Search results
1 – 10 of 32Oluwatoyin Esther Akinbowale, Heinz Eckart Klingelhöfer and Mulatu Fekadu Zerihun
This study aims to investigate the feasibility of employing a multi-objectives integer-programming model for effective allocation of resources for cyberfraud mitigation. The…
Abstract
Purpose
This study aims to investigate the feasibility of employing a multi-objectives integer-programming model for effective allocation of resources for cyberfraud mitigation. The formulated objectives are the minimisation of the total allocation cost of the anti-fraud capacities and the maximisation of the forensic accounting capacities in all cyberfraud incident prone spots.
Design/methodology/approach
From the literature survey conducted and primary qualitative data gathered from the 17 licenced banks in South Africa on fraud investigators, the suggested fraud investigators are the organisation’s finance department, the internal audit committee, the external risk manager, accountants and forensic accountants. These five human resource capacities were considered for the formulation of the multi-objectives integer programming (MOIP) model. The MOIP model is employed for the optimisation of the employed capacities for cyberfraud mitigation to ensure the effective allocation and utilisation of human resources. Thus, the MOIP model is validated by a genetic algorithm (GA) solver to obtain the Pareto-optimum solution without the violation of the identified constraints.
Findings
The formulated objective functions are optimised simultaneously. The Pareto front for the two objectives of the MOIP model comprises the set of optimal solutions, which are not dominated by any other feasible solution. These are the feasible choices, which indicate the suitability of the MOIP to achieve the set objectives.
Practical implications
The results obtained indicate the feasibility of simultaneously achieving the minimisation of the total allocation cost of the anti-fraud capacities, or the maximisation of the forensic accounting capacities in all cyberfraud incident prone spots – or the trade-off between them, if they cannot be reached simultaneously. This study recommends the use of an iterative MOIP framework for decision-makers which may aid decision-making with respect to the allocation and utilisation of human resources.
Originality/value
The originality of this work lies in the development of multi-objectives integer-programming model for effective allocation of resources for cyberfraud mitigation.
Details
Keywords
Oluwatoyin Esther Akinbowale, Heinz Eckart Klingelhöfer and Mulatu Fekadu Zerihun
The purpose of this study is to assess the impact of cyberfraud in the South African banks with the aim to provide recommendations to effectively mitigate it.
Abstract
Purpose
The purpose of this study is to assess the impact of cyberfraud in the South African banks with the aim to provide recommendations to effectively mitigate it.
Design/methodology/approach
The study uses a qualitative approach involving the use of structured questionnaires. The questionnaires were made available to the staff of 17 licensed banks in South Africa who deal with management, operation, administration and banking services. Two hypotheses were formulated and non-parametric statistical analyses involving the use of Chi-square test, Fischer’s Exact test and Spearman’s correlation were carried out. The two hypotheses formulated were tested to draw a conclusion.
Findings
The results obtained indicate that the impact of cyberfraud in the South African banking industry is highly significant and has affected the reputation of some of the banks. This calls for the need to review the diverse ways of curbing cyberfraud to lessen their impact and that of associated fraud risks on the banking operation.
Practical implications
This study provides an analysis on the relationship cyberfraud occurrences and the reputation of South African banks. The implementation of the recommendations may reinforce the existing security measures in the fight against cyberfraud.
Originality/value
The novelty of this study lies in the fact that the assessment of the impact of cyberfraud on the banking industry in South Africa has not been sufficiently highlighted by the existing literature.
Details
Keywords
Mobile location-based service (m-LBS) seems like a new class of personalized service due to location positioning technologies. This work aims to investigate consumer readiness…
Abstract
Purpose
Mobile location-based service (m-LBS) seems like a new class of personalized service due to location positioning technologies. This work aims to investigate consumer readiness (RED) toward m-LBS based on integrating pull effect- and push effect-related factors into the technology acceptance model (TAM).
Design/methodology/approach
An online survey collected data from 423 participants, and the research framework was analyzed using structural equation modeling (SEM).
Findings
The results divulge that consumer RED is determined by TAM antecedents, including usefulness (USE) and ease of use (EOU). EOU motivates USE in m-LBS. Regarding pull effect-related factors, absorptive capacity (ABC) is the strongest positive factor influencing consumer RED to use m-LBS, followed by technology willingness (TWI) and innovativeness (INN). Moreover, INN, trust (TRU) and perceived risk (RIS) significantly influence USE and EOU.
Originality/value
This work endeavors to explicate customer RED toward m-LBS by incorporating some meaningful pull effect-related dimensions (i.e. ABC, TWI and INN) and pushing effect-related dimensions (i.e. RIS) into crucial antecedents rooted in TAM. Thus, the findings assist practitioners in developing marketing strategies by boosting pull effects and controlling push effects on customer engagement in m-LBS.
