Search results

This paper aims to examine the conditions under which small and medium enterprises (SMEs) invest in security services when they migrate their e-commerce applications to the cloud environment. Using a risk management perspective, the paper assesses the impact of security service pricing, security incident prevalence and virulence to estimate SME security spending at the market level and draw out implications for SMEs and security service providers.

Security risks are inherently characterized by uncertainty. This study uses a Monte Carlo approach to understand the role of uncertainty in the decision to adopt security services. A model relating key security constructs is assembled based on key constructs from the domain. By manipulating security service costs and security incident types, the model estimates the market-level adoption of services, security incidents and damages incurred, along with measures of their relative dispersion.

Three key findings emerge from this study. First, adoption of services and protection is higher when tiered security services are provided, indicating that SMEs prefer to choose their security services rather than accept uniformly priced products. Second, SMEs are considered price-sensitive, resulting in a maximum level of spending in the market. Third, results indicate that security incidents and damages can be much higher than the mean in some cases, and this should serve as a cautionary note to SMEs.

Security spending has been modeled at the firm level. Adopting a market-level perspective represents a novel contribution. Additionally, the Monte Carlo approach provides managers with tangible measures of uncertainty, affording additional information and insight when making security service adoption decisions.

This paper aims to identify the critical success factors in improving information security in Ghanaian firms.

Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM).

The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization’s internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization’s information assets.

The authors discussed the implications of the authors’ findings for research, practice and policy.

The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them.

This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning information security awareness (ISA) amid growing technological threats.

This study uses a survey methodology, collecting data from 400 working individuals in Vietnam, to test the applicability of the KAB model and evaluate the moderating effects of age and education on the model’s established relationships. In addition, the theoretical model and hypotheses were evaluated using the partial least squares structural equation model (PLS-SEM) approach.

This research confirms the relationships posited in the KAB model. Notably, it shows that younger employees showcase a more positive attitude and behavior toward information security compared with their older counterparts. In addition, higher education levels strengthen the positive association between information security knowledge and attitude. The findings underscore the imperative for organizations to consider sociodemographic variables when formulating strategies to enhance ISA.

This study extends the KAB model by exploring the impact of sociodemographic factors, focusing on age and education in ISA. Overcoming the oversight in current literature, particularly in the context of technological threats, the research uses PLS-SEM and targets a specific demographic in Vietnam.

This paper aims to investigate the cooperative governance mechanisms for personal information security, which can help enrich digital governance research and provide a reference for the formulation of protection policies for personal information security.

This paper constructs an evolutionary game model consisting of regulators, digital enterprises and consumers, which is combined with the simulation method to examine the influence of different factors on personal information protection and governance.

The results reveal seven stable equilibrium strategies for personal information security within the cooperative governance game system. The non-compliant processing of personal information by digital enterprises can damage the rights and interests of consumers. However, the combination of regulatory measures implemented by supervisory authorities and the rights protection measures enacted by consumers can effectively promote the self-regulation of digital enterprises. The reputation mechanism exerts a restricting effect on the opportunistic behaviour of the participants.

The authors focus on the regulation of digital enterprises and do not consider the involvement of malicious actors such as hackers, and the authors will continue to focus on the game when assessing the governance of malicious actors in subsequent research.

This study's results enhance digital governance research and offer a reference for developing policies that protect personal information security.

This paper builds an analytical framework for cooperative governance for personal information security, which helps to understand the decision-making behaviour and motivation of different subjects and to better address issues in the governance for personal information security.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

This investigation serves a dual purpose: providing preliminary results and serving as a pilot study to confirm the viability of the hypotheses advanced towards a full-scale study. This paper aims to present the preliminary findings of an investigation that explored the constructs of personality traits and situational crime prevention theory (SCPT) as antecedents to social cognitive determinants (attitude, perceived behavioural control and subjective norms using the theory of planned behaviour [TPB] framing) and how these elements subsequently estimate compliant information security behaviour. Moreover, this paper delves into the contrasting influences of light and dark personality traits on insider information security compliance.

A cross-sectional survey was conducted to study SCPT measures and the personality factors dyad using a diverse but limited sample (n = 82).

