Identifying Cyberrisk Factors in Hybrid Workforce Environments

Przybyszewski, Krzysztof; Małagocka, Karolina; Przymus, Zofia

doi:10.29119/1641-3466.2023.184.20

Ten serwis zostanie wyłączony 2025-02-11.

Nowa wersja platformy, zawierająca wyłącznie zasoby pełnotekstowe, jest już dostępna.
Przejdź na https://bibliotekanauki.pl

Artykuł - szczegóły

Czasopismo

Zeszyty Naukowe. Organizacja i Zarządzanie / Politechnika Śląska

2023 | z. 184 Współczesne zarządzanie = Contemporary Management | 409-424

Tytuł artykułu

Identifying Cyberrisk Factors in Hybrid Workforce Environments

Autorzy

Krzysztof Przybyszewski , Karolina Małagocka , Zofia Przymus

Warianty tytułu

Języki publikacji

Abstrakty

Purpose: This academic paper addresses the impact of cyberattacks on companies, employees, and customers, particularly in the context of increased digitalization due to the pandemic. It emphasizes the importance of the human factor in cybersecurity and proposes the need for a universal tool to measure threat perception and behaviour tendencies. The paper aims to expand knowledge in measuring employee exposure to cyberthreats, especially in remote and hybrid work, by presenting methodology, findings and applications. Research Background: In recent years, cybersecurity has gained significant attention, with a surge in published articles focusing on technical aspects and the human factor. However, there is a research gap regarding potentially dangerous behaviour among employees in remote or hybrid work models. Understanding individual differences in perceptions of cybersecurity is crucial for identifying vulnerabilities and enhancing corporate cyber resilience. Methods: A qualitative pilot study was conducted to create the "Employees' Exposure to Cyberthreats Scale" based on interviews with cybersecurity professionals. The scale was then validated through a survey study with a representative sample of remote employees (N = 563). The questionnaire employed an expectancy approach, assessing severity and probability of unsafe behaviours on a 5-point scale. Findings & Value Added: This paper presents the development and validation of a cyber exposure scale, measuring general and specific categories of cyberexposure. Three behaviour categories emerged: environmental, credential-related, and behavioural. The study provides preliminary results and practical implications for organizations to enhance cyber resilience, emphasizing the importance of employee behaviour and attitudes for cybersecurity practices. The findings contribute to tailored security policies and the development of a cybersecurity-focused organizational culture. Originality/value: This research addresses a gap in the current cybersecurity literature by focusing on the behaviors and perceptions of employees in remote and hybrid work models, an area which has seen increased relevance due to the pandemic-induced shift to digital platforms. Introducing the 'Employee Cyber Threat Exposure Scale', this paper provides a tool to measure individual differences, offering organisations insights to strengthen their cyber resilience. (original abstract)

