Purpose Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees’ interactions within an organization’s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance. Design/methodology/approach This study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework. Findings The study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users’ security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the “pain points” of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance. Originality/value The study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.
In a networked global economy, cyber security threats have accelerated at an enormous rate. The security infrastructure at organisational and national levels are often ineffective against these threats. As a result, academics have focused their research on information security risks and technical perspectives to enhance human-related security measures. To further extend this trend of research, this study examines the effects of three knowledge sharing methods on user security practices: security training, social media communication, and local security experts (non-IT staff). The study adopts a phenomenological method employing in-depth focus group interviews with 30 participants from eight organisations located in Ho Chi Minh city, Vietnam. The study expands on understanding factors contributing to self-efficacy and security practice through various knowledge sharing channels. Current methods of periodical training and broadcast emails were found to be less effective in encouraging participants to develop security self-efficacy and were often ignored. Security knowledge sharing through social media and local experts were identified as supplementary methods in maintaining employees’ security awareness. In particular, social media is suggested as a preferred channel for disseminating urgent security alerts and seeking peer advice. Local security experts are praised for providing timely and contextualised security advice where member trust is needed. This study suggests that provisions of contemporary channels for security information and knowledge sharing between organisations and employees can gain regular attention from employees, hence leading to more effective security practices.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.