Information Security Awareness in the Insurance Sector: Cognitive and Internal Factors and Combined Recommendations
Abstract
:1. Introduction
2. Literature Review
2.1. Information Security Behavior
2.2. From Information Security Behavior to Awareness
2.3. Information Security Awareness
2.4. Proposition Development & Research Model
2.4.1. Negative Experience
2.4.2. SETA Program
2.4.3. InfoSec Goals
2.4.4. Security Complexity
2.4.5. SETA Design
3. Materials and Methods
3.1. Data Analysis
3.2. Reliability & Validity
4. Results
4.1. Descriptive Statistics
4.1.1. Malware Experience
4.1.2. Phishing Experience
4.1.3. Measurement Item Statistics
4.2. Reliability & Validity of Results
4.3. Inferential Statistics
4.3.1. Proposition Results
4.3.2. Additional Separate Regressions per Group
4.3.3. Additional Mean Comparisons of ISA per Group
5. Discussion
5.1. Key Findings
5.2. ISA and Findings in Relation to SA
5.3. Research Limitations
5.4. Implications for Theory
5.5. Implications for Practice
5.6. Future Research Directions
6. Conclusions
- Research Constructs & Method: Five explaining constructs have been incorporated in the research to answer the research question, and their direct relationship with ISA has been tested by means of weighted regression analyses. The constructs are Negative Experience, SETA Program, InfoSec Goals, Security Complexity, and SETA Design.
- Impact of constructs on ISA:
- ∘
- InfoSec Goals: Have a positive impact on ISA, demonstrating that employees with a strong commitment to information security are more aware.
- ∘
- SETA Program: Has a positive impact on ISA by providing necessary education and training.
- ∘
- Security Complexity: Has a negative impact on ISA, indicating that higher complexity in security measures can decrease awareness and increase cognitive overload.
- Significant Insights: Security Complexity emerged as the most significant factor, followed by InfoSec Goals and SETA Program, aligning with the three levels of ISA within the SA framework.
- Group Analyses:
- ∘
- Additional group analyses and separate regressions have been conducted with the help of two group perspectives, (1) IT and non-IT employees and (2) managers and non-managers.
- ∘
- The separate regressions held a stricter significance level, demonstrating that Security Complexity has a significant contribution for each group.
- ∘
- Mean comparisons did not yield notable findings in ISA per group.
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Appendix A
Study | INST | IND | ENV | TECH | Theoretical Lens/Angle to Explain Awareness | Observation |
---|---|---|---|---|---|---|
[52] | X | X | Social Learning Theory | - | ||
[36] | X | X | X | Combines elements of general deterrence theory and social psychology | - | |
[35] | X | X | Relational Awareness | - | ||
[80] | X | X | Innovation Diffusion Theory | - | ||
[42] | X | X | Situation Awareness | Experimental, phishing context. Personality trait integration. | ||
[37] | X | Leadership Styles | Consistent results: leadership positively influences ISA | |||
[63] | X | X | Theory of Planned Behavior | |||
[19] | X | Social Learning Theory | Educational information and channels positively influence ISA | |||
[82] | X | Theory of Reasoned Action | ||||
[45] | X | Organizational and security culture | - | |||
[84] | X | Big Five Personality Traits Model | Consistent and similar results in demographic factors | |||
[83] | X | |||||
[55] | X | Demographic differences | ||||
[72] | X | Collectivism | - | |||
[85] | X | X | Demographic attributes and socioeconomic resources | - |
Appendix B
SETA | COMP | NEG | GOAL | SETAD | ISA | |
---|---|---|---|---|---|---|
SETA Program | -- | |||||
Security Complexity (COMP) | −0.102 | -- | ||||
Negative Experience (NEG) | 0.152 | 0.152 | -- | |||
InfoSec Goals (GOAL) | 0.568 ** | −0.112 | 0.160 * | -- | ||
SETA Design (SETAD) | 0.661 ** | 0.040 | 0.100 | 0.453 ** | -- | |
Information Security Awareness (ISA) | 0.402 ** | −0.493 ** | 0.045 | 0.550 ** | 0.184 * | -- |
Appendix C
Coefficients | |||
---|---|---|---|
Model | Collinearity Statistics | ||
Tolerance | VIF | ||
1 | SETA | 0.460 | 2.172 |
Complexity | 0.930 | 1.075 | |
Negative Experience | 0.937 | 1.068 | |
InfoSec Goals | 0.654 | 1.529 | |
SETA Design | 0.540 | 1.852 |
Appendix D. Convergent & Discriminant Validity
AVE | COMP | GOAL | ISA | SETA | SETAD | |
---|---|---|---|---|---|---|
COMP | 0.568 | 0.753 | ||||
GOAL | 0.858 | −0.145 | 0.926 | |||
ISA | 0.658 | −0.495 | 0.607 | 0.811 | ||
SETA | 0.579 | −0.286 | 0.582 | 0.53 | 0.761 | |
SETAD | 0.601 | −0.012 | 0.468 | 0.259 | 0.557 | 0.775 |
Appendix E. Harman’s Single Factor Test Results
Total Variance Explained | ||||||
---|---|---|---|---|---|---|
Component | Initial Eigenvalues | Extraction Sums of Squared Loadings | ||||
Total | % of Variance | Cumulative % | Total | % of Variance | Cumulative % | |
1 | 7.202 | 32.738 | 32.738 | 7.202 | 32.738 | 32.738 |
2 | 3.646 | 16.571 | 49.309 | |||
3 | 1.677 | 7.625 | 56.933 | |||
4 | 1.134 | 5.155 | 62.088 | |||
5 | 1.044 | 4.745 | 66.833 | |||
6 | 912 | 4.144 | 70.977 | |||
7 | 766 | 3.483 | 74.460 | |||
8 | 686 | 3.119 | 77.579 | |||
9 | 647 | 2.941 | 80.520 | |||
10 | 584 | 2.655 | 83.175 | |||
11 | 555 | 2.521 | 85.696 | |||
12 | 465 | 2.115 | 87.811 | |||
13 | 432 | 1.962 | 89.773 | |||
14 | 387 | 1.758 | 91.532 | |||
15 | 358 | 1.629 | 93.161 | |||
16 | 307 | 1.396 | 94.557 | |||
17 | 306 | 1.392 | 95.949 | |||
18 | 239 | 1.084 | 97.033 | |||
19 | 215 | 978 | 98.012 | |||
20 | 196 | 890 | 98.902 | |||
21 | 160 | 728 | 99.629 | |||
22 | 82 | 371 | 100.000 | |||
Extraction Method: Principal Component Analysis. |
Appendix F
Term | Definition | Reference |
---|---|---|
Cybersecurity | “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation”. | [147] |
Cyber resilience | “Cyber resilience refers to the ability to continuously deliver the intended outcome despite adverse cyber events.” | [148] (p. 2) |
Information security | “The protection of information, which is an asset, from possible harm resulting from various threats and vulnerabilities”. | [149] (p. 4) |
Information security policies (ISPs) | Information security policies are formalized documents that outline the rules and guidelines for protecting an organization’s information and technology resources. These policies aim to ensure that employees understand their roles and responsibilities in maintaining the security of the organization’s information systems. | [25] |
Information systems | “Information systems are interrelated components working together to collect, process, store, and disseminate information to support decision making, coordination, control, analysis, and visualization in an organization.” | [150] (p. 44) |
References
- Admass, W.S.; Munaye, Y.Y.; Diro, A. Cyber security: State of the art, challenges and future directions. Cyber Secur. Appl. 2023, 2, 100031. [Google Scholar] [CrossRef]
- Thakur, M. Cyber Security Threats and Countermeasures in Digital Age. J. Appl. Sci. Educ. (JASE) 2024, 4, 1–20. [Google Scholar]
- Gartner. Top Trends in Cybersecurity for 2024; Gartner: Stamford, CT, USA, 2024; Available online: https://www.gartner.com/en/cybersecurity/trends/cybersecurity-trends (accessed on 23 June 2024).
