This study explores the status of information security culture (ISC) of small and medium-sized enterprises (SMEs) in sub-Saharan Africa (SSA) using Tanzania as a case. To assess the ISC of SMEs, measurement criteria from organizational and environmental dimensions were compiled from the literature. A combination of quantitative and qualitative methods was employed to collect data. The ISC dimensions were assessed using surveys collected using both paper and online sources, from 39 SMEs in the roundtable and five focus group discussions. The findings indicated lack of information security policy, absence of security education, training and awareness (SETA) programs, lack of human resource, poor risk assessment, and management and lack of national information security culture initiatives. These findings show the immaturity of ISC in SMEs in Tanzania. The results and implications of these findings suggest further research and intervention is necessary to institutionalize ISC in the SME environment.
The COVID-19 pandemic has forced individuals to adopt online applications and technologies, as well as remote working patterns. However, with changes in technology and working patterns, new vulnerabilities are likely to arise. Cybersecurity threats have rapidly evolved to exploit uncertainty during the pandemic, and users need to apply careful judgment and vigilance to avoid becoming the victim of a cyber-attack. This paper explores the factors that motivate security behaviour, considering the current environmental uncertainty. An adapted model, primarily based on the Protection Motivation Theory (PMT), is proposed and evaluated using data collected from an online survey of 222 respondents from a Higher Education institution. Data analysis was performed using Partial Least Squares Structural Equation Modelling (PLS-SEM). The results confirm the applicability of PMT in the security context. Respondents' behavioural intention, perceived threat vulnerability, response cost, response efficacy, security habits, and subjective norm predicted self-reported security behaviour. In contrast, environmental uncertainty, attitude towards policy compliance, self-efficacy and perceived threat severity did not significantly impact behavioural intention. The results show that respondents were able to cope with environmental uncertainty and maintain security behaviour.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.