Search results

This paper aims to investigate the influence of cybersecurity awareness and compliance attitudes on the protective behaviours exhibited by employees. This study also aims to explore the complex correlation between the level of awareness about cybersecurity measures and attitudes towards compliance with these measures. Additionally, it looks at how these factors collectively impact employees’ behaviour to protect organisational assets and information.

This study uses a quantitative research methodology in which primary data are gathered using a survey questionnaire distributed to personnel employed at Vietnamese organisations. The data are analysed, and the validity of the measurement and structural equation model is assessed using a partial least squares–structural equation model approach after the collection of all the survey responses.

The provision of policies and security education, training and awareness programmes are strongly and positively associated with cybersecurity awareness. Moreover, cybersecurity awareness plays an important role in shaping attitudes and intentions towards information security policy compliance (ISPC). Attitude is positively associated with intention towards ISPC and employee protective behaviour. Finally, the intention towards ISPC is significant in shaping employee protective behaviour.

This study contributes to the understanding of the antecedents of cybersecurity in developing countries such as Vietnam. Furthermore, it provides a comprehensive framework for understanding intention and protective behaviour through cybersecurity awareness and compliance attitudes. By combining the theory of planned behaviour and protection motivation theory with institutional governance, this study extends previous research on the effects of these variables on employee protective behaviour.

This study aims to assess the essential elements of internal organisational capability that influence the cybersecurity effectiveness of a construction firm. An extended McKinsey 7S model is used to analyse the relationship between a construction firm's cybersecurity effectiveness and nine internal capability elements: shared values, strategy, structure, systems, staff, style, skills, relationships with third parties and regulatory compliance.

Based on a quantitative research strategy, this study collected data through a cross-sectional survey of professionals working in the construction sector in the United Kingdom (UK). The collected data was analysed using descriptive and inferential statistical methods.

The findings underlined systems, regulatory compliance, staff and third-party relationships as the most significant elements of internal organisational capability influencing a construction firm's cybersecurity effectiveness, organised in order of importance.

Future research possibilities are proposed including the extension of the proposed diagnostic model to consider additional external factors, examining it under varying industrial relationship conditions and developing a dynamic framework that helps improve cybersecurity capability levels while overseeing execution outcomes to ensure success.

The extended McKinsey 7S model can be used as a diagnostic tool to assess the organisation's internal capabilities and evaluate the effectiveness of implemented changes. This can provide specific ways for construction firms to enhance their cybersecurity effectiveness.

This study contributes to the field of cybersecurity in the construction industry by empirically assessing the effectiveness of cybersecurity in UK construction firms using an extended McKinsey 7S model. The study highlights the importance of two additional elements, third-party relationships and construction firm regulatory compliance, which were overlooked in the original McKinsey 7S model. By utilising this model, the study develops a concise research model of essential elements of internal organisational capability that influence cybersecurity effectiveness in construction firms.

The purpose of this paper is to investigate the cyber hygiene practices of remote workers.

This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.

The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.

This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.

This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

This investigation serves a dual purpose: providing preliminary results and serving as a pilot study to confirm the viability of the hypotheses advanced towards a full-scale study. This paper aims to present the preliminary findings of an investigation that explored the constructs of personality traits and situational crime prevention theory (SCPT) as antecedents to social cognitive determinants (attitude, perceived behavioural control and subjective norms using the theory of planned behaviour [TPB] framing) and how these elements subsequently estimate compliant information security behaviour. Moreover, this paper delves into the contrasting influences of light and dark personality traits on insider information security compliance.

A cross-sectional survey was conducted to study SCPT measures and the personality factors dyad using a diverse but limited sample (n = 82).

There were ten significant direct relationships between SCPT factors and personality traits related to the components of the TPB. Seventeen hypotheses were not supported. However, these findings highlight the complexity of the topic under study.

Understanding individual differences within the compliance model could be used for custom training protocols, employee selection, assignment and specific types of information security interventions.