- Borkovich, D.; Skovira, R. Working from Home: Cybersecurity in the Age of Covid-19. Issues Inf. Syst. 2020, 21, 234–246. [Google Scholar] [CrossRef]
- Weil, T.; Murugesan, S. IT risk and resilience—Cybersecurity response to COVID-19. IT Prof. 2020, 22, 4–10. [Google Scholar] [CrossRef]
- Saleous, H.; Ismail, M.; AlDaajeh, S.H.; Madathil, N.; Alrabaee, S.; Choo, K.K.R.; Al-Qirim, N. COVID-19 pandemic and the cyberthreat landscape: Research challenges and opportunities. Digit. Commun. Netw. 2023, 9, 211–222. [Google Scholar]
- Gartner. Top Trends in Cybersecurity 2022; Gartner: Stamford, CT, USA, 2022. [Google Scholar]
- Almansoori, A.; Al-Emran, M.; Shaalan, K. Exploring the Frontiers of Cybersecurity Behaviour: A Systematic Review of Studies and Theories. Appl. Sci. 2023, 13, 5700. [Google Scholar] [CrossRef]
- Bowen, B.M.; Devarajan, R.; Stolfo, S. Measuring the human factor of cyber security. In Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security (HST), Waltham, MA, USA, 15–17 November 2011; pp. 230–235. [Google Scholar]
- Onumo, A.; Ullah-Awan, I.; Cullen, A. Assessing the moderating effect of security technologies on employees compliance with cybersecurity control procedures. ACM Trans. Manag. Inf. Syst. 2021, 12, 11. [Google Scholar] [CrossRef]
- Jeong, C.Y.; Lee, S.Y.T.; Lim, J.H. Information security breaches and IT security investments: Impacts on competitors. Inf. Manag. 2019, 56, 681–695. [Google Scholar]
- Alsharida, R.A.; Al-rimy, B.A.S.; Al-Emran, M.; Zainal, A. A systematic review of multi perspectives on human cybersecurity behaviour. Technol. Soc. 2023, 73, 102258. [Google Scholar]
- Cram, W.A.; D’Arcy, J. ‘What a waste of time’: An examination of cybersecurity legitimacy. Inf. Syst. J. 2023, 33, 1396–1422. [Google Scholar]
- Baltuttis, D.; Teubner, T.; Adam, M.T. A typology of cybersecurity behaviour among knowledge workers. Comput. Secur. 2024, 140, 103741. [Google Scholar]
- Siponen, M.T. A conceptual foundation for organizational information security awareness. Inf. Manag. Comput. Secur. 2000, 8, 31–41. [Google Scholar] [CrossRef]
- Wang, W.; Harrou, F.; Bouyeddou, B.; Senouci, S.M.; Sun, Y. Cyber-attacks detection in industrial systems using artificial intelligence-driven methods. Int. J. Crit. Infrastruct. Prot. 2022, 38, 100542. [Google Scholar]
- Alyami, A.; Sammon, D.; Neville, K.; Mahony, C. Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: An empirical comparison of practitioner perspectives. Inf. Comput. Secur. 2024, 32, 53–73. [Google Scholar]
- Aldawood, S.; Skinner, G. Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet 2019, 11, 73. [Google Scholar] [CrossRef]
- Hwang, I.; Wakefield, R.; Kim, S.; Kim, T. Security Awareness: The First Step in Information Security Compliance Behaviour. J. Comput. Inf. Syst. 2021, 61, 345–356. [Google Scholar] [CrossRef]
- Kannelønning, I.H.; Katsikas, S.K. A systematic literature review of how cybersecurity-related behaviour has been assessed. Inf. Comput. Secur. 2023, 31, 463–477. [Google Scholar]
- Gulyás, A.; Kiss, A. Impact of Cyber-Attacks on the Financial Institutions. Procedia Comput. Sci. 2023, 219, 84–90. [Google Scholar] [CrossRef]
- Kuraku, D.S.; Kalla, D.; Smith, N.; Samaah, F. Safeguarding FinTech: Elevating Employee Cybersecurity Awareness in Financial Sector. Int. J. Appl. Inf. Syst. (IJAIS) 2023, 12, 43–47. [Google Scholar]
- Rohan, R.; Pal, D.; Hautamäki, J.; Funilkul, S.; Chutimaskul, W.; Thapliyal, H. A systematic literature review of cybersecurity scales assessing information security awareness. Heliyon 2023, 9, e08671. [Google Scholar] [CrossRef]
- Donalds, B.; Barclay, S. Beyond Technical Measures: A Value-Focused Thinking Appraisal of Strategic Drivers in Improving Information Security Policy Compliance. Eur. J. Inf. Syst. 2021, 31, 58–73. [Google Scholar] [CrossRef]
- Bulgurcu, B.; Cavusoglu, H.; Benbasat, I. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Q. 2010, 34, 523–548. [Google Scholar]
- Chen, Y.; Galletta, D.F.; Lowry, P.B.; Luo, X.R.; Moody, G.D.; Willison, R. Understanding Inconsistent Employee Compliance with Information Security Policies through the Lens of the Extended Parallel Process Model. Inf. Syst. Res. 2021, 32, 1043–1065. [Google Scholar] [CrossRef]
- Fertig, T.; Schütz, A.E.; Weber, K. Current Issues of Metrics for Information Security Awareness. In Proceedings of the 28th European Conference on Information Systems (ECIS), An AIS Conference, Online, 15–17 June 2020. [Google Scholar]
- Schuetz, S.W.; Lowry, P.B.; Pienta, D.A. The effectiveness of abstract versus concrete fear appeals in information security. J. Manag. Inf. Syst. 2020, 37, 723–757. [Google Scholar] [CrossRef]