Słowa kluczowe

Cyberbezpieczeństwo Praca zdalna Transformacja cyfrowa

Cybersecurity Remote work Digital transformation

Czasopismo

Zeszyty Naukowe. Organizacja i Zarządzanie / Politechnika Śląska

Rocznik

2023

Numer

z. 184 Współczesne zarządzanie = Contemporary Management

Strony

409-424

Opis fizyczny

Twórcy

autor

Krzysztof Przybyszewski

Kozminski University, Warsaw, Poland

autor

Karolina Małagocka

Kozminski University, Warsaw, Poland

autor

Zofia Przymus

Kozminski University, Warsaw, Poland

Bibliografia

1. Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237-248. doi: 10.1080/0144929X.2012. 708787
2. Ajzen, I. (2011). The theory of planned behaviour: Reactions and reflections. Psychology & Health, 26(9), 1113-1127. doi: 10.1080/08870446.2011.613995
3. Ajzen, I., Fishbein, M. (1977). Attitude-behavior relations: A theoretical analysis and review of empirical research. Psychological Bulletin, 84(5), 888. doi: 10.1037/0033-2909.84.5.888
4. Alahmari, A., Duncan, B. (2020, June). Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA). IEEE, pp. 1-5. doi: 10.1109/cybersa49311.2020.9139638
5. Anwar, M., He, W., Yuan, X. (2016, November). Employment status and cybersecurity behaviors. 2016 International Conference on Behavioral, Economic and Socio-cultural Computing (BESC). IEEE, pp. 1-2. doi: 10.1109/besc.2016.7804493
6. Anwar, M., He, W., Ash, I., Yuan, X., Li, L., Xu, L. (2017). Gender difference and employees' cybersecurity behaviors. Computers in Human Behavior, 69, 437-443. doi: 10.1016/j.chb.2016.12.040
7. Arend, I., Shabtai, A., Idan, T., Keinan, R., Bereby-Meyer, Y. (2020). Passive-and not active-risk tendencies predict cyber security behavior. Computers & Security, 97, 101964. doi: 10.1016/j.cose.2020.101964
8. Bada, M., Sasse, A.M., Nurse, J.R. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672. doi.org:10.48550/arXiv.1901.02672
9. Bada, M., Nurse, J.R. (2019). Developing cybersecurity education and awareness programmes for small-and medium-sized enterprises (SMEs). Information & Computer Security, 27(3), 393-410. doi: 10.1108/ics-07-2018-0080
10. Donalds, C., Osei-Bryson, K.M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51, 102056. doi: 10.1016/j.ijinfomgt.2019.102056
11. Egelman, S., Peer, E. (2015, April). Scaling the security wall: Developing a security behavior intentions scale (sebis). Proceedings of the 33rd annual ACM conference on human factors in computing systems, pp. 2873-2882. doi: 10.1145/2702123.2702249
12. Enescu, S. (2019, June). The concept of cybersecurity culture. The Fourth Annual Conference of the National Defence College Romania in the New International Security Dynamics. Carol I National Defence University Publishing House, pp. 176-191. ISSN: 2668-3865
13. Ergen, A., Ünal, A.N., Saygili, M.S. (2021). Is It Possible to Change the Cyber Security Behaviours of Employees? Barriers and Promoters. Academic Journal of Interdisciplinary Studies, 10(4), 210. doi: 10.36941/ajis-2021-0111
14. Fishbein, M.E. (1967). Readings in attitude theory and measurement.
15. Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345-358. doi: 10.2307/588703
16. Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346. doi: 10.1016/j.heliyon.2017.e00346
17. Hadlington, L.J. (2018). Employees attitudes towards cyber security and risky online behaviours: an empirical assessment in the United Kingdom. doi: 10.1016/j.heliyon. 2017.e00346
18. Hong, W.C.H., Chi, C., Liu, J., Zhang, Y., Lei, V.N.L., Xu, X. (2023). The influence of social education level on cybersecurity awareness and behaviour: A comparative study of university students and working graduates. Education and Information Technologies, 28(1), 439-470. doi: 10.1007/s10639-022-11121-5
19. Kumar, S., Yukita, A.L.K. (2021, May). Millennials Behavioral Intention in Using Mobile Banking: Integrating Perceived Risk and Trust into TAM (A Survey in Jawa Barat). International Conference on Business and Engineering Management (ICONBEM 2021). Atlantis Press, pp. 210-217. doi: 0.2991/aebmr.k.210522.028
