Search results
1 – 10 of 100Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty and Steven D'Alessandro
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…
Abstract
Purpose
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.
Design/methodology/approach
The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.
Findings
The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.
Originality/value
The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.
Details
Keywords
The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless…
Abstract
Purpose
The Kingdom of Saudi Arabia (KSA) is embracing digital transformation and e-government services, aiming to improve efficiency, accessibility and citizen-centricity. Nonetheless, the country faces challenges such as evolving cyber threats. The purpose of this study is to investigate the factors influencing cybersecurity practices to ensure the reliability and security of e-government services.
Design/methodology/approach
This paper investigates the multifaceted dynamics of cybersecurity practices and their impact on the quality and effectiveness of e-government services. Five key factors explored include organizational culture, technology infrastructure, adherence to standards and regulations, employee training and awareness and financial investment in cybersecurity. This study used a quantitative method to gather data from 320 participants. The researcher collected 285 completed questionnaires, excluding unusable or incomplete responses, and analyzed the final data set using partial least squares structural equation modeling.
Findings
The findings show that financial investment in cybersecurity, employee training and awareness and adherence to cybersecurity regulations significantly influence the adoption of robust cybersecurity practices. However, the relationship between organizational culture and cybersecurity practices is less straightforward. The research establishes a strong positive correlation between cybersecurity practices and e-government service quality, highlighting the role of security in fostering public trust and user satisfaction and meeting the evolving needs of citizens and businesses.
Originality/value
This research contributes valuable empirical evidence to the fields of e-government and cybersecurity, offering insights that can inform evidence-based policy decisions and resource allocation. By understanding the nuanced dynamics at play, Saudi Arabia is better poised to fortify its digital governance infrastructure and provide secure, high-quality e-government services to its constituents.
Details
Keywords
Peter Dornheim and Ruediger Zarnekow
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated…
Abstract
Purpose
The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.
Design/methodology/approach
Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.
Findings
Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.
Originality/value
This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.
Details
Keywords
Chen Zhong, Hong Liu and Hwee-Joo Kam
Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity…
Abstract
Purpose
Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity competitions among Reddit users. These users constitute a substantial demographic of young individuals, often participating in communities oriented towards college students or cybersecurity enthusiasts. The authors specifically focus on novice learners who showed an interest in cybersecurity but have not participated in competitions. By understanding their views and concerns, the authors aim to devise strategies to encourage their continuous involvement in cybersecurity learning. The Reddit platform provides unique access to this significant demographic, contributing to enhancing and diversifying the cybersecurity workforce.
Design/methodology/approach
The authors propose to mine Reddit posts for information about learners’ attitudes, interests and experiences with cybersecurity competitions. To mine Reddit posts, the authors developed a text mining approach that integrates computational text mining and qualitative content analysis techniques, and the authors discussed the advantages of the integrated approach.
Findings
The authors' text mining approach was successful in extracting the major themes from the collected posts. The authors found that motivated learners would want to form a strategic way to facilitate their learning. In addition, hope and fear collide, which exposes the learners’ interests and challenges.
Originality/value
The authors discussed the findings to provide education and training experts with a thorough understanding of novice learners, allowing them to engage them in the cybersecurity industry.
Details
Keywords
Tze Yin Khaw, Azlan Amran and Ai Ping Teoh
This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity…
Abstract
Purpose
This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.
Design/methodology/approach
This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.
Findings
This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.
Originality/value
This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.
Details
Keywords
Amir Schreiber and Ilan Schreiber
In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues…
Abstract
Purpose
In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues, including threats like deepfakes and unanticipated AI-induced risks. This study aims to address the insufficient exploration of AI cybersecurity awareness in the current literature.
Design/methodology/approach
Using in-depth surveys across varied sectors (N = 150), the authors analyzed the correlation between the absence of AI risk content in organizational cybersecurity awareness programs and its impact on employee awareness.
Findings
A significant AI-risk knowledge void was observed among users: despite frequent interaction with AI tools, a majority remain unaware of specialized AI threats. A pronounced knowledge difference existed between those that are trained in AI risks and those who are not, more apparent among non-technical personnel and sectors managing sensitive information.
Research limitations/implications
This study paves the way for thorough research, allowing for refinement of awareness initiatives tailored to distinct industries.
Practical implications
It is imperative for organizations to emphasize AI risk training, especially among non-technical staff. Industries handling sensitive data should be at the forefront.
Social implications
Ensuring employees are aware of AI-related threats can lead to a safer digital environment for both organizations and society at large, given the pervasive nature of AI in everyday life.
Originality/value
Unlike most of the papers about AI risks, the authors do not trust subjective data from second hand papers, but use objective authentic data from the authors’ own up-to-date anonymous survey.
Details
Keywords
Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in…
Abstract
Purpose
Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.
Design/methodology/approach
The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.
Findings
By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.
Originality/value
By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.
Details
Keywords
Tuğçe Karayel, Bahadır Aktaş and Adem Akbıyık
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Abstract
Purpose
The purpose of this paper is to investigate the cyber hygiene practices of remote workers.
Design/methodology/approach
This paper used two instruments: first, the Cyber Hygiene Inventory scale, which measures users’ information and computer security behaviors; second, the Recsem Inventory, developed within this paper’s context, to evaluate the cybersecurity measures adopted by organizations for remote workers. It was conducted on remote workers to examine their information security practices. The instrument was administered to a sample of 442 employees reached via the LinkedIn platform. Analyses were performed with SPSS v26, Python programming language and Seaborn library.
Findings
The findings indicate a significant correlation between the security measures implemented by companies and their employees’ cyber hygiene practices. A sector comparison revealed a significant difference in cyber hygiene levels between public and private sector workers.
Research limitations/implications
This paper aims to provide policymakers with suggestions for enhancing the cyber hygiene of remote workers to facilitate compliance with corporate security protocols.
Originality/value
This paper’s conclusions highlight the importance of companies increasing their cybersecurity investments as remote work becomes more prevalent. This should consider not only corporate-level factors but also employees' information and computer security behaviors.
Details
Keywords
Jaeyoung Park, Woosik Shin, Beomsoo Kim and Miyea Kim
This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer’s data…
Abstract
Purpose
This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer’s data breach affects consumers’ privacy risk perceptions of competing firms, and further how it affects shopping intention for the competitors. We also examine how the privacy risk contagion effect varies depending on the characteristics of competitors and their competitive responses.
Design/methodology/approach
We conducted two scenario-based experiments with surveys. To assess the spillover effects and the moderating effects, we employed an analysis of covariance. We also performed bootstrapping-based mediation analyses using the PROCESS macro.
Findings
We find evidence for the privacy risk contagion effect and demonstrate that it negatively influences consumers’ shopping intention for a competing firm. We also find that a competitor’s cybersecurity message is effective in avoiding the privacy risk contagion effect and the competitor even benefits from it.
Originality/value
While previous studies have examined the impacts of data breaches on customer perceptions of the breached firm, our study focuses on customer perceptions of the non-breached firms. To the best of the authors’ knowledge, this study is one of the first to provide empirical evidence for the negative spillover effects of a data breach from a consumer perspective. More importantly, this study empirically demonstrates that the non-breached competitor’s competitive response is effective in preventing unintended negative spillover in the context of the data breach.
Details
Keywords
Natile Nonhlanhla Cele and Sheila Kwenda
The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the…
Abstract
Purpose
The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.
Design/methodology/approach
Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.
Findings
A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.
Originality/value
With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.
Details