- Ng, K.C.; Zhang, X.; Thong, J.Y.L.; Tam, K.Y. Protecting against threats to information security: An attitudinal ambivalence perspective. J. Manag. Inf. Syst. 2021, 38, 732–764. [Google Scholar] [CrossRef]
- Cram, W.A.; D’Arcy, J.; Proudfoot, J.G. Seeing the Forest and the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance. MIS Q. 2019, 43, 525–554. [Google Scholar] [CrossRef]
- Dhillon, G.; Smith, K.; Dissanayaka, I. Information systems security research agenda: Exploring the gap between research and practice. J. Strateg. Inf. Syst. 2021, 30, 101693. [Google Scholar] [CrossRef]
- Ko, A.; Tarján, G.; Mitev, A. Information security awareness maturity: Conceptual and practical aspects in Hungarian organizations. Inf. Technol. People 2023, 36, 174–195. [Google Scholar]
- Li, W.; Leung, A.; Yue, W. Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches. MIS Q. 2023, 47, 317–342. [Google Scholar] [CrossRef]
- Alahmari, A.; Renaud, K.; Omoronyia, I. Moving Beyond Cyber Security Awareness and Training to Engendering Security Knowledge Sharing. Inf. Syst. E-Bus. Manag. 2023, 21, 123–158. [Google Scholar] [CrossRef]
- Ahlan, A.R.; Lubis, M.; Lubis, A.R. Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures. Procedia Comput. Sci. 2015, 72, 361–373. [Google Scholar] [CrossRef]
- Haeussinger, F.; Kranz, J. Antecedents of employees’ information security awareness: Review, synthesis, and directions for future research. In Proceedings of the 25th European Conference on Information Systems (ECIS), Guimarães, Portugal, 5–10 June 2017; pp. 1–20. [Google Scholar]
- Humaidi, N.; Balakrishnan, V. Leadership styles and information security compliance behaviour: The mediator effect of information security awareness. Int. J. Inf. Educ. Technol. 2015, 5, 311. [Google Scholar]
- Al-Omari, A.; El-Gayar, O.; Deokar, A. Information security policy compliance: The role of information security awareness. In Proceedings of the Eighteenth Americas Conference on Information Systems, Seattle, WA, USA, 9–12 August 2012; pp. 1–10. [Google Scholar]
- Al-Omari, A.; El-Gayar, O.; Deokar, A. Security policy compliance: User acceptance perspective. In Proceedings of the 2012 45th Hawaii International Conference on System Sciences, Maui, HI, USA, 4–7 January 2012; pp. 1–10. [Google Scholar]
- D’Arcy, J.; Hovav, A.; Galletta, D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Inf. Syst. Res. 2009, 20, 79–98. [Google Scholar]
- Guzman, I.R.; Galvez, S.M.; Stanton, J.M.; Stam, K.R. Information Security Awareness and Information Security Practices of Internet Users in Bolivia: A Socio-Cognitive View. RELCASI 2014, 6, 2. [Google Scholar]
- Jaeger, L.; Eckhardt, A. Eyes wide open: The role of situational information security awareness for security-related behaviour. Inf. Syst. J. 2021, 31, 429–472. [Google Scholar]
- Liu, C.; Wang, N.; Liang, H. Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment. Int. J. Inf. Manag. 2020, 54, 102152. [Google Scholar]
- Alanazi, M.; Freeman, M.; Tootell, H. Exploring the factors that influence the cybersecurity behaviors of young adults. J. Comput. Hum. Behav. 2022, 136, 107376. [Google Scholar] [CrossRef]
- Wiley, J.; McCormac, A.; Calic, D. More Than the Individual: Examining the Relationship Between Culture and Information Security Awareness. Comput. Secur. 2020, 88, 101640. [Google Scholar] [CrossRef]
- Hitchings, J. Deficiencies of the traditional approach to information security and the requirements for a new methodology. Comput. Secur. 1995, 14, 377–383. [Google Scholar] [CrossRef]
- Crossler, R.E.; Johnston, A.C.; Lowry, P.B.; Hu, Q.; Warkentin, M.; Baskerville, R. Future directions for behavioural information security research. Comput. Secur. 2013, 32, 90–101. [Google Scholar] [CrossRef]
- Hanus, B.; Windsor, J.C.; Wu, Y. Definition and multidimensionality of security awareness: Close encounters of the second order. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 2018, 49, 103–133. [Google Scholar] [CrossRef]
- Maalem Lahcen, R.A.; Caulkins, B.; Mohapatra, R.; Kumar, M. Review and insight on the behavioural aspects of cybersecurity. Cybersecurity 2020, 3, 10. [Google Scholar] [CrossRef]
- Stanton, J.M.; Stam, K.R.; Mastrangelo, P.M.; Jolton, J.A. Behavioral information security: An overview, results, and research agenda. Hum. Comput. Interact. Manag. Inf. Syst. 2015, 12, 276–294. [Google Scholar]
- Chan, R.Y. K Woon, I.; Kankanhalli, A. Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior. J. Inf. Priv. Secur. 2005, 1, 18–41. [Google Scholar] [CrossRef]
- Johnston, A.C.; Wech, B.; Jack, E.; Beavers, M. Reigning in the Remote Employee: Applying Social Learning Theory to Explain Information Security Policy Compliance Attitudes. In Proceedings of the AMCIS 2010, 15–18 August; p. 493.