20. Lu, S., Ye, J., Tan, Y. (2023, April). Research on the Security of Data Cross-border Circulation in Cyberspace. 2023 International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE). IEEE, pp. 1-8. doi: 10.1109/ICDCECE57866.2023.10151374
21. McBride, M., Carter, L., Warkentin, M. (2012). Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies. RTI International-Institute for Homeland Security Solutions, 5(1), 1.
22. McCormac, A., Calic, D., Butavicius, M., Parsons, K., Zwaans, T., Pattinson, M. (2017). A reliable measure of information security awareness and the identification of bias in responses. Australasian Journal of Information Systems, 21. doi: 10.3127/ajis.v21i0.1697
23. McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M. (2017). Individual differences and information security awareness. Computers in Human Behavior, 69, 151-156. doi: 10.1016/j.chb.2016.11.065
24. McKinsey (n.d.). How COVID-19 study has pushed companies over the technology tipping point and transformed business forever. Retrieved from: https://www.mckinsey.com/ business-functions/strategy-and-corporate-finance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever, 30 June 2023.
25. Merhi, M., Hone, K., Tarhini, A., Ameen, N. (2021). An empirical examination of the moderating role of age and gender in consumer mobile banking use: a cross-national, quantitative study. Journal of Enterprise Information Management, 34(4), 1144-1168. doi: 10.1108/jeim-03-2020-0092
26. Monfared, A.R.K., Barootkoob, M., Sabokro, M., Keshavarz, M., Malmiri, M.M. (2023). The online stickiness circumstances in electronic retailing: website quality, perceived risk, and perceived value. International Journal of Electronic Business, 18(1), 51-76. doi: 10.1504/IJEB.2023.127532
27. Moustafa, A.A., Bello, A., Maurushat, A. (2021). The role of user behaviour in improving cyber security management. Frontiers in Psychology, 12, 561011.doi: 10.3389/fpsyg.2021.561011
28. Panko, R.R. (2010). Corporate computer and network security. Pearson Education India. doi: 10.3389/fpsyg.2021.561011
29. Pratama, A.R.I., Alshaikh, M., Alharbi, T. (2023). Increasing cybersecurity awareness through situated e-learning: a survey experiment. SSRN 4320165. doi: 10.2139/ssrn.4320165
30. Sağlam, R.B., Miller, V., Franqueira, V.N. (2023). A Systematic Literature Review on Cyber Security Education for Children. IEEE Transactions on Education. doi: 10.1109/TE.2022.3231019
31. Shropshire, J., Warkentin, M., Sharma, S. (2015). Personality, attitudes, and intentions: Predicting initial adoption of information security behavior. Computers & Security, 49, 177-191. doi: 10.1016/j.cose.2015.01.002
32. Shropshire, J., Warkentin, M., Johnston, A., Schmidt, M. (2006). Personality and IT security: An application of the five-factor model. AMCIS 2006 Proceedings, 415. doi: 10.1016/j.cose.2015.01.002
33. Singer, P.W., Friedman, A. (2014). Cybersecurity: What everyone needs to know. OUP USA. ISBN: 978-0-19-991809-6
34. Uebelacker, S., Quiel, S. (2014, July). The social engineering personality framework. 2014 Workshop on Socio-Technical Aspects in Security and Trust. IEEE, pp. 24-30. doi: 10.1109/stast.2014.12
35. Ünal, A.N. (2020). What's Happenning in Cyber Space? An interdisciplinary approach. In: H.N. Keleş, A. Ergen (Eds.), Cyberspace and Chaos: A Conceptual Approach to Cyber Terrorism (pp. 103-126). Berlin: Peter Lang GmbH. doi: 10.3726/b16722
36. von Solms, B., von Solms, R. (2018). Cybersecurity and information security-what goes where? Information & Computer Security, 26(1), 2-9. doi: 10.1108/ics-04-2017-0025
37. Vroom, V.H. (1964). Work and motivation. NY: John Wiley &sons, 45. ISBN 0-471- 91205-0
38. Wolfson, N. (1986). Research methodology and the question of validity. TESOL Quarterly, 20(4), 689-699. doi: 10.2307/3586519
39. Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., Basim, H.N. (2022). Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems, 62(1), 82-97. doi: 10.1080/08874417.2020.1712269

Typ dokumentu

Bibliografia

Identyfikatory

DOI

10.29119/1641-3466.2023.184.20

Identyfikator YADDA

bwmeta1.element.ekon-element-000171690610