Search results

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

This research aims to determine whether the educational influence of the cybersecurity awareness campaign on the audience (their knowledge, behaviour and potential cybersecurity culture) matches the campaign’s educational objectives. The research focuses on the knowledge component of this metric by examining the awareness campaign audience’s interpretative role in processing the campaign content, through the lens of active audience theory (AAT).

Using reflective practices, this research examines a single longitudinal case study of a cybersecurity awareness and education campaign which aims to raise awareness amongst school learners. Artefacts from a single sample are examined.

Reflexive practices using theories such as active audience can assist in identifying deviations between the message a campaign intends to communicate and the message that the campaign audience receives.

Using this research approach, measurements could only be obtained for campaign messages depicted in artefacts. Future interventions should be designed to facilitate a more rigorous analysis of the audiences’ interpretation of all campaign messages using ATT.

This paper applied principles of ATT to examine the audience’s interpretative role in processing an awareness campaign’s content based on artifacts they created after exposure to the campaign. Conducting such analyses as part of a reflective process between cyber awareness/education campaign cycles provides a way to identify areas or topics within the campaign that require corrective action.

This article surveys why libraries are vulnerable to social engineering attacks and how to manage risks of human-caused cyber threats on organizational level; investigates Estonian library staff awareness of information security and shares recommendations concerning focus areas that should be given more attention in the future.

The data used in this paper is based on an overview of relevant literature highlighting the theoretical points and giving the reasons why human factor is considered the weakest link in information security and cyber security and studying how to mitigate the related risks in the organisation. To perform the survey, a web questionnaire was designed which included 63 sentences and was developed based on the knowledge-attitude-behaviour (KAB) model supported by Kruger and Kearney and Human Aspects of Information Security Questionnaire (HAIS-Q) designed by Parsons et al.

The research results show that the information security awareness of library employees is at a good level; however, awareness in two focus areas needs special attention and should be improved. The output of this study is the mapping of seven focus areas of information security policy in libraries based on the HAIS-Q framework and the KAB model.

The cyber awareness of library employees has not been studied in the world using HAIS-Q and KAB model, and to the best of the authors’ knowledge, no research has been previously carried out in the Estonian library context into cyber security awareness.

The increased use of Information Systems (IS) as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as “password workarounds” or “shadow security.” These deviant password behaviors can put individuals and organizations at risk, resulting in a data breach. This paper aims to engage IS users and Subject Matter Experts (SMEs), focused on designing, developing and empirically validating the Password Workaround Cybersecurity Risk Taxonomy (PaWoCyRiT) – a 2x2 taxonomy constructed by aggregated scores of perceived cybersecurity risks from Password Workarounds (PWWAs) techniques and their usage frequency.

This research study was a developmental design conducted in three phases using qualitative and quantitative methods: (1) A set of 10 PWWAs that were identified from the literature were validated by SMEs along with their perspectives on the PWWAs usage and risk for data breach; (2) A pilot study was conducted to ensure reliability and validity and identify if any measurement issues would have hindered the results and (3) The main study data collection was conducted with a large group of IS users, where also they reported on coworkers' engagement frequencies related to the PWWAs.

The results indicate that statistically significant differences were found between SMEs and IS users in their aggregated perceptions of risks of the PWWAs in causing a data breach, with IS users perceiving higher risks. Engagement patterns varied between the two groups, as well as factors like years of IS experience, gender and job level had statistically significant differences among groups.

The PaWoCyRiT taxonomy that the we have developed and empirically validated is a handy tool for organizational cyber risk officers. The taxonomy provides organizations with a quantifiable means to assess and ultimately mitigate cybersecurity risks.

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. Thus, the taxonomy that the authors have developed and empirically validated provides broader implications for society, as it assists organizations in all industries with the ability to mitigate the risks of data breaches that can result from PWWAs.

The taxonomy the we have developed and validated, the PaWoCyRiT, provides organizations with insights into password-related risks and behaviors that may lead to data breaches.

The purpose of this paper is to examine gender differences in predictors of technology threat avoidance motivation and behavior among working US adults. Implications were considered in regard to cybersecurity awareness training motivation and perceptions of need for protective cybersecurity behavior in the workplace.

A single-shot regression-based study used ordinal regression supported by K-means clustering to evaluate the moderating effects of gender on predictors of technology threat avoidance motivation and behavior on a sample of n = 206 US adult workers.

