Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers (2404.04725v1)

Published 6 Apr 2024 in cs.CR

Abstract: Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N=283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats and solutions are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with IT) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. A Study of Distinguishing Factors between SME Adopters versus Non-Adopters of Cybersecurity Standard. International Journal of Computing and Digital Systems 13, 1 (2023), 189–198. https://doi.org/10.12785/ijcds/130153
  2. Cybercrime in the context of the digital age: analysis of threats, legal challenges and strategies. Multidisciplinary Science Journal 6 (2024), e2024ss0212. https://doi.org/10.31893/multiscience.2024ss0212
  3. A quantification mechanism for assessing adherence to information security governance guidelines. Information & Computer Security 30, 4 (2022), 517–548. https://doi.org/10.1108/ICS-08-2021-0112
  4. Utilising online eye-tracking to discern the impacts of cultural backgrounds on fake and real news decision-making. Frontiers in Psychology 13 (2022), 999780. https://doi.org/10.3389/fpsyg.2022.999780
  5. CERT-EU. 2024. Threat Landscape Report 2023 - Year Review. Technical Report. CERT-EU. 1–21 pages.
  6. Justin D Cochran and Stuart A Napshin. 2021. Deepfakes: awareness, concerns, and platform accountability. Cyberpsychology, Behavior, and Social Networking 24, 3 (2021), 164–172. https://doi.org/10.1089/cyber.2020.0100
  7. Human risk factors in cybersecurity: Experimental assessment of an academic human attack surface. Interaction Studies 24, 3 (2023), 437–463. https://doi.org/10.1075/is.22053.cuc
  8. Assessing the Role of Cyberbiosecurity in Agriculture: A Case Study. Frontiers in Bioengineering and Biotechnology 9 (2021), 737927. https://doi.org/10.3389/fbioe.2021.737927
  9. Maximizing the benefits from sharing cyber threat intelligence by government agencies and departments. Journal of Cybersecurity 9, 1 (2023), tyad003. https://doi.org/10.1093/cybsec/tyad003
  10. Learning from safety science: A way forward for studying cybersecurity incidents in organizations. Computers & Security 134 (2023), 103435. https://doi.org/10.1016/j.cose.2023.103435
  11. ENISA. 2023. ENISA Threat Landscape 2023. Technical Report. ENISA. 1–160 pages. https://doi.org/10.2824/782573
  12. Balancing software and training requirements for information security. Computers & Security 134 (2023), 103467:1–13. https://doi.org/10.1016/j.cose.2023.103467
  13. Miguel Alberto Gomez and Ryan Shandler. 2024. Trust at Risk: The Effect of Proximity to Cyberattacks. Journal of Global Security Studies 9, 2 (2024), ogae002. https://doi.org/10.1093/jogss/ogae002
  14. Systematically Understanding Cybersecurity Economics: A Survey. Sustainability 13, 24 (2021), 136771:1–28. https://doi.org/10.3390/su132413677
  15. Why People Replace their Aging Smart Devices: A Push–Pull–Mooring Perspective. Computers & Security 130 (2023), 103258:1–22. https://doi.org/10.1016/j.cose.2023.103258
  16. Validation of Cyber Test for Future Soldiers: A Test Battery for the Selection of Cyber Soldiers. Frontiers in Psychology 13 (2022), 868311. https://doi.org/10.3389/fpsyg.2022.868311
  17. Cyber security threats: A never-ending challenge for e-commerce. Frontiers in psychology 13 (2022), 927398. https://doi.org/10.3389/fpsyg.2022.927398
  18. Cyber-resiliency for digital enterprises: a strategic leadership perspective. IEEE Transactions on Engineering Management 69, 6 (2020), 3757–3770. https://doi.org/10.1109/TEM.2020.2996175
  19. Security and privacy oriented information security culture (ISC): Explaining unauthorized access to healthcare data by nursing employees. Computers & Security 136 (2024), 103489:1–14. https://doi.org/10.1016/j.cose.2023.103489