There were ten significant direct relationships between SCPT factors and personality traits related to the components of the TPB. Seventeen hypotheses were not supported. However, these findings highlight the complexity of the topic under study.

Understanding individual differences within the compliance model could be used for custom training protocols, employee selection, assignment and specific types of information security interventions.

There is a scarcity of studies considering the effects of situational and personality factors, specifically the dark versus light triad of personality traits within the information security domain. Therefore, this preliminary result provides early insight that could guide further studies. This research could have important implications for organisations at risk of insider attacks.

The primary purpose of this study is to examine the factors leading to shopping cart abandonment and construct a model depicting interrelationship among them using interpretive structural modeling (ISM) and Matriced Impact Croises Multiplication Appliquee an un Classement (MICMAC).

Initially, 20 factors leading to shopping cart abandonment were extracted through a systematic literature review and expert opinions. Fifteen factors were finalized using the importance index and CIMTC method, for which consistency has been checked in SPSS software through a statistical reliability test. Finally, ISM and MICMAC approach is used to develop a model depicting the contextual relationship among finalized factors of shopping cart abandonment.

The ISM model depicts a technical glitch (SC8), cash on delivery not available (SC4), bad checkout interface (SC9), just browsing (SC11), and lack of physical examination (SC12) are drivers or independent factors. Additionally, four quadrants have been formulated in MICMAC analysis based on their dependency and driving power. This facilitates technical managers of e-commerce companies to focus more on factors leading to shopping cart abandonment according to their dependency and driving power.

Taking an expert’s opinion as a base may affect the results of the study due to biases based on subjectivity.

This study’s outcomes would accommodate practitioners, researchers, and multinational or national companies to indulge in e-commerce to anticipate factors restricting the general public from online shopping.

For the successful running of an e-commerce business and to retain the confidence of e-shoppers, every e-commerce company must make a strategy for controlling factors leading to shopping cart abandonment at the initial stage. So, this paper attempts to highlight the main factors leading to shopping cart abandonment and interrelate them using ISM and MICMAC approaches. It provides a clear path to technical heads, researchers, and consultants for handling these shopping cart abandonment factors.

Search engines, the most popular online services, are associated with several concerns. Users are concerned about the unauthorized processing of their personal data, as well as about search engines keeping track of their search preferences. Various search engines have been introduced to address these concerns, claiming that they protect users’ privacy. The authors call these search engines privacy-preserving search engines (PPSEs). This paper aims to investigate the factors that motivate search engine users to use PPSEs.

This study adopted protection motivation theory (PMT) and associated its constructs with subjective norms to build a comprehensive research model. The authors tested the research model using survey data from 830 search engine users worldwide.

The results confirm the interpretive power of PMT in privacy-related decision-making and show that users are more inclined to take protective measures when they consider that data abuse is a more severe risk and that they are more vulnerable to data abuse. Furthermore, the results highlight the importance of subjective norms in predicting and determining PPSE use. Because subjective norms refer to perceived social influences from important others to engage or refrain from protective behavior, the authors reveal that the recommendation from people that users consider important motivates them to take protective measures and use PPSE.

Despite its interesting results, this research also has some limitations. First, because the survey was conducted online, the study environment was less controlled. Participants may have been disrupted or affected, for example, by the presence of others or background noise during the session. Second, some of the survey items could possibly be misinterpreted by the respondents in the study questionnaire, as they did not have access to clarifications that a researcher could possibly provide. Third, another limitation refers to the use of the Amazon Turk tool. According Paolacci and Chandler (2014) in comparison to the US population, the MTurk workers are more educated, younger and less religiously and politically diverse. Fourth, another limitation of this study could be that Actual Use of PPSE is self-reported by the participants. This could cause bias because it is argued that internet users’ statements may be in contrast with their actions in real life or in an experimental scenario (Berendt et al., 2005, Jensen et al., 2005); Moreover, some limitations of this study emerge from the use of PMT as the background theory of the study. PMT identifies the main factors that affect protection motivation, but other environmental and cognitive factors can also have a significant role in determining the way an individual’s attitude is formed. As Rogers (1975) argued, PMT as proposed does not attempt to specify all of the possible factors in a fear appeal that may affect persuasion, but rather a systematic exposition of a limited set of components and cognitive mediational processes that may account for a significant portion of the variance in acceptance by users. In addition, as Tanner et al. (1991) argue, the ‘PMT’s assumption that the subjects have not already developed a coping mechanism is one of its limitations. Finally, another limitation is that the sample does not include users from China, which is the second most populated country. Unfortunately, DuckDuckGo has been blocked in China, so it has not been feasible to include users from China in this study.

