Investigating personal determinants of phishing and the effect of national culture. (8th June 2015)
- Record Type:
- Journal Article
- Title:
- Investigating personal determinants of phishing and the effect of national culture. (8th June 2015)
- Main Title:
- Investigating personal determinants of phishing and the effect of national culture
- Authors:
- Rocha Flores, Waldo
Holm, Hannes
Nohlberg, Marcus
Ekstedt, Mathias - Abstract:
- Abstract : Purpose: – The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Design/methodology/approach: – To measure potential determinants, a survey was distributed to 2, 099 employees of nine organizations in Sweden, USA and India. Then, the authors conducted unannounced phishing exercises, in which a phishing attack targeted the same sample. Findings: – Intention to resist social engineering, general information security awareness, formal IS training and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees' observed that phishing behavior differs between Swedish, US and Indian employees in 6 out of 15 cases. Research limitations/implications: – The identified determinants had, even though not strong, a significant positive correlation. This suggests that more work needs to be done to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, differences based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggestsAbstract : Purpose: – The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Design/methodology/approach: – To measure potential determinants, a survey was distributed to 2, 099 employees of nine organizations in Sweden, USA and India. Then, the authors conducted unannounced phishing exercises, in which a phishing attack targeted the same sample. Findings: – Intention to resist social engineering, general information security awareness, formal IS training and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees' observed that phishing behavior differs between Swedish, US and Indian employees in 6 out of 15 cases. Research limitations/implications: – The identified determinants had, even though not strong, a significant positive correlation. This suggests that more work needs to be done to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, differences based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of the research is therefore to further explore the generalizability of the findings by collecting data from other nations with similar cultures as Sweden, USA and India. Originality/value: – Using direct observations of employees' security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses both these issues. … (more)
- Is Part Of:
- Information and computer security. Volume 23:Number 2(2015)
- Journal:
- Information and computer security
- Issue:
- Volume 23:Number 2(2015)
- Issue Display:
- Volume 23, Issue 2 (2015)
- Year:
- 2015
- Volume:
- 23
- Issue:
- 2
- Issue Sort Value:
- 2015-0023-0002-0000
- Page Start:
- 178
- Page End:
- 199
- Publication Date:
- 2015-06-08
- Subjects:
- Cultural differences -- Social engineering -- Direct observation -- Phishing -- Security behavior
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-05-2014-0029 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8134.xml