Search results
1 – 10 of 252Ben Krishna, Satish Krishnan and M.P. Sebastian
The current body of empirical research regarding the impact of trust in the cybersecurity commitment of institutions on digital payment usage has focused solely on a macro-level…
Abstract
Purpose
The current body of empirical research regarding the impact of trust in the cybersecurity commitment of institutions on digital payment usage has focused solely on a macro-level analysis, overlooking the intricate dynamics between institutions' cybersecurity commitments and the trust levels of digital payment users. In light of this limitation, this study aims to offer a more comprehensive understanding of this complex relationship.
Design/methodology/approach
A case study was conducted on digital payment users in India through the critical realist lens. To gather data, interviews and focus group discussions were conducted with digital payment users from various regions of the country.
Findings
The citizen-centric outcomes of the national cybersecurity commitment (performance and responsiveness) are the most prominent and impactful trust indicators. These outcomes play a crucial role in shaping digital payment users' perception and trust in the cybersecurity commitment of public institutions. Individuals' value positions also influence trust judgments, as it is essential to recognize the value tensions that may arise due to security implementation and their congruence with citizens' values.
Research limitations/implications
The findings of this study have significant implications for policymakers. They are potentially an artifact of the security and perception of digital payment users and the cultural uniqueness of digital payment users in India.
Originality/value
The study proposes a holistic understanding of the relationship between institutions' cybersecurity commitments and the trust levels of digital payment users. It offers a qualitative evaluation of how digital payment users perceive and construe efficient information security management implemented by public institutions.
Details
Keywords
Tze Yin Khaw, Azlan Amran and Ai Ping Teoh
This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity…
Abstract
Purpose
This paper aims to explore the factors affecting cybersecurity implementation in organizations in various countries and develop a cybersecurity framework to improve cybersecurity practices within organizations for cybersecurity risk management through a systematic literature review (SLR) approach.
Design/methodology/approach
This SLR adhered to RepOrting Standards for Systematics Evidence Syntheses (ROSES) publication standards and used various research approaches. The study’s article selection process involved using Scopus, one of the most important scientific databases, to review articles published between 2014 and 2023.
Findings
This review identified the four main themes: individual factors, organizational factors, technological factors and governmental role. In addition, nine subthemes that relate to these primary topics were established.
Originality/value
This research sheds light on the multifaceted nature of cybersecurity by exploring factors influencing implementation and developing an improvement framework, offering valuable insights for researchers to advance theoretical developments, assisting industry practitioners in tailoring cybersecurity strategies to their needs and providing policymakers with a basis for creating more effective cybersecurity regulations and standards.
Details
Keywords
This study aims to assess the essential elements of internal organisational capability that influence the cybersecurity effectiveness of a construction firm. An extended McKinsey…
Abstract
Purpose
This study aims to assess the essential elements of internal organisational capability that influence the cybersecurity effectiveness of a construction firm. An extended McKinsey 7S model is used to analyse the relationship between a construction firm's cybersecurity effectiveness and nine internal capability elements: shared values, strategy, structure, systems, staff, style, skills, relationships with third parties and regulatory compliance.
Design/methodology/approach
Based on a quantitative research strategy, this study collected data through a cross-sectional survey of professionals working in the construction sector in the United Kingdom (UK). The collected data was analysed using descriptive and inferential statistical methods.
Findings
The findings underlined systems, regulatory compliance, staff and third-party relationships as the most significant elements of internal organisational capability influencing a construction firm's cybersecurity effectiveness, organised in order of importance.
Research limitations/implications
Future research possibilities are proposed including the extension of the proposed diagnostic model to consider additional external factors, examining it under varying industrial relationship conditions and developing a dynamic framework that helps improve cybersecurity capability levels while overseeing execution outcomes to ensure success.
Practical implications
The extended McKinsey 7S model can be used as a diagnostic tool to assess the organisation's internal capabilities and evaluate the effectiveness of implemented changes. This can provide specific ways for construction firms to enhance their cybersecurity effectiveness.
Originality/value
This study contributes to the field of cybersecurity in the construction industry by empirically assessing the effectiveness of cybersecurity in UK construction firms using an extended McKinsey 7S model. The study highlights the importance of two additional elements, third-party relationships and construction firm regulatory compliance, which were overlooked in the original McKinsey 7S model. By utilising this model, the study develops a concise research model of essential elements of internal organisational capability that influence cybersecurity effectiveness in construction firms.
Details
Keywords
Arne Roar Nygård and Sokratis K. Katsikas
This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital…
Abstract
Purpose
This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators.
Design/methodology/approach
A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development.
Findings
The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework.
Originality/value
To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.
Details
Keywords
Lelia Cristina Díaz-Pérez, Ana Laura Quintanar-Reséndiz, Graciela Vázquez-Álvarez and Rubén Vázquez-Medina
Based on this holistic model, the authors propose and analyze seven key issues related to the admissibility of digital media in cross-border trials considering four Latin American…
Abstract
Purpose
Based on this holistic model, the authors propose and analyze seven key issues related to the admissibility of digital media in cross-border trials considering four Latin American countries.
Design/methodology/approach
The authors apply the modeling process of the soft systems methodology by Checkland in order to develop a holistic model focused on human situation problems involving digital media and information technology devices or systems.
Findings
The authors discuss the status of the identified key issues in each country and offer a perspective on the integration of cross-border work analyzing the contribution of these key issues to the collaboration between countries criminal cases or the use of foreign digital artifacts in domestic trials.
