Search results

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

The adoption of mobile payment remains low in certain regions, highlighting the need to identify the factors that enable and inhibit its adoption. This study aims to address this gap by investigating the role of information security, loss aversion and the moderating influence of the herd effect on Inertia and behavioral intentions in the adoption of mobile payment systems.

A structural equation model was developed and tested with 332 valid questionnaires to examine the proposed hypotheses.

The empirical results reveal that information security plays a significant role as an enabler, while loss aversion acts as an inhibitor of mobile payment adoption. Furthermore, the study uncovers the moderating influence of the herd effect on the relationship between Inertia and behavioral intentions.

This study was conducted in a specific region and may not be generalizable to other regions. Future studies could expand the sample size and scope to enhance the external validity of the findings.

This study offers practical implications for mobile payment service providers. Understanding the key enabling and inhibiting factors identified in this study can guide providers in designing and improving their services. Strengthening information security measures can help build trust among potential adopters, while offering incentives can mitigate the impact of loss aversion and encourage early adoption.

The findings of this study have social implications as they contribute to promoting the adoption of mobile payment systems. Increased adoption can enhance financial inclusion and stimulate economic development.

This study provides novel insights into the enabling and inhibiting factors of mobile payment adoption and highlights the moderating role of the herd effect. By shedding light on the influence of social norms on individual behavior in the context of mobile payment adoption, this study contributes to the existing literature and advances our understanding of this phenomenon.

The human factor is the most important defense asset against cyberattacks. To ensure that the human factor stays strong, a cybersecurity culture must be established and cultivated in a company to guide the attitudes and behaviors of employees. Many cybersecurity culture frameworks exist; however, their practical application is difficult. This paper aims to demonstrate how an established framework can be applied to determine and improve the cybersecurity culture of a company.

Two surveys were conducted within eight months in the internal IT department of a global software company to analyze the cybersecurity culture and the applied improvement measures. Both surveys comprised the same 23 questions to measure cybersecurity culture according to six dimensions: cybersecurity accountability, cybersecurity commitment, cybersecurity necessity and importance, cybersecurity policy effectiveness, information usage perception and management buy-in.

Results demonstrate that cybersecurity culture maturity can be determined and improved if accurate measures are derived from the results of the survey. The first survey showed potential for improving the dimensions of cybersecurity accountability, cybersecurity commitment and cybersecurity policy effectiveness, while the second survey proved that these dimensions have been improved.

This paper proves that practical application of cybersecurity culture frameworks is possible if they are appropriately tailored to a given organization. In this regard, scientific research and practical application combine to offer real value to researchers and cybersecurity executives.

This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs.

A qualitative content analysis of 15 ISPs from public agencies in Sweden was conducted with the aid of Orange Data Mining Software. The authors extracted 890 sentences from these ISPs that included one or more of the analyzed keywords. These sentences were analyzed using the new metric – keyword loss of specificity – to assess to what extent the selected keywords were used for pinpointing and guiding actionable advice. Thus, the authors classified the extracted sentences as either actionable advice or other information, depending on the type of information conveyed.

The results show a significant keyword loss of specificity in relation to pieces of actionable advice in ISPs provided by Swedish public agencies. About two-thirds of the sentences in which the analyzed keywords were used focused on information other than actionable advice. Such dual use of keywords reduces the possibility of pinpointing and communicating clear, actionable advice.

The suggested metric provides a means to assess the quality of how keywords are used in ISPs for different purposes. The results show that more research is needed on how keywords are used in ISPs.

The authors recommended that ISP designers exercise caution when using keywords in ISPs and maintain coherency in their use of keywords. ISP designers can use the suggested metrics to assess the quality of actionable advice in their ISPs.

The keyword loss of specificity metric adds to the few quantitative metrics available to assess ISP quality. To the best of the authors’ knowledge, applying this metric is a first attempt to measure the quality of actionable advice in ISPs.

Based on the cognition–affect–conation pattern, this study explores the factors that affect the intention to use facial recognition services (FRS). The study adopts the driving factor perspective to examine how network externalities influence FRS use intention through the mediating role of satisfaction and the barrier factor perspective to analyze how perceived privacy risk affects FRS use intention through the mediating role of privacy cynicism.

The data collected from 478 Chinese FRS users are analyzed via partial least squares-based structural equation modeling (PLS-SEM).