Details
Keywords
Sasha Romanosky and Elizabeth L. Petrun Sayers
The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands…
Abstract
Purpose
The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?
Design/methodology/approach
The authors performed thematic analysis based on semi-structured interviews, with non-probabilistic, purposive sampling, to answer two main questions. First, how do firms manage enterprise risks, generally? And second, how are they integrating cyber risk into these existing processes?
Findings
The authors find that there is considerable variation in the approach and sophistication in ERM practices, such as whether they are driven more like an auditing function, or as a risk champion. The authors also find that despite the novelty of cyber risk, it can be integrated like other enterprise risks, and that cyber risk is most often seen as an operational risk (similar to workplace accidents or fraud), rather than a strategic risk, emerging from, for example, technology innovation and R&D.
Research limitations/implications
The generalization of the results is limited by the sample size and variation of firms interviewed. While the authors attempted to interview enterprise risk managers across a wide variation of firms, there were clear limitations in the scope. That being said, the authors were fortunate to be able to examine ERM and cyber risk practices across small and large, private and publicly traded companies, from a variety of business sectors.
Practical implications
The authors believe these finding are important because they present evidence that while cyber risk may be new, it does not require specialized handling or processes to track it at the enterprise level. While some firms may choose to provide special accommodations or attention because of their data collection or business practices, this approach is neither necessary nor required of all firms in all situations.
Originality/value
This research is one of the only papers that, to the best of the authors’ knowledge, examines how cyber risk is integrated at an enterprise level.
Details
Keywords
Natile Nonhlanhla Cele and Sheila Kwenda
The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the…
Abstract
Purpose
The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.
Design/methodology/approach
Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.
Findings
A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.
Originality/value
With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.
Details
Keywords
Areej Alyami, David Sammon, Karen Neville and Carolanne Mahony
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and…
Abstract
Purpose
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is the questionable effectiveness of SETA programmes at changing employee behaviour and an absence of empirical studies on the critical success factors (CSFs) for SETA programme effectiveness.
Design/methodology/approach
This exploratory study follows a three-stage research design to give voice to practitioners with SETA programme expertise. Data is gathered in Stage 1 using semi-structured interviews with 20 key informants (the emergence of the CSFs), in Stage 2 from 65 respondents to a short online survey (the ranking of the CSFs) and in Stage 3 using semi-structured interviews with nine IS/cyber security practitioners (the emergence of the guiding principles). Using a multi-stage research design allows the authors to propose and evaluate the 11 CSFs for SETA programme effectiveness.
Findings
This study conducted a mean score analysis to evaluate the level of importance of each CSF within two independent groups of IS/cyber security professionals. This multi-stage analysis produces a ranked list of 11 CSFs for SETA programme effectiveness, while the difference in the rankings leads to the emergence of five CSF-specific guiding principles (to increase the likelihood of delivering an effective SETA programme within an organisational context). This analysis also reveals that most of the contradictions/differences in CSF rankings between IS/cyber security practitioners are linked to the design phase of the SETA programme life cycle. While two CSFs, “maintain quarterly evaluation of employee performance” (CSF-DS6) and “build security awareness campaigns” (CSF-EV1), represent the most significant contradiction in this study.
Originality/value
The 11 CSFs for SETA programme effectiveness, along with the five CSF-specific guiding principles, provide a greater depth of knowledge contributing to both theory and practice and lays the foundation for future studies. Therefore, the outputs of this study provide valuable insights on the areas that practice needs to get right to deliver effective SETA programmes.
Details
Keywords
Ornella Tanga Tambwe, Clinton Ohis Aigbavboa and Opeoluwa Akinradewo
Data represents a critical resource that enables construction companies’ success; thus, its management is very important. The purpose of this study is to assess the benefits of…
Abstract
Purpose
Data represents a critical resource that enables construction companies’ success; thus, its management is very important. The purpose of this study is to assess the benefits of construction data risks management (DRM) in the construction industry (CI).
Design/methodology/approach
This study adopted a quantitative method and collected data from various South African construction professionals with the aid of an e-questionnaire. These professionals involve electrical engineers, quantity surveyors, architects and mechanical, as well as civil engineers involved under a firm, or organisation within the province of Gauteng, South Africa. Standard deviation, mean item score, non-parametric Kruskal–Wallis H test and exploratory factor analysis were used to analyse the retrieved data.
Findings
The findings revealed that DRM enhances project and company data availability, promotes confidentiality and enhances integrity, which are the primary benefits of DRM that enable the success of project delivery.
Research limitations/implications
The research was carried out only in the province of Gauteng due to COVID-19 travel limitations.
Practical implications
The construction companies will have their data permanently in their possession and no interruption will be seen due to data unavailability, which, in turn, will allow long-term and overall pleasant project outcomes.
Originality/value
This study seeks to address the benefits of DRM in the CI to give additional knowledge on risk management within the built environment to promote success in every project.
Details