Employees’ behavior in phishing attacks: what individual, organizational and technological factors matter?

Shahbaznezhad, Hamidreza, Kolini, Farzan and Rashidirad, Mona (2020) Employees’ behavior in phishing attacks: what individual, organizational and technological factors matter? Journal of Computer Information Systems. pp. 1-12. ISSN 0887-4417

[img] PDF - Accepted Version
Restricted to SRO admin only until 30 October 2021.

Download (526kB)

Abstract

Phishing, as a social engineering attack has become an increasing threat to organizations in cyberspace. To prevent this, a well-designed continuous security training and educational program needs to be established and enforced in organizations. Prior studies have focused on phishing attack from a limited view of technology countermeasure, e-mail’s characteristic, information processing, and securing individual’s behaviors to tackle existing gaps. In this research, we developed a theoretical model of factors that influence users in the clicking of phishing e-mails from a broader Socio-Technical perspective. We applied Protection Motivation Theory (PMT) and habit theory for investigating individual factors, Theory of Planned Behavior (TPB) and Deterrence Theory for investigating organizational and technological factors accordingly. The findings revealed habit and protective countermeasure positively affect clicking on phishing e-mails, whereas, no effect of the procedural countermeasures was evident. The results of this study can be used to design phishing simulation exercise and embedded training for vulnerable employees.

Item Type: Article
Schools and Departments: University of Sussex Business School > Strategy and Marketing
SWORD Depositor: Mx Elements Account
Depositing User: Mx Elements Account
Date Deposited: 02 Sep 2020 07:04
Last Modified: 16 Nov 2020 10:30
URI: http://sro.sussex.ac.uk/id/eprint/93462

View download statistics for this item

📧 Request an update