Research limitations/implications
In this study, the authors assumed that the problems of official interaction between agencies of different countries are considered solved. However, for future studies or research, the authors recommend that these issues can be considered as relevant, since they are related to cross-border cooperation topics that will necessarily require unavoidable official arrangements, agreements and formalities.
Practical implications
This work is aimed at defining and analyzing the key issues that can contribute to the application of current techniques and methodologies in digital forensics as a tool to support the legal framework of each country, considering cross-border trials. Finally, the authors highlight the implications of this study lie in the identification and analysis of the key issues that must be considered for digital forensics as a support tool for the admissibility of digital evidence in cross-border trials.
Social implications
The authors consider that digital forensic will have high demand in cross-border trials, and it will depend on the people mobility between the countries considered in this study.
Originality/value
This paper shows that the soft systems methodology allows elaborating a holistic model focused on social problems involving digital media and informatics devices.
Details
Keywords
Jaeyoung Park, Woosik Shin, Beomsoo Kim and Miyea Kim
This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer’s data…
Abstract
Purpose
This study aims to explore the spillover effects of data breaches from a consumer perspective in the e-commerce context. Specifically, we investigate how an online retailer’s data breach affects consumers’ privacy risk perceptions of competing firms, and further how it affects shopping intention for the competitors. We also examine how the privacy risk contagion effect varies depending on the characteristics of competitors and their competitive responses.
Design/methodology/approach
We conducted two scenario-based experiments with surveys. To assess the spillover effects and the moderating effects, we employed an analysis of covariance. We also performed bootstrapping-based mediation analyses using the PROCESS macro.
Findings
We find evidence for the privacy risk contagion effect and demonstrate that it negatively influences consumers’ shopping intention for a competing firm. We also find that a competitor’s cybersecurity message is effective in avoiding the privacy risk contagion effect and the competitor even benefits from it.
Originality/value
While previous studies have examined the impacts of data breaches on customer perceptions of the breached firm, our study focuses on customer perceptions of the non-breached firms. To the best of the authors’ knowledge, this study is one of the first to provide empirical evidence for the negative spillover effects of a data breach from a consumer perspective. More importantly, this study empirically demonstrates that the non-breached competitor’s competitive response is effective in preventing unintended negative spillover in the context of the data breach.
Details
Keywords
Hassan Jamil, Tanveer Zia, Tahmid Nayeem, Monica T. Whitty and Steven D'Alessandro
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However…
Abstract
Purpose
The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.
Design/methodology/approach
The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.
Findings
The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.
Originality/value
The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.
Details
Keywords
Konstantinos Kalodanis, Panagiotis Rizomiliotis and Dimosthenis Anagnostopoulos
The purpose of this paper is to highlight the key technical challenges that derive from the recently proposed European Artificial Intelligence Act and specifically, to investigate…
Abstract
Purpose
The purpose of this paper is to highlight the key technical challenges that derive from the recently proposed European Artificial Intelligence Act and specifically, to investigate the applicability of the requirements that the AI Act mandates to high-risk AI systems from the perspective of AI security.
Design/methodology/approach
This paper presents the main points of the proposed AI Act, with emphasis on the compliance requirements of high-risk systems. It matches known AI security threats with the relevant technical requirements, it demonstrates the impact that these security threats can have to the AI Act technical requirements and evaluates the applicability of these requirements based on the effectiveness of the existing security protection measures. Finally, the paper highlights the necessity for an integrated framework for AI system evaluation.
Findings
The findings of the EU AI Act technical assessment highlight the gap between the proposed requirements and the available AI security countermeasures as well as the necessity for an AI security evaluation framework.
Originality/value
AI Act, high-risk AI systems, security threats, security countermeasures.
Details
Keywords
Amir Schreiber and Ilan Schreiber
In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues…
Abstract
Purpose
In the modern digital realm, while artificial intelligence (AI) technologies pave the way for unprecedented opportunities, they also give rise to intricate cybersecurity issues, including threats like deepfakes and unanticipated AI-induced risks. This study aims to address the insufficient exploration of AI cybersecurity awareness in the current literature.
Design/methodology/approach
Using in-depth surveys across varied sectors (N = 150), the authors analyzed the correlation between the absence of AI risk content in organizational cybersecurity awareness programs and its impact on employee awareness.
Findings
A significant AI-risk knowledge void was observed among users: despite frequent interaction with AI tools, a majority remain unaware of specialized AI threats. A pronounced knowledge difference existed between those that are trained in AI risks and those who are not, more apparent among non-technical personnel and sectors managing sensitive information.
Research limitations/implications
This study paves the way for thorough research, allowing for refinement of awareness initiatives tailored to distinct industries.
Practical implications
It is imperative for organizations to emphasize AI risk training, especially among non-technical staff. Industries handling sensitive data should be at the forefront.
Social implications
Ensuring employees are aware of AI-related threats can lead to a safer digital environment for both organizations and society at large, given the pervasive nature of AI in everyday life.
Originality/value
Unlike most of the papers about AI risks, the authors do not trust subjective data from second hand papers, but use objective authentic data from the authors’ own up-to-date anonymous survey.
Details
Keywords
Hamada Elsaid Elmaasrawy and Omar Ikbal Tawfik
This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance…
Abstract
Purpose
This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).
Design/methodology/approach
The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.
Findings
The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.
Research limitations/implications
This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.
Practical implications
The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.
Originality/value
To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.
Details