There is a scarcity of studies considering the effects of situational and personality factors, specifically the dark versus light triad of personality traits within the information security domain. Therefore, this preliminary result provides early insight that could guide further studies. This research could have important implications for organisations at risk of insider attacks.

The growing business complexity has caused many risks (e.g. operational, financial, reputational, cybersecurity, regulatory and compliance) that threaten companies' sustainability and have received attention from regulators, investors, and businesses. The authors present a model for assessing and reporting corporate risk by examining the indicators underlying corporate risk reporting.

A thorough review of the literature and semi-structured interviews with experts were conducted and the fuzzy Delphi technique was used to obtain consensus and screening of risks. The relationships between these risk indicators were recognized, weighted and prioritized by employing a hybrid Decision Making Trial and Evaluation Laboratory Model (DEMATEL) method integrated with Analytic Network Process (ANP) (DEMATEL-ANP [DANP]) approach. Finally, using the Iranian setting of corporate risk reporting, a model was developed to calculate the risk-reporting scores.

The results indicate that risk disclosure quality is more important than risk disclosures' textual properties and quantity. According to the experts, reporting the key risks that the company faces, management's approach to dealing with these risks and quantifying their impact are more important than the other indicators. The results also show that risk reporting in Iran lacks quantitative and specific information, and most risk disclosures are sticky.

The data have been prepared and analyzed according to the unique Iranian reporting environment, which should be considered when interpreting the results.

The results of this research can be used by the regulators of the Stock Exchange Organizations (SEO) to evaluate corporate risk reports and rank companies. Results are also relevant to investors and policymakers to identify companies with poor risk disclosure and to take necessary measures to improve their reporting practices.

This paper contributes to the social and governance literature by presenting the importance of risk reporting in corporate disclosures.

The unique Iranian setting of corporate risk reporting furthers the understanding of risk reporting and thus provides education, policy, practice and research implications for other emerging economies like Iran. Many prior studies focus mainly on the quality of risk disclosure, and other aspects of corporate risk disclosure presented in the study have remained largely overlooked. The corporate risk reporting attributes identified in the study are relevant to the rise of non-financial risks, the textual and qualitative nature of risk reporting and textual risk disclosures.

This study aims to answer the key questions about the role of digital identities in organisations and within the HR function, the role of regulation in the digital identity space as it catches up with innovators and the vast potential of artificial intelligence (AI) in supporting digital identity.

Developed by using insight from the organisation’s extensive experience in digital identities and knowledge of the regulatory environment, alongside experience with the HR industry and relevant customers.

The digitalisation of business processes and the reality of an increasingly geographically distributed workforce have made digital identities for employees an increasingly important element of modern organisational and human resources functions. The benefits of using digital identities for employees are clear. With the growth of remote working and borderless company operations, digital identities provide employers with enhanced security, improved efficiency and cost savings. As organisations embark on their digital transformation journeys, the delicate balance between facilitating employees’ access to technology and safeguarding the organisation against cyber threats becomes clear. This intricate compromise requires the precise orchestration of certain processes, governance and technology.

In the UK, it is especially important for HR directors to consider the role of AI-empowered employee digital identities. The UK is taking a lead in digitising employee processes, with 68% of respondents in a 2023 poll by SD Worx reporting their company is investing in digital HR and training offerings, compared to a 60% average across Europe.

The purpose of this research is to study how compliance evaluation becomes performed in practice. Compliance evaluation is a common practice among organizations that need to evaluate their posture against a set of criteria (e.g. a standard, legislative framework and “best practices”). The results of these evaluations have significant importance for organizations, especially in the context of information security and continuity. The author argues that how these evaluations become performed is not merely a “social” activity but shaped by the materiality of the evaluation criteria

The authors adopt a sociomaterial practice-based view to study the compliance evaluation through in situ participant observations from compliance evaluation workshops to evaluate organizational compliance against a information security and business continuity criteria. The empirical material was analyzed to construct vignettes that serve to illustrate the practice of compliance evaluation.