The study produces the following results. (1) FRS use intention is motivated directly by the positive affective factor of satisfaction and the negative affective factor of privacy cynicism. (2) Satisfaction is affected by cognitive factors related to network externalities. Perceived complementarity and perceived compatibility, two indirect network externalities, positively affect satisfaction, whereas perceived critical mass, a direct network externality, does not significantly affect satisfaction. In addition, perceived privacy risk generates privacy cynicism. (3) Resistance to change positively moderates the relationship between privacy cynicism and intention to use FRS.

This study extends knowledge on people's use of FRS by exploring affect- and cognitive-based factors and finding that the affect-based factors (satisfaction and privacy cynicism) play fully mediating roles in the relationship between the cognitive-based factors and use intention. This study also expands the cognitive boundaries of FRS use by exploring the functional condition between affect-based factors and use intention, that is, the moderating role of resistance to use.

The purpose of this study is to examine the factors that affect managers’ ethical decision-making in export-oriented readymade garments in Bangladesh.

This is an empirical study based on the quantitative approach undertaking a cross-sectional survey method where a convenience sampling technique was applied. The analysis was done using partial least square structural equation model applying Smart-PLS version 3.0.

This study confirmed that all the components of cognitive appraisal processes, including perceived severity, perceived vulnerability, response efficacy and self-efficacy, have a significant influence on attitude. Attitude, in turn, mediates the relationship between these variables and the behavioural intention of ethical practice, except for perceived vulnerability. Besides, moral obligation is found to mediate the relationship between attitude, self-efficacy and the behavioural intention of ethical decision-making. The study also found that ethical climate and subjective norms have a direct influence on behavioural intention. Furthermore, behavioural intention, ethical climate and self-efficacy are positively related to actual decision-making behaviour. However, this study did not find any direct effect of subjective norms on moral obligation.

The organization should include an emphasis on building ethical culture and setting an ethical code of conduct within the organization to sustain ethical practice within employees. However, the practitioner should work on enhancing self-efficacy to curb unethical practices by individuals.

This research contributes to the management of garments manufacturers by a practical and theoretical understanding of what influences the ethical behavioural decision-making process. Valuable guidelines are provided on the ethical decision-making process in the garments manufacturing companies for future researchers.

Cyberloafing is an organization-directed counterproductive work behavior (CWB). One stream of literature deems cyberloafing to be bad for organizations and their employees, while another suggests cyberloafing is a coping response to stressful work events. Our work contributes to the latter stream of literature. The key objective of our study is to examine whether cyberloafing could be a means to cope with a stressful work event-abusive supervision, and if yes, what mediating and boundary conditions are involved. For this investigation, the authors leveraged the Stressor-Emotion-CWB theory which posits that individuals engage in CWB to cope with the negative affect generated by the stressors and that this relationship is moderated at the first stage by personality traits.

Using a multi-wave survey design, the authors collected data from 357 employees working in an Indian IT firm. Results revealed support for three out of the four hypotheses.

Based on the Stressor-Emotion-CWB theory, the authors found that work-related negative affect fully mediated the positive relationship between abusive supervision and cyberloafing, and work locus of control (WLOC) moderated the positive relationship between abusive supervision and work-related negative affect. The authors did not find any evidence of a direct relationship between abusive supervision and cyberloafing. Also, the positive indirect relationship between abusive supervision and cyberloafing through work-related negative affect was moderated at the first stage by the WLOC such that the indirect effect was stronger (weaker) at high (low) levels of WLOC.

This work demonstrates that cyberloafing could be a way for employees to cope with their abusive supervisors.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

This study aims to investigate the influence of CEO’s only-child status on corporate social responsibility (CSR) practices. It seeks to extend the understanding of upper echelon theory by examining unexplored CEO characteristics and their impact on CSR decisions.

The paper uses manually collected CEO family information and Chinese Stock and Market Accounting Research data as a basis to examine the influence of CEOs’ early-life experiences on their engagement in CSR activities. The study applies attachment security theory from developmental psychology and uses upper echelon theory, particularly focusing on CEOs’ only-child status. A comparative analysis of philanthropic donations between CEOs who are only children and those who have siblings is conducted. The study also examines the moderating effects of corporate slack resources and CEO shareholdings.

Preliminary findings suggest that CEOs who are only children are more likely to engage in CSR compared to their counterparts with siblings. However, the difference in donation amounts between the two groups tends to attenuate with decreased slack resources and increased CEO shareholdings.

To the best of the authors’ knowledge, this research represents the first attempt to investigate being the only child in one’s family and the CSR-related decision of CEOs, which extends the upper echelon theory by introducing the family science theory into the management domain.