Abstract
Human behaviors and attitudes play a significant role in cybersecurity. However, studies to quantify the impact of such behaviors and attitudes are scarce, and they are not always considered when developing mitigation strategies. To compensate for this, we have looked into a large sample of employees with different levels of expertise and backgrounds across a variety of industrial sectors and organizations. We have found that age and job role constitute the main human factors associated with social media cybersecurity risks. We can confirm that the youngest employees are the most risk prone within an organization, and the employees working in the business and financial sectors are the ones who face the highest amount of cybersecurity risk. In addition, our investigation shows that employees with less than two years of working experience, and those who are at least of age 55, need more cybersecurity training, due to their lack of awareness on the subject. Our work has led us to formulate a risk equation which can assist policymakers and training providers in defining countermeasures against risks and prioritize the training for those who need it the most.
| Original language | English |
|---|---|
| Title of host publication | Human Aspects of Information Security and Assurance |
| Subtitle of host publication | 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings |
| Publisher | Springer |
| Pages | 349-363 |
| Number of pages | 15 |
| ISBN (Electronic) | 978-3-031-38530-8 |
| ISBN (Print) | 978-3-031-38532-2 |
| DOIs | |
| Publication status | Published - 26 Jul 2023 |