- Duzenci, D.; Kitapci, H.; Gok, M.S. The Role of Decision-Making Styles in Shaping Cybersecurity Compliance Behavior. Appl. Sci. 2023, 13, 8731. [Google Scholar] [CrossRef]
- Warkentin, M.; Johnston, A.C.; Shropshire, J. The influence of the informal social learning environment in information security awareness programs. Eur. J. Inf. Syst. 2011, 20, 259–272. [Google Scholar] [CrossRef]
- Chua, H.N.; Chua, S.F.; Low,, Y.C.; Chang, Y. Impact of Employees’ Demographic Characteristics on the Awareness and Compliance of Information Security Policy in Organizations. Telematics Inf. 2018, 35, 1770–1780. [Google Scholar] [CrossRef]
- Luo, X.R.; Li, H.; Hu, Q.; Xu, H. Why Individual Employees Commit Malicious Computer Abuse: A Routine Activity Theory Perspective. J. Assoc. Inf. Syst. 2020, 21. [Google Scholar] [CrossRef]
- Shah, P.; Agarwal, A. Cyber Suraksha: A Card Game for Smartphone Security Awareness. Inf. Comput. Secur. 2023, 31, 576–600. [Google Scholar] [CrossRef]
- Choi, H.; Park, S.; Kang, J. Enhancing Participatory Security Culture in Public Institutions: An Analysis of Organizational Employees’ Security Threat Recognition Processes. IEEE Access 2024, 12, 47543–47558. [Google Scholar] [CrossRef]
- Lebek, B.; Uffen, J.; Breitner, M.H.; Neumann, M.; Hohler, B. Employees’ Information Security Awareness and Behavior: A Literature Review. In Proceedings of the 2013 46th Hawaii International Conference on System Sciences, Wailea, HI, USA, 7-10 January 2013; pp. 2978–2987. [Google Scholar] [CrossRef]
- Rocha Flores, W.; Ekstedt, M. Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Comput. Secur. 2016, 59, 26–44. [Google Scholar] [CrossRef]
- Moody, G.D.; Siponen, M.; Pahnila, S. Toward a Unified Model of Information Security Policy Compliance. MIS Q. 2018, 42, 285–312. [Google Scholar] [CrossRef]
- Hutchinson, G.; Ophoff, J. A descriptive review and classification of organizational information security awareness research. In Proceedings of the 18th International Information Security Conference 2019, Johannesburg, South Africa, 15 August 2019. [Google Scholar]
- Grassegger, T.; Nedbal, D. The role of employees’ information security awareness on the intention to resist social engineering. Procedia Comput. Sci. 2021, 181, 59–66. [Google Scholar]
- Jaeger, L.; Eckhardt, A. Making cues salient: The Role of Security Awareness in shaping Threat and Coping Appraisals. In Proceedings of the 25th European Conference on Information Systems (ECIS) 2017, Guimarães, Portugal, 5–10 June 2017; pp. 2525–2535, ISBN 978-0-9915567-0-0. Available online: https://aisel.aisnet.org/ecis2017_rip/5 (accessed on 14 August 2024).
- Torten, R.; Reaiche, C.; Boyle, S. The Impact of Security Awareness on Information Technology Professionals’ Behavior. Comput. Secur. 2018, 79, 68–79. [Google Scholar] [CrossRef]
- Li, L.; He, W.; Xu, L.; Ash, I.; Anwar, M.; Yuan, X. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behaviour. Int. J. Inf. Manag. 2019, 45, 13–24. [Google Scholar]
- Hu, S.; Hsu, C.; Zhou, Z. Security Education, Training, and Awareness Programs: Literature Review. J. Comput. Inf. Syst. 2021, 62, 752–764. [Google Scholar] [CrossRef]
- Bandura, A.; Walters, R.H. Social Learning Theory; Englewood Cliffs: Prentice Hall, NJ, USA, 1977; Volume 1. [Google Scholar]
- Zainal, N.C.; Puad, M.; Sani, N. Moderating Effect of Self-Efficacy in the Relationship Between Knowledge, Attitude and Environment Behavior of Cybersecurity Awareness. Asian Social Science. 2022, 18, 1–55. [Google Scholar]
- Ormond, D.; Warkentin, M.; Crossler, R.E. Integrating Cognition with an Affective Lens to Better Understand Information Security Policy Compliance. J. Assoc. Inf. Syst. 2019, 20. [Google Scholar] [CrossRef]
- Jensen, M.L.; Durcikova, A.; Wright, R.T. Using susceptibility claims to motivate behaviour change in IT security. Eur. J. Inf. Syst. 2021, 30, 27–45. [Google Scholar] [CrossRef]
- Park, E.H.; Kim, J.; Wiles, L. The Role of Collectivism and Moderating Effect of IT Proficiency on Intention to Disclose Protected Health Information. Inf. Technol. Manag. 2023, 24, 177–193. [Google Scholar] [CrossRef]
- Shaw, R.S.; Chen, C.C.; Harris, A.L.; Huang, H. The Impact of Information Richness on Information Security Awareness Training Effectiveness. Comput. Educ. 2009, 52, 92–100. [Google Scholar] [CrossRef]
- Lebek, B.; Uffen, J.; Neumann, M.; Hohler, B.; Breitner, M.H. Information security awareness and behaviour: A theory-based literature review. Manag. Res. Rev. 2014, 37, 256–276. [Google Scholar] [CrossRef]
- Endsley, M.R. Toward a theory of situation awareness in dynamic systems. J. Hum. Factors Ergon. Soc. 1995, 37, 32–64. [Google Scholar] [CrossRef]
- Stubbings, L.; Chaboyer, W.; McMurray, A. Nurses’ use of situation awareness in decision-making: An integrative review. J. Adv. Nurs. 2012, 68, 1443–1453. [Google Scholar]
- Franke, U.; Brynielsson, J. Cyber situational awareness–a systematic review of the literature. Comput. Secur. 2014, 46, 18–31. [Google Scholar] [CrossRef]
- Renaud, J.; Ophoff, J. A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs. Organizational Cybersecurity Journal: Practice, Process and People. Organ. Cybersecur. J. Pract. Process People 2021. [Google Scholar] [CrossRef]
- Tianfield, H. Towards integrating a task allocation mechanism into a cyber security situation awareness system. In Proceedings of the Cyber and Information Security Research Conference (CISRC) 2016, Oak Ridge, TN, USA, 5–7 April 2016; pp. 60–66. [Google Scholar]