  20. Moses Moyo and Marianne Loock. 2021. Conceptualising a Cloud Business Intelligence Security Evaluation Framework for Small and Medium Enterprises in Small Towns of the Limpopo Province, South Africa. Information 12, 3 (2021), 128:1–27. https://doi.org/10.3390/info12030128
  21. Moving towards agile cybersecurity incident response: A case study exploring the enabling role of big data analytics-embedded dynamic capabilities. Computers & Security 135 (2023), 103525. https://doi.org/10.1016/j.cose.2023.103525
  22. Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception. Journal of Cybersecurity 9, 1 (2023), tyad018. https://doi.org/10.1093/cybsec/tyad018
  23. Cybersecurity in UK Universities: mapping (or managing) threat intelligence sharing within the higher education sector. Journal of Cybersecurity 9, 1 (2023), tyad019. https://doi.org/10.1093/cybsec/tyad019
  24. Learning about simulated adversaries from human defenders using interactive cyber-defense games. Journal of Cybersecurity 9, 1 (2023), tyad022. https://doi.org/10.1093/cybsec/tyad022
  25. Davy Preuveneers and Wouter Joosen. 2023. Privacy-preserving correlation of cross-organizational cyber threat intelligence with private graph intersections. Computers & Security 135 (2023), 103505. https://doi.org/10.1016/j.cose.2023.103505
  26. Exploration of the impact of cybersecurity awareness on small and medium enterprises (SMEs) in Wales using intelligent software to combat cybercrime. Computers 11, 12 (2022), 174. https://doi.org/10.3390/computers11120174
  27. Andrew Reeves and Debi Ashenden. 2023. Understanding decision making in security operations centres: building the case for cyber deception technology. Frontiers in Psychology 14 (2023), 1165705. https://doi.org/10.3389/fpsyg.2023.1165705
  28. Current Perspectives on Securing Critical Infrastructures’ Supply Chains. IEEE Security & Privacy 21, 4 (2023), 29–38. https://doi.org/10.1109/MSEC.2023.3247946
  29. Hamza Fatih Sapanca and Sezer Kanbul. 2022. Risk management in digitalized educational environments: Teachers’ information security awareness levels. Frontiers in Psychology 13 (2022), 986561. https://doi.org/10.3389/fpsyg.2022.986561
  30. Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review. Telematics and Informatics Reports 14 (2024), 100130. https://doi.org/10.1016/j.teler.2024.100130
  31. Xiedong Song and Qinmin Ma. 2024. Intrusion detection using federated attention neural network for edge enabled internet of things. Journal of Grid Computing 22, 1 (2024), 1–17. https://doi.org/10.1007/s10723-023-09725-3
  32. Ian Thornton-Trump. 2023. GOOD, BETTER & THE BEST SECURITY. EDPACS 68, 2 (2023), 21–27. https://doi.org/10.1080/07366981.2023.2210009
  33. Phishing susceptibility across industries: The differential impact of influence techniques. Computers & Security 135 (2023), 103487. https://doi.org/10.1016/j.cose.2023.103487
  34. William J. Triplett. 2022. Addressing Human Factors in Cybersecurity Leadership. Journal of Cybersecurity and Privacy 2, 3 (2022), 573–586. https://doi.org/10.3390/jcp2030029
  35. Ransomware-Bitcoin Threat Intelligence Sharing Using Structured Threat Information Expression. IEEE Security & Privacy 21, 3 (2023), 47–57. https://doi.org/10.1109/MSEC.2022.3166282
  36. Explaining information seeking intentions: Insights from a Slovenian social engineering awareness campaign. Computers & Security 125 (2023), 103038:1–12. https://doi.org/10.1016/j.cose.2022.103038
  37. Employees’ in-role and extra-role information security behaviors from the P-E fit perspective. Computers & Security 133 (2023), 103390. https://doi.org/10.1016/j.cose.2023.103390
  38. Qualitative study on domestic social robot adoption and associated security concerns among older adults in Slovenia. Frontiers in Psychology 15 (2024), 1343077. https://doi.org/10.3389/fpsyg.2024.1343077
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (2)
  1. Simon Vrhovec (7 papers)
  2. Blaž Markelj (1 paper)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now