Saved in:
Bibliographic Details
Main Authors: de Bruin, Marten, Mersinas, Konstantinos
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.16215
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929363384008704
author de Bruin, Marten
Mersinas, Konstantinos
author_facet de Bruin, Marten
Mersinas, Konstantinos
contents Cyber security incidents are increasing and humans play an important role in reducing their likelihood and impact. We identify a skewed focus towards technical aspects of cyber security in the literature, whereas factors influencing the secure behaviour of individuals require additional research. These factors span across both the individual level and the contextual level in which the people are situated. We analyse two datasets of a total of 37,075 records from a) self-reported security behaviours across the EU, and b) observed phishing-related behaviours from the industry security awareness training programmes. We identify that national culture, industry type, and organisational security culture play are influential Variables (antecedents) of individuals' security behaviour at contextual level. Whereas, demographics (age, gender, and level or urbanisation) and security-specific factors (security awareness, security knowledge, and prior experience with security incidents) are found to be influential variables of security behaviour at individual level. Our findings have implications for both research and practice as they fill a gap in the literature and provide concrete statistical evidence on the variables which influence security behaviour. Moreover, findings provides practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour. Consequently, organisations can tailor their security training and awareness efforts (e.g., through behaviour change interventions and/or appropriate employee group profiles), adapt their communications (e.g., of information security policies), and customise their interventions according to national culture characteristics to improve security behaviour.
format Preprint
id arxiv_https___arxiv_org_abs_2405_16215
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Individual and Contextual Variables of Cyber Security Behaviour -- An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour
de Bruin, Marten
Mersinas, Konstantinos
Cryptography and Security
Cyber security incidents are increasing and humans play an important role in reducing their likelihood and impact. We identify a skewed focus towards technical aspects of cyber security in the literature, whereas factors influencing the secure behaviour of individuals require additional research. These factors span across both the individual level and the contextual level in which the people are situated. We analyse two datasets of a total of 37,075 records from a) self-reported security behaviours across the EU, and b) observed phishing-related behaviours from the industry security awareness training programmes. We identify that national culture, industry type, and organisational security culture play are influential Variables (antecedents) of individuals' security behaviour at contextual level. Whereas, demographics (age, gender, and level or urbanisation) and security-specific factors (security awareness, security knowledge, and prior experience with security incidents) are found to be influential variables of security behaviour at individual level. Our findings have implications for both research and practice as they fill a gap in the literature and provide concrete statistical evidence on the variables which influence security behaviour. Moreover, findings provides practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour. Consequently, organisations can tailor their security training and awareness efforts (e.g., through behaviour change interventions and/or appropriate employee group profiles), adapt their communications (e.g., of information security policies), and customise their interventions according to national culture characteristics to improve security behaviour.
title Individual and Contextual Variables of Cyber Security Behaviour -- An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour
topic Cryptography and Security
url https://arxiv.org/abs/2405.16215