The proposed model and, specifically, the subjective norms construct proved to be successful in predicting PPSE use. This study demonstrates the need for PPSE to exhibit and advertise the technology and measures they use to protect users’ privacy. This will contribute to the effort to persuade internet users to use these tools.

This study sought to explore the privacy attitudes of search engine users using PMT and its constructs’ association with subjective norms. It used the PMT to elucidate users’ perceptions that motivate them to privacy adoption behavior, as well as how these perceptions influence the type of search engine they use. This research is a first step toward gaining a better understanding of the processes that drive people’s motivation to, or not to, protect their privacy online by means of using PPSE. At the same time, this study contributes to search engine vendors by revealing that users’ need to be persuaded not only about their policy toward privacy but also by considering and implementing new strategies of diffusion that could enhance the use of the PPSE.

This research is a first step toward gaining a better understanding of the processes that drive people’s motivation to, or not to, protect their privacy online by means of using PPSEs.

With the widespread use of online communications, users are extremely vulnerable to a myriad of deception attempts. This study aims to extend the literature on deception in computer-mediated communication by investigating whether the manner in which popularity information (PI) is presented and media richness affects users’ judgments.

This study developed a randomized, within and 2 × 3 between-subject experimental design. This study analyzed the main effects of PI and media richness on the imitation magnitude of veracity judges and the effect of the interaction between PI and media richness on the imitation magnitude of veracity judges.

The manner in which PI is presented to people affects their tendency to imitate others. Media richness also has a main effect; text-only messages resulted in greater imitation magnitude than those viewed in full audiovisual format. The findings showed an interaction effect between PI and media richness.

The findings of this study contribute to the information systems literature by introducing the notion of herd behavior to judgments of truthfulness and deception. Also, the medium over which PI was presented significantly impacted the magnitude of imitation tendency: PI delivered through text-only medium led to a greater extent of imitation than when delivered in full audiovisual format. This suggests that media richness alters the degree of imitating others’ decisions such that the leaner the medium, the greater the expected extent of imitation.

The purpose of this study is to analyse cyberfraud in the South African banking industry using a multiple regression approach and develop a predictive model for the estimation and prediction of financial losses due to cyberfraud.

To mitigate the occurrence of cyberfraud, this study uses the multiple regression approach to correlate the relationship between financial loss and cyberfraud activities. The cyberfraud activities in South Africa are classified into three, namely, digital banking application, online and mobile banking fraud. Secondary data that captures the rate of cyberfraud occurrences within these three major categories with their resulting financial losses were used for the multiple regression analysis that was carried out in the Statistical Package for Social Science (SPSS, 2022 environment).

The results obtained indicate that the South African financial institutions still incur significant financial losses due to cyberfraud perpetration. The two main independent variables used to estimate the magnitude of financial loss in the South Africa’s banking industry are online (internet) banking fraud (X2) and mobile banking fraud (X3). Furthermore, a multiple regression model equation was developed for the prediction of financial loss as a function of the two independent variables (X2 and X3).

This study adds to the literature on cyberfraud mitigation. The findings may promote the combat against cyberfraud in the South Africa’s financial institutions. It may also assist South Africa’s financial institutions to predict the financial loss that financial institutions can incur over time. It is recommended that South Africa’s financial institutions pay attention to these two key variables and mitigate any associated risks as they are crucial in determining their profitability.

Existing literature indicated significant financial losses to cyberfraud perpetration without establishing any relationship between the magnitude of losses incurred and the prevalent forms of cyberfraud. Thus, the novelty of this study lies in the analysis of cyberfraud in the South African banking industry using a multiple regression approach to link financial losses to the perpetration of the prevalent forms of cyberfraud. It also develops a predictive model for the estimation and projection of financial losses.