- Alshboul, Y.; Streff, K. Beyond cybersecurity awareness: Antecedents and satisfaction. In Proceedings of the 2017 International Conference on Software and e-Business, Hong Kong, China, 28–30 December 2017. [Google Scholar]
- Jaeger, L. Information security awareness: Literature review and integrative framework. In Proceedings of the 51st Hawaii International Conference on System Sciences, Hilton Waikoloa Village, HI, USA, 3–6 January 2018; pp. 4703–4712. [Google Scholar]
- Bauer, S.; Bernroider, E.W. From information security awareness to reasoned compliant action: Analyzing information security policy compliance in a large banking organization. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 2017, 48, 44–68. [Google Scholar]
- McCormac, A.; Zwaans, T.; Parsons, K.; Calic, D.; Butavicius, M.; Pattinson, M. Individual differences and Information Security Awareness. Comput. Hum. Behav. 2017, 69, 151–156. [Google Scholar] [CrossRef]
- van der Schyff, S.; Flowerday, S.V. Proposing a user-centric and context-aware conceptual model for enhancing cybersecurity behaviour. Behav. Inf. Technol. 2021, 40, 354–369. [Google Scholar]
- Lyon, G. Informational inequality: The role of resources and attributes in information security awareness. Inf. Comput. Secur. 2024, 32, 197–217. [Google Scholar]
- Tsohou, A.; Karyda, M.; Kokolakis, S. Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs. Comput. Secur. 2015, 52, 128–141. [Google Scholar] [CrossRef]
- Endsley, M.R. Design and evaluation for situation awareness enhancement. In Proceedings of the Human Factors Society Annual Meeting; Sage Publications: Los Angeles, CA, USA, 1988. [Google Scholar]
- Kovačević, A.; Putnik, N.; Tošković, O. Factors related to cyber security behaviour. IEEE Access 2020, 8, 125140–125148. [Google Scholar] [CrossRef]
- Frank, M.; Kohn, M. Understanding Extra-Role Security Behaviors: An Integration of the Self-Determination Theory and Construal Level Theory. Computers & Security 2023, 132, 103386. [Google Scholar] [CrossRef]
- Peltier, T.R. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management; CRC Press: Boca Raton, FL, USA, 2005. [Google Scholar]
- Amankwa, E.; Loock, M.; Kritzinger, E. A conceptual analysis of information security education, information security training and information security awareness definitions. In Proceedings of the 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014), London, UK, 8–10 December 2014. [Google Scholar]
- Tsohou, A.; Kokolakis, S.; Karyda, M. Understanding information security awareness: A systematic literature review. Comput. Secur. 2015, 49, 8–27. [Google Scholar] [CrossRef]
- Eminağaoğlu, M.; Uçar, E.; Eren, Ş. The positive outcomes of information security awareness training in companies—A case study. Inf. Secur. Tech. Rep. 2009, 14, 223–229. [Google Scholar] [CrossRef]
- Kweon, E.; Lee, H.; Chai, S.; Yoo, K. The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence. Inf. Syst. Front. 2021, 23, 361–373. [Google Scholar] [CrossRef]
- Sikolia, D.; Biros, D.; Zhang, T. How Effective Are SETA Programs Anyway: Learning and Forgetting in Security Awareness Training. J. Cybersecurity Educ. Res. Pract. 2023, 2023. [Google Scholar] [CrossRef]
- Alkhazi, B.; Alshaikh, M.; Alkhezi, S.; Labbaci, H. Assessment of the impact of information security awareness training methods on knowledge, attitude, and behaviour. IEEE Access 2022, 10, 132132–132143. [Google Scholar] [CrossRef]
- Zhang-Kennedy, L.; Chiasson, S. A Systematic Review of Multimedia Tools for Cybersecurity Awareness and Education. ACM Comput. Surv. 2021, 54, 12. [Google Scholar] [CrossRef]
- Silic, M.; Lowry, P.B. Using design-science based gamification to improve organizational security training and compliance. J. Manag. Inf. Syst. 2020, 37, 129–161. [Google Scholar]
- Dincelli, E.; Chengalur-Smith, I. Choose your own training adventure: Designing a gamified SETA artefact for improving information security and privacy through interactive storytelling. Eur. J. Inf. Syst. 2020, 29, 669–687. [Google Scholar] [CrossRef]
- Emm, D. Gamification—Can it be applied to security awareness training? Netw. Secur. 2021, 4, 16–18. [Google Scholar] [CrossRef]
- Abawajy, J. User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 2014, 33, 237–248. [Google Scholar]
- Kajzer, M.; D’Arcy, J.; Crowell, C.R.; Striegel, A.; Van Bruggen, D. An exploratory investigation of message-person congruence in information security awareness campaigns. Comput. Secur. 2014, 43, 64–76. [Google Scholar]
- Yoo, C.W.; Sanders, G.L.; Cerveny, R.P. Exploring the Influence of Flow and Psychological Ownership on Security Education, Training and Awareness Effectiveness and Security Compliance. Decis. Support Syst. 2018, 108, 107–118. [Google Scholar] [CrossRef]
- Puhakainen, P.; Siponen, M. Improving employees’ compliance through information systems security training: An action research study. MIS Q. 2010, 34, 757–778. [Google Scholar]
- Chu, A.M.; So, M.K. Organizational information security management for sustainable information systems: An unethical employee information security behaviour perspective. Sustainability 2020, 12, 3163. [Google Scholar]
- Goo, J.; Yim, M.-S.; Kim, D.J. A path to successful management of employee security compliance: An empirical study of information security climate. IEEE Trans. Prof. Commun. 2014, 57, 286–308. [Google Scholar]
- Davis, J.; Agrawal, D.; Guo, X. Enhancing users’ security engagement through cultivating commitment: The role of psychological needs fulfilment. Eur. J. Inf. Syst. 2023, 32, 195–206. [Google Scholar] [CrossRef]