The regression model explained 47.5% of variance in avoidance motivation and 39% of avoidance behavior variance. Gender moderated predictive associations between several independent variables and avoidance motivation: perceived susceptibility, perceived effectiveness, perceived cost and self-efficacy. Gender also moderated the association between avoidance motivation and avoidance behavior.

The predictive impact of gender extends beyond the main effects in technology threat avoidance. Data frequency distributions and inter-variable relationships should be routinely considered in threat avoidance studies, especially if sample variables exhibit non-normal frequency distributions and nonlinear associations.

Gender was significantly associated with threat avoidance motivation and avoidance behavior and exhibited notable associations with antecedents of avoidance motivation. Related insights can inform the design and delivery of training content relating to technology threat avoidance as organizations strive to more effectively leverage information technology end-users as protective assets for the enterprise.

The uniqueness of this study derives from its focus and findings regarding the moderating effects of gender on technology threat avoidance factors and techniques used to measure and evaluate the associations between them.

This study aims to investigate the cyber security awareness and policies within corporate organisations in Ghana.

Using both quantitative and qualitative approaches underpinned by questionnaire and document analysis, data were collected from 100 participants centred on cyber security awareness and information policies.

The study underscored that, although corporate organisations had a good knowledge of IT, their awareness of cyber security remains limited. It observed that most organisations in Ghana are not integrating legal aspects into their information security policies. It proposed the need to increase the security awareness of corporate organisation, particularly because of the vulnerabilities they are exposed to.

The implication of the paper with respect to theory, practice and future research lies in the recommendations the authors have proffered, such as the implementation of security awareness training programme, need assessment and the outsourcing of qualified service providers.

The study is useful for policy makers in the management of Ghana’s IT infrastructure.

This study is being undertaken at a period when Ghana has made progressive development and giant steps in the IT industry compared to its counterparts in sub-Saharan Africa. The developed nature of Ghana’s IT infrastructure requires the development of policies for cyber security to prevent data loses and protect the national infrastructure from threats. Undertaking a study on cyber security in an environment where cyber issues are hardly discussed is worthwhile.

Despite the proliferation of cyberthreats upon the supply chain (SC) at large, knowledge on SC cybersecurity is scarce and predominantly conceptual or descriptive. Addressing this gap, this research examines the effect of SC cyber risk management strategies on integration decisions for cybersecurity (with suppliers, customers, and internally) to enhance the SC’s cyber resilience and robustness.

A research model grounded in the supply chain risk management (SCRM) literature, with roots in the Dynamic Capabilities View and the Relational View, was developed. Survey responses of 388 SC managers at US manufacturers were obtained to test the model.

An impact of SC cyber risk management strategies on internal cyber integration was detected, which in turn impacted external cyber integration with both suppliers and customers. Further, a positive effect of internal and customer cyber integration on both cyber resilience and robustness was found, while cyber integration with suppliers impacted neither.

Industry practitioners may adapt certain risk management and integration strategies to enhance the cybersecurity posture of their SCs.

This research bridges between the established domain of SCRM and the emergent field of SC cybersecurity by forming and testing novel relationships between SCRM-rooted constructs tailored to an SC cyber risks context.

In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues, including threats like deepfakes and unanticipated AI-induced risks. This study aims to address the insufficient exploration of AI cybersecurity awareness in the current literature.

Using in-depth surveys across varied sectors (N = 150), the authors analyzed the correlation between the absence of AI risk content in organizational cybersecurity awareness programs and its impact on employee awareness.

A significant AI-risk knowledge void was observed among users: despite frequent interaction with AI tools, a majority remain unaware of specialized AI threats. A pronounced knowledge difference existed between those that are trained in AI risks and those who are not, more apparent among non-technical personnel and sectors managing sensitive information.

This study paves the way for thorough research, allowing for refinement of awareness initiatives tailored to distinct industries.

It is imperative for organizations to emphasize AI risk training, especially among non-technical staff. Industries handling sensitive data should be at the forefront.

Ensuring employees are aware of AI-related threats can lead to a safer digital environment for both organizations and society at large, given the pervasive nature of AI in everyday life.

Unlike most of the papers about AI risks, the authors do not trust subjective data from second hand papers, but use objective authentic data from the authors’ own up-to-date anonymous survey.