The research analysis shows how the information security and business continuity criteria themselves partake in the compliance evaluations by operating through (ventriloqually) the evaluators on three strata: the material, the textual and the structural. The author also provides a conceptualization of a hybrid agency.

This research contributes to lack of studies on the organizational-level compliance. Further, the research is an original contribution to information security and business continuity management by focusing on the practices of compliance evaluation. Further, the research has theoretical novelty by adopting the ventriloqual agency as a hybrid agency to study the sociomateriality of a phenomenon.

The aim of this paper is to explore and analyse the challenges in effective implementation of blockchain by human resource management (HRM) functions. This paper also aims to assess the interplay between the barriers in causing the challenges during blockchain execution.

Ten barriers are discovered from the past studies. Based on the expert views on the identified barriers interpretive structural modelling (ISM) is administered to understand the interplay of these 10 challenges resulting in ineffective or non-implementation of HR blockchain.

The application of ISM has helped in categorizing the variables into strategic, operational and performance outcomes. Results of ISM indicate key barriers like lack of expertise, data privacy, technical infeasibility, complexity in implantation and lack of used cases.

The research is limited to 10 barriers. There can be other barriers that can also be studied. Second, the research is proposing a conceptual model that needs further validation.

This paper has significant implications for the theoretical and practical body of knowledge. So far, most studies are exploring and describing HRM from a digital perspective. Most HR studies are on artificial intelligence, the Internet of Things and smart HRM. Previous studies on blockchain for HRM are mostly describing the advantages of going for it.

Based on the findings, it can also be suggested that policy formulators must advance the technical regulatory framework. Blockchain technology can be effectively implemented only if the top management is committed to it because they can only frame the rules and right control framework, affirm the governance process and strategize improvement.

The study offers insights into the organization's decision makers for effectively implementing blockchain into their HR systems. Some specific recommendations based on the results are also made. The paper is an innovative attempt to analyse the barriers to HR blockchain.

This study aims to give a glimpse of the existing blockchain applications across industries and add to a complete knowledge of the blockchain’s properties.

Systematic literature review is used as the research strategy for this investigation and other aspects of the preferred reporting items for systematic reviews and meta-analyses framework have been incorporated to create a scholarly publications evaluation of the blockchain-based application in the financial arena and its future. The research looks at 86 studies published between 2018 and 2022.

There has been a steady but noticeable increase in the study of blockchain’s potential in many application domains over the past few of years. This rising tendency illustrates the newness and potential of blockchain technology, as well as the increasing attention from academics. According to the findings, blockchain is an appropriate solution for processing transactions using cryptocurrencies; nevertheless, it still has significant technical issues and limits that require to be exploring and solving before it can be considered a viable option. It is therefore, necessary to have a high level of reliability for payments and confidentiality, in addition to maintaining the anonymity of nodes, to stop assaults and efforts to disrupt transactions in the blockchain.

This study has several important theoretical and practical implications. First, it adds to the body of knowledge on blockchain and Fintech, focusing on the transaction side. While much blockchain research has focused on how the technology may affect strategic choices, this study has shed light on its potential from the perspective of financial reporting. Second, by highlighting the importance of the demand for the prompt identification of losses, this work adds to the body of knowledge on the factors that influence transaction frauds involving paper money. Additionally, by establishing the link between transparency and virtual transactions, the author backs up the asymmetric responses of investors to different investment possibilities. It looks at the evolution of financial technology (Fintech) and shows how it can be used to take the advantage of unique opportunities.

The study is different and novel from the previously published literature on this topic mainly because of its comprehensiveness, as it revolves around all industrial and commercial areas. The three main lines of research have been outlined, namely, classifying the many blockchain-based innovations that will alter the financial landscape in many industries; identifying whether these industries are a good fit for blockchain’s wealth creation potential; and directing researchers by outlining prospective study pathways.