- Cavallari, M. Organizational Determinants and Compliance Behaviour to Shape Information Security Plan. Acad. J. Interdiscip. Stud. 2023, 12, 1. [Google Scholar] [CrossRef]
- Vedadi, A.; Warkentin, M.; Straub, D.W.; Shropshire, J. Fostering Information Security Compliance as Organizational Citizenship Behavior. Inf. Manage. 2024, 61, 103968. [Google Scholar] [CrossRef]
- Price, W.; Price, T.; Tenan, M.; Head, J.; Maslin, W.; LaFiandra, M. Acute Stress Causes Overconfidence in Situation Awareness. In Proceedings of the 2016 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), San Diego, CA, USA, 15–18 March 2016; IEEE: New York, NY, USA, 2016; pp. 1–6. [Google Scholar] [CrossRef]
- McCormac, A.; Calic, D.; Parsons, K.; Butavicius, M.; Pattinson, M.; Lillie, M. The effect of resilience and job stress on information security awareness. Inf. Comput. Secur. 2018, 26, 463–483. [Google Scholar] [CrossRef]
- Lee, C.; Lee, C.C.; Kim, S. Understanding information security stress: Focusing on the type of information security compliance activity. Comput. Secur. 2016, 59, 60–70. [Google Scholar] [CrossRef]
- D’Arcy, J.; Teh, P.-L. Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Inf. Manag. 2019, 56, 103151. [Google Scholar] [CrossRef]
- Cram, W.A.; D’Arcy, J.; Proudfoot, J.G. When enough is enough: Investigating the antecedents and consequences of information security fatigue. Inf. Syst. J. 2021, 31, 521–549. [Google Scholar] [CrossRef]
- D’Arcy, J.; Herath, T.; Shoss, M.K. Understanding employee responses to stressful information security requirements: A coping perspective. J. Manag. Inf. Syst. 2014, 31, 285–318. [Google Scholar]
- Harper, A.; Mustafee, N.; Pitt, M. Increasing situation awareness in healthcare through real-time simulation. J. Oper. Res. Society 2023, 74, 2339–2349. [Google Scholar]
- Bolger, C.; Brummel, B.; Aurigemma, S.; Moore, T.; Baskin, M. Information security awareness: Identifying gaps in current measurement tools. In Proceedings of the 22nd Annual Security Conference (ASC), Las Vegas, NV, USA, 29–30 April 2023. [Google Scholar]
- Nwachukwu, U.; Vidgren, J.; Niemimaa, M.; Järveläinen, J. Do SETA Interventions Change Security Behavior? A Literature Review. In Proceedings of the 56th Annual Hawaii International Conference on System Sciences (HICSS 2023); Bui, T.X., Ed.; University of Hawaii, Mānoa: Honolulu, HI, USA, 2023; pp. 6300–6309. [Google Scholar]
- Hart, C. Doing a Literature Review: Releasing the Social Science Research Imagination; Sage: London, UK, 1998. [Google Scholar]
- Kraus, S.; Breier, M.; Lim, W.M.; Dabić, M.; Kumar, S.; Kanbach, D.; Mukherjee, D.; Corvello, V.; Piñeiro-Chousa, J.; Liguori, E. Literature reviews as independent studies: Guidelines for academic practice. Rev. Manag. Sci. 2022, 16, 2577–2595. [Google Scholar]
- Letts, L.; Wilkins, S.; Law, M.C.; Stewart, D.A.; Bosch, J.; Westmorland, M.G. Guidelines for Critical Review Form—Qualitative Studies (Version 2.0); McMaster University Occupational Therapy Evidence-Based Practice Research Group: Hamilton, ON, Canada, 2007; pp. 1–12. [Google Scholar]
- Roscoe, J.T. Fundamental Research Statistics for the Behavioural Sciences, 2nd ed.; Holt, Rinehart & Winston: New York, NY, USA, 1975. [Google Scholar]
- Chandarman, R.; Van Niekerk, B. Students’ cybersecurity awareness at a private tertiary educational institution. Afr. J. Inf. Commun. 2017, 20, 133–155. [Google Scholar]
- Sarkar, S.; Vance, A.; Ramesh, B.; Demestihas, M.; Wu, D.T. The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context. Inf. Syst. Res. 2020, 31, 1240–1259. [Google Scholar] [CrossRef]
- Forthofer, R.N.; Lee, E.S.; Hernandez, M. Biostatistics: A Guide to Design, Analysis and Discovery; Elsevier: Amsterdam, The Netherlands, 2006. [Google Scholar]
- Salmerón, R.; García, C.; García, J. Overcoming the inconsistences of the variance inflation factor: A redefined VIF and a test to detect statistical troubling multicollinearity. arXiv 2020, arXiv:2005.02245. [Google Scholar]
- Sijtsma, K.; Emons, W. Nonparametric Statistical Methods. Int. Encycl. Educ. 2010, 3, 347–353. [Google Scholar]
- Hoyle, R. Confirmatory Factor Analysis. In Handbook of Applied Multivariate Statistics and Mathematical Modeling; Tinsley, H.E.A., Brown, S.D., Eds.; Academic Press: San Diego, CA, USA, 2000; pp. 465–497. [Google Scholar]
- Suhr, D. Exploratory or confirmatory factor analysis? In The Reviewer’s Guide to Quantitative Methods in the Social Sciences; Hancock, G.R., Mueller, R.O., Eds.; Routledge: London, UK, 2006; pp. 111–142. [Google Scholar]
- Fornell, C.; Larcker, D.F. Evaluating structural equation models with unobservable variables and measurement error. J. Mark. Res. 1981, 18, 39–50. [Google Scholar] [CrossRef]
- Hair, J.F.; Anderson, R.E.; Tatham, R.L.; Black, W.C. Multivariate Data Analysis, 5th ed.; Prentice Hall: Upper Saddle River, NJ, USA, 2003. [Google Scholar]
- Field, A. Discovering Statistics Using SPSS; Sage Publications: Thousand Oaks, CA, USA, 2005. [Google Scholar]
- Kutner, M.H.; Nachtsheim, C.J.; Neter, J.; Li, W. Applied Linear Regression Models, 4th ed.; McGraw-Hill Irwin: Boston, MA, USA, 2004. [Google Scholar]
- O’Brien, R.M. A caution regarding rules of thumb for variance inflation factors. Qual. Quant. 2007, 41, 673–690. [Google Scholar] [CrossRef]
- Borenstein, M.; Hedges, L.V.; Higgins, J.P.; Rothstein, H.R. Introduction to Meta-Analysis; John Wiley & Sons: Hoboken, NJ, USA, 2021. [Google Scholar] [CrossRef]
- Cisco. The Top Cybersecurity Threats in 2022. Available online: https://umbrella.cisco.com/blog/top-cybersecurity-threats-2022 (accessed on 14 April 2022).
