Abstract:
PURPOSE :
The purpose of the study is to assess the phishing susceptibility of individuals in South Africa, across industries related to financial services, education, legal services, and fraud- and forensic businesses.
DESIGN/METHODOLOGY/APPROACH :
This was an empirical, quantitative research study that collected anonymised data on simulated phishing attacks, using a survey. The results were statistically analysed to identify factors that were significantly related to the phishing score generated.
FINDINGS :
This was the first South African study to develop a phishing susceptibility score. The following demographic categories demonstrated a higher likelihood of phishing susceptibility: the legal industry; Gen Z and Alpha; females; and participants with matric as the highest educational level. The only two variables that were found to be significantly related to the phishing susceptibility score were gender (with females more susceptible) and the variable relating to prior reporting of phishing attacks (rendering such reporters less susceptible).
RESEARCH LIMITATIONS/IMPLICATIONS :
The data collected from the online survey represents the perceptions of the individual respondents. The results of this research are valuable, not only to the participants in this study but also to organisations within other industries, as it highlights phishing susceptibility risks.
ORIGINALITY/VALUE :
This study provides insight into factors influencing phishing susceptibility. For future research purposes, this study could be replicated within other industries in South Africa.
