consultancy graduate development programme, this paper offers a unique perspective on how to enhance cohesion in diversity across linear and non-linear routes into cyber security.

While the scope is limited to cyber security talent in early careers, the competency-based approach means that recommendations around developing diversity and embracing inclusion can be applied to young talent in other business competence areas. Each recommendation can be used as a building block to influence and shape future equality, diversity and inclusion (ED&I) strategy in consultancy.

Although risks are present in any organisation and the importance of their study is obvious, the authors find that risk analysis is an area still in its infancy, as reflected in the small number of existing publications on this topic. Human resources tend to understand risk in an elementary way. The ability of human resources to perceive risk is the ability and competence to identify a potential threat that does not always appear.

Aim: The aim of the this chapter was to provide additional knowledge on human resource competencies, in order to avoid the emergence and spread of risks at the organisational and cyber level.

Methodology: The authors used the quantitative–comparative analysis, by presenting all the details regarding the competencies of the human resource in order to manage the risks at organisational and cybernetic level.

Findings: The findings of this chapter show that the compulsory competencies of the human resource influence both the general competencies and the special competencies: information technology and communications, security ethics and economic ones. These, in turn, can improve or diminish cyber security competencies by almost 50%.

Originality of the Study: This study is highlighted by results obtained from the analysis of the capacity of human resources, to integrate theoretical knowledge and practical competencies on the perception of cyber risk. Of particular importance for this research are the analysis of data and the interpretation of results on human resources competencies. In this sense, throughout the chapter are assessed the skills of human resources, necessary for the management of cyber risks at the organisational level. In terms of future research implications, it could be important research to identify a method of assessing the competencies acquired by human resources applied from the perspective of cyber risk.

The current digital work environment promoting a “constant-on” culture is a hotbed for cyber incivility. Thus, there is a pressing need to understand its mechanisms. This study aims to shed light on the triggers, sources and impact of rude behaviours in cyberspace. The authors also present the boundary conditions that exacerbate or alleviate the effects of such negative experiences.

Through a systematic literature review based on predefined search protocols, the authors synthesised the current knowledge on cyber incivility and identified 21 peer-reviewed research articles.

The findings reveal the different sources of cyber incivility, its personal, relational and organisational antecedents and consequences, and its personal and situational boundary conditions that curb or enhance the negative impact.

The authors unravel the main future research avenues based on the review findings by systemising knowledge on cyber incivility. Managerial efforts in the form of interventions and mitigation are also discussed to help combat this grieving issue in the workplace.

This paper presents the first systematic review of the cyber incivility literature and identifies new avenues for future research. Scholars can expand upon the findings of this study to fill gaps and move the incivility in cyberspace forward. It also offers practical insights on mitigating the advancement of such behaviours in organisations.

Purpose: The study is designed to investigate internal audit functions in banks’ cyber security governance processes by assessing the pros and cons of blockchain technology through swot analysis.

Need of the Study: The study is needed to clarify the complexities in internal audit fields integrated into cyber security governance and explore the blockchain application opportunities.

Methodology: Blockchain technology is explored from the point of technical concepts and policy framework by swot analysis to propose a set of solutions for continuous audit methods in cyber security governance.

Limitations: The sample of this study is limited to the personal ideas and evaluations of academicians, experts in the banking sector and legal regulators of Türkiye, with the data received between March and December 2021.

Findings: Blockchain technology can be applied as an alternative to conventional risk control methods as a mechanism of continuous audit methods to reduce human mistakes and special causes.

Practical Implications: The control of risk management operations for cyber security processes should be performed with the support of audit units of the banks. Therefore, innovations are being implemented to cyber-risk controls to drop the defects that cause technical and ethical issues with blockchain technology as a way of using automation. So, this advancement can be applied in audit operations practically for unanticipated events which can emerge in cyberspace to mitigate inherent risk to residual levels. However, there is ample room to adapt this technology for cyber security management and audit practices from the point of view of the labour force, regulations and environmental issues.