- Chen, H.; Hai, Y.; Tu, L.; Fan, J. Not All Information Security-Related Stresses Are Equal: The Effects of Challenge and Hindrance Stresses on Employees’ Compliance with Information Security Policies. Behav. Inf. Technol. 2023, 1–16. [Google Scholar] [CrossRef]
- Ament, C.; Jaeger, L. Unconscious on their own ignorance: Overconfidence in information security. J. Inf. Sci. 2017, 50, 254–272. [Google Scholar]
- Mady, A.; Gupta, S.; Warkentin, M. The effects of knowledge mechanisms on employees’ information security threat construal. Inf. Syst. J. 2023, 33, 790–841. [Google Scholar] [CrossRef]
- Azizollah, A.; Abolghasem, F.; Amin, D.M. The relationship between organizational culture and organizational commitment in Zahedan University of Medical Sciences. Glob. J. Health Sci. 2016, 8, 195. [Google Scholar]
- Kävrestad, J.; Nohlberg, M.; Furnell, S. A taxonomy of SETA methods and linkage to delivery preferences. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 2023, 54, 107–133. [Google Scholar]
- Hu, Q.; Dinev, T.; Hart, P.; Cooke, D. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decis. Sci. 2012, 43, 615–660. [Google Scholar]
- Jaeger, L.; Ament, C.; Eckhardt, A. The closer you get the more aware you become–a case study about psychological distance to information security incidents. In Proceedings of the ICIS 2017: Transforming Society with Digital Innovation, Seoul, Republic of Korea, 10-13 December 2017; Association for Information Systems: Atlanta, GA, USA, 2018; pp. 1–18. [Google Scholar]
- Kritzinger, E.; Da Veiga, A.; van Staden, W. Measuring organizational information security awareness in South Africa. Inf. Secur. J. A Glob. Perspect. 2023, 32, 120–133. [Google Scholar]
- Kaiser, H.F. An index of factorial simplicity. Psychometrika 1974, 39, 31–36. [Google Scholar]
- Fuller, C.M.; Simmering, M.J.; Atinc, G.; Atinc, Y.; Babin, B.J. Common methods variance detection in business research. J. Bus. Res. 2016, 69, 3192–3198. [Google Scholar]
- NIST. Computer Security Resource Center. Available online: https://csrc.nist.gov/glossary/term/cybersecurity (accessed on 2 August 2024).
- Björck, F.; Henkel, M.; Stirna, J.; Zdravkovic, J. Cyber resilience—Fundamentals for a definition. Adv. Intell. Syst. Comput. 2015, 353, 311–316. [Google Scholar] [CrossRef]
- Von Solms, R.; Van Niekerk, J. From information security to cyber security. Comput. Secur. 2013, 38, 97–102. [Google Scholar]
- Laudon, K.C.; Laudon, J.P. Management Information Systems, 12th ed.; Prentice-Hall: Upper Saddle River, NJ, USA, 2012; p. 44. [Google Scholar]
Reference | Research Objective | Self-Efficacy and/or Attitude | Information Security Awareness |
---|---|---|---|
[51] | Examining the social contextual effects on ISP compliance. Utilizing safety climate literature. | Self-efficacy positively affects compliant behavior. | Not a research construct, but it is concluded that policy guidelines and awareness program lessons should be applied when employees carry out work. |
[25] | Investigating rational factors that drive ISP compliance. Utilizing the theory of planned behavior. | Self-efficacy and attitude positively affect intention to comply with ISP. | Predecessor, positive effect on attitude and outcome beliefs. |
[52] | Explaining compliance intention, utilizing social learning theory. | Self-efficacy positively affects compliance intention. | Mediating role and directly positively affects compliance intention. |
[54] | Investigating the antecedents of privacy policy compliance, utilizing social learning theory. | Self-efficacy positively affects behavioral intent. | Not a research construct |
[38] | Significance of self-learning and awareness on attitudes toward ISP compliance. Utilizing theory of planned behavior. | Self-efficacy and attitude positively affect intention to comply. | General ISA and technology awareness: predecessors. Positively affects attitude and self-efficacy. |
[39] | Constructing a measurement tool for the prediction and explanation of ISP compliance. Based on the security acceptance model. | Self-efficacy posited to affect perceived usefulness of protection and perceived ease of use (mediating) towards compliance intention. | ISA distributed in awareness of information security, ISP, and SETA. Posited to influence mediating constructs. |
[41] | Factors influencing internet information security practices. Social cognitive theory utilization. | Self-efficacy explains a small amount in information security practices variance. | Predecessor, higher ISA in users report higher means in safe internet practices. |
[43] | Influence of subordinate guanxi and organizational commitment on information security behavior. | Self-efficacy positively affects compliant behavior. | Control variable on compliance behavior. |
[44] | Investigating various factors influencing information security compliance behavior. | Self-efficacy being one of the most significant factors on compliance behavior. | Technology awareness: mediator. Positively influences compliant behavior. |
[53] | Investigating how individual decision-making styles impact cybersecurity compliance behavior to enhance security measures. | Self-efficacy positively affects compliant behavior. | Security awareness has a direct positive effect on compliant behavior. |
Construct | Code | Items | Scale | Reference |
---|---|---|---|---|
ISA | ISA1 | I understand the importance of information security. | A | Adapted from [25] |
ISA2 | I am aware of the negative consequences of a threat. | |||
ISA3 | I am able to recognize a threat when I encounter one. | |||
ISA4 | I know what measures I can take to avoid negative consequences. | |||
ISA5 | I exhibit safe behavior during my daily routine. | |||
ISA6 | I exhibit safe behavior when faced with a threat. | |||
