Employees’ cybersecurity awareness and behaviour in South African higher education institutions
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.advisor | Steyn, A.A. (Adriana Aletta) | |
| dc.contributor.postgraduate | Yusuf, Abdullahi Abiodun | |
| dc.date.accessioned | 2024-07-19T09:52:37Z | |
| dc.date.available | 2024-07-19T09:52:37Z | |
| dc.date.created | 2024-09 | |
| dc.date.issued | 2024-05 | |
| dc.description | Dissertation (MIT (Information Systems))--University of Pretoria 2024. | en_US |
| dc.description.abstract | The widespread cyberattacks necessitate robust cybersecurity practices within South African higher education institutions (HEIs). System users, particularly employees, are often the inadvertent major entry for cyberattacks, highlighting the critical need for employees’ cybersecurity behaviour to adhere to ethical guidelines and adapt to evolving cyber threats. This study investigates how South African HEIs’ cybersecurity environment, encompassing factors like cybersecurity awareness, policies and prior employee experience, influences employee cybersecurity behaviour. Building on the protection motivation theory and the theory of planned behaviour, the study developed a conceptual model that integrates and explores the impact of cybersecurity awareness, policy awareness and experience within the institutional context on employee attitudes, subjective norms, perceived behavioural control, threat appraisal, and self-efficacy, ultimately leading to cybersecurity-compliant behaviour. This model was tested using data from a survey of 283 employees in South African HEIs. Structural equation modelling, ANOVA and post hoc procedures are employed to test the proposed hypotheses. The findings indicate that employees are more competent in managing cybersecurity tasks when they are aware of or know their institutions’ cybersecurity policies than those unaware. The findings show that institutions’ cybersecurity environment, including cybersecurity awareness, policy and experience, positively influences employees’ attitudes, subjective norms and perceived behavioural control, which, in turn, positively contribute to their cybersecurity-compliant behaviour. Similarly, perceived behavioural control, threat appraisal and self-efficacy directly and significantly impact cybersecurity-compliant behaviour. These results highlight the importance of fostering a comprehensive South African HEIs cybersecurity environment, highlighting awareness training, transparent policies, practical experience, and efforts to cultivate empowerment sense amongst employees regarding cybersecurity practices. This study contributes to advancing knowledge on cybersecurity behaviour in South African HEIs by offering insights specific to the institutional cybersecurity environment and ultimately fostering a more secure cybersecurity structure within these institutions. | en_US |
| dc.description.availability | Unrestricted | en_US |
| dc.description.degree | MIT (Information Systems) | en_US |
| dc.description.department | Informatics | en_US |
| dc.description.faculty | Faculty of Engineering, Built Environment and Information Technology | en_US |
| dc.description.sdg | SDG-04: Quality Education | en_US |
| dc.description.sdg | SDG-09: Industry, innovation and infrastructure | en_US |
| dc.description.sdg | SDG-16: Peace,justice and strong institutions | en_US |
| dc.description.sdg | SDG-17: Partnerships for the goals | en_US |
| dc.identifier.citation | * | en_US |
| dc.identifier.doi | https://doi.org/10.25403/UPresearchdata.26311141 | en_US |
| dc.identifier.other | S2024 | en_US |
| dc.identifier.uri | http://hdl.handle.net/2263/97127 | |
| dc.identifier.uri | DOI: https://doi.org/10.25403/UPresearchdata.26311141.v1 | |
| dc.language.iso | en | en_US |
| dc.publisher | University of Pretoria | |
| dc.rights | © 2023 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. | |
| dc.subject | UCTD | en_US |
| dc.subject | Sustainable Development Goals (SDGs) | en_US |
| dc.subject | South African | en_US |
| dc.subject | Cybersecurity | en_US |
| dc.subject | Cybersecurity policies Awareness | en_US |
| dc.subject | Cybersecurity awareness | en_US |
| dc.subject | Cybersecurity behaviour | en_US |
| dc.subject | Theory of planned behaviour | en_US |
| dc.subject | Higher education institutions | en_US |
| dc.subject | Cybersecurity policies | en_US |
| dc.subject | Protection motivation theory | en_US |
| dc.subject | Institutional cybersecurity environment | en_US |
| dc.title | Employees’ cybersecurity awareness and behaviour in South African higher education institutions | en_US |
| dc.type | Dissertation | en_US |
