Purpose Researchers looking for ways to change the insecure behaviour that results in phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this paper is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises...

Purpose The use of mobile digital devices requires secure behaviour while using these devices. To influence this behaviour, one should be able to adequately measure the behaviour. The purpose of this study is to establish a model for measuring secure behaviour, and to use this model to measure...

Purpose The accelerated digital transformation and the growing emphasis on privacy, safety and security present ongoing challenges for cybersecurity experts. Alongside these challenges, the multidisciplinary, everchanging and complex nature of the cybersecurity domain has further challenged the...

Purpose Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new...

Purpose This paper aims to investigate how congruent keywords are used in information security policies (ISPs) to pinpoint and guide clear actionable advice and suggest a metric for measuring the quality of keyword use in ISPs. Design/methodology/approach A qualitative content analysis of 15...

Purpose Intellectual property (IP) theft is an increasing threat that can lead to large financial losses and reputational harm. These attacks are typically noticed only after the IP is stolen, which is usually too late. This paper aims to investigate the psychological profile and the...

Purpose This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice. Design/methodology/approach This study is based on an empirical study consisting of semistructured...

Purpose Research on employee non-/compliance to information security policies suffers from inconsistent results and there is an ongoing discussion about the dominating survey research methodology and its potential effect on these results. This study aims to add to this discussion by...

Purpose Cybersecurity attacks on critical infrastructures, businesses and nations are rising and have reached the interest of mainstream media and the public’s consciousness. Despite this increased awareness, humans are still considered the weakest link in the defense against an unknown...

Purpose This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs). Design/methodology/approach This study used a design science research approach, drawing on design knowledge from the field of...