Negative Experience (NEG) | NEG1 | Have you had any issues with malware at any point in the last two years? (e.g., viruses, spyware, ransomware) | B | Adapted from [36] |
NEG2 | Have you been phished at any point in the last two years (in every possible form)? | |||
SETA | SETA1 | Security awareness activities increase my knowledge about information security. | A | [103] |
SETA2 | I understand the security awareness activities. | |||
SETA3 | I try to apply the knowledge of security awareness activities. | |||
InfoSec Goals (GOAL) | GOAL1 | I want to contribute to information security. | A | Adapted from [107] |
GOAL2 | I would like to handle information securely for information security. | |||
GOAL3 | The information security of the firm means a lot to me. | |||
Complexity (COMP) | COMP1 | I experience pressure in my work because I find security awareness topics complex. | A | Adapted from [115] |
COMP2 | I find it difficult to understand security awareness topics. | |||
COMP3 | I know too little about information security to keep the firm safe. | |||
SETA Design (SETAD) | SETAD1 | Communication tools help me to handle information securely. | A | Survey-specific |
SETAD2 | Gamification helps me to handle information securely. | |||
SETAD3 | Phishing simulations help me to handle information securely. | |||
SETAD4 | The amount of information that has been offered helps me to handle information securely. | |||
SETAD5 | The information that is offered is of good quality which helps me to deal with information in a secure way. | |||
Items for demography (AGE) and data segmentation (IT/MAN) | ||||
AGE | What is your age group? | C | ||
IT | Are you IT staff? | B | Survey specific | |
MAN | Are you management or non-management? |
Construct | Mean | Standard Deviation |
---|---|---|
SETA Program | 6.18 | 0.85 |
Security Complexity | 1.99 | 0.96 |
Negative Experience | 0.15 | 0.27 |
InfoSec Goals | 6.53 | 0.82 |
SETA Design | 5.46 | 1.14 |
Information Security Awareness | 6.35 | 0.64 |
Item | Mean | SD | |
---|---|---|---|
SETA1 | Security awareness activities increase my knowledge about information security. | 5.81 | 1.362 |
SETA2 | I understand the security awareness activities. | 6.38 | 0.960 |
SETA3 | I try to apply the knowledge of security awareness activities. | 6.35 | 0.975 |
COMP1 | I experience pressure in my work because I find security awareness topics complex. | 2.12 | 1.411 |
COMP2 | I find it difficult to understand security awareness topics. | 1.85 | 1.148 |
COMP3 | I know too little about information security to keep the firm safe. | 2.01 | 1.231 |
NEG1 | Have you had any issues with malware at any point in the last two years? (e.g., viruses, spyware, ransomware) | 0.10 | 0.304 |
NEG2 | Have you been phished at any point in the last two years (in every possible form)? | 0.19 | 0.395 |
GOAL1 | I want to contribute to the information security. | 6.65 | 0.816 |
GOAL2 | I would like to handle information securely for information security. | 6.66 | 0.775 |
GOAL3 | The information security of the firm means a lot to me. | 6.28 | 1.082 |
SETAD1 | Communication tools help me to handle information securely. | 5.64 | 1.334 |
SETAD2 | Gamification helps me to handle information securely. | 4.56 | 1.891 |
SETAD3 | Phishing simulations help me to handle information securely. | 6.04 | 1.456 |
SETAD4 | The amount of information that has been offered helps me to handle information securely. | 5.50 | 1.346 |
SETAD5 | The information that is offered is of good quality, which helps me deal with information in a secure way. | 5.57 | 1.296 |
ISA1 | I understand the importance of information security. | 6.83 | 0.599 |
ISA2 | I am aware of the negative consequences of a threat. | 6.74 | 0.710 |
ISA3 | I am able to recognize a threat when I encounter one. | 5.89 | 0.862 |
ISA4 | I know what measures I can take to avoid negative consequences. | 6.08 | 0.865 |
ISA5 | I exhibit safe behavior during my daily routine. | 6.28 | 0.816 |
ISA6 | I exhibit safe behavior when faced with a threat. | 6.25 | 0.840 |
Proposition | Β | SE | t-Value | p-Value | Result |
---|---|---|---|---|---|
NEG → ISA | 0.058 | 0.121 | 0.477 | Not supported | |
SETA → ISA | 0.136 | 0.057 | 2.402 | * | Supported |
InfoSec Goals → ISA | 0.222 | 0.072 | 3.089 | ** | Supported |
Complexity → ISA | −0.249 | 0.032 | −7.807 | *** | Supported |
SETA Design → ISA | −0.038 | 0.026 | −1.431 | Not supported |
Perspective 1: IT & Non-IT | IT | Non-IT | ||
β | p-Value | β | p-Value | |
NEG → ISA | 0.057 | 0.119 | ||
SETA → ISA | 0.147 | 0.104 | ||
InfoSec Goals → ISA | 0.251 | 0.297 | ||
Complexity → ISA | −0.252 | ** | −0.245 | ** |
SETA Design → ISA | 0.006 | −0.097 | ||
Perspective 2: Management & Non-Management | Management | Non-Management | ||
β | p-Value | β | p-Value | |
NEG → ISA | 0.353 | −0.40 | ||
SETA → ISA | 0.099 | 0.128 | ||
InfoSec Goals → ISA | 0.497 | 0.195 | ||
Complexity → ISA | −0.203 | * | −0.263 | ** |
SETA Design → ISA | −0.47 | −0.032 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Djotaroeno, M.; Beulen, E. Information Security Awareness in the Insurance Sector: Cognitive and Internal Factors and Combined Recommendations. Information 2024, 15, 505. https://doi.org/10.3390/info15080505
Djotaroeno M, Beulen E. Information Security Awareness in the Insurance Sector: Cognitive and Internal Factors and Combined Recommendations. Information. 2024; 15(8):505. https://doi.org/10.3390/info15080505
Chicago/Turabian StyleDjotaroeno, Morgan, and Erik Beulen. 2024. "Information Security Awareness in the Insurance Sector: Cognitive and Internal Factors and Combined Recommendations" Information 15, no. 8: 505. https://doi.org/10.3390/info15080505
APA StyleDjotaroeno, M., & Beulen, E. (2024). Information Security Awareness in the Insurance Sector: Cognitive and Internal Factors and Combined Recommendations. Information, 15(8), 505. https://doi.org/10.3390/info15080505