Employees’ cybersecurity awareness and behaviour in South African higher education institutions

dc.contributor.advisorSteyn, A.A. (Adriana Aletta)
dc.contributor.emailu20800917@tuks.co.zaen_US
dc.contributor.postgraduateYusuf, Abdullahi Abiodun
dc.date.accessioned2024-07-19T09:52:37Z
dc.date.available2024-07-19T09:52:37Z
dc.date.created2024-09
dc.date.issued2024-05
dc.descriptionDissertation (MIT (Information Systems))--University of Pretoria 2024.en_US
dc.description.abstractThe widespread cyberattacks necessitate robust cybersecurity practices within South African higher education institutions (HEIs). System users, particularly employees, are often the inadvertent major entry for cyberattacks, highlighting the critical need for employees’ cybersecurity behaviour to adhere to ethical guidelines and adapt to evolving cyber threats. This study investigates how South African HEIs’ cybersecurity environment, encompassing factors like cybersecurity awareness, policies and prior employee experience, influences employee cybersecurity behaviour. Building on the protection motivation theory and the theory of planned behaviour, the study developed a conceptual model that integrates and explores the impact of cybersecurity awareness, policy awareness and experience within the institutional context on employee attitudes, subjective norms, perceived behavioural control, threat appraisal, and self-efficacy, ultimately leading to cybersecurity-compliant behaviour. This model was tested using data from a survey of 283 employees in South African HEIs. Structural equation modelling, ANOVA and post hoc procedures are employed to test the proposed hypotheses. The findings indicate that employees are more competent in managing cybersecurity tasks when they are aware of or know their institutions’ cybersecurity policies than those unaware. The findings show that institutions’ cybersecurity environment, including cybersecurity awareness, policy and experience, positively influences employees’ attitudes, subjective norms and perceived behavioural control, which, in turn, positively contribute to their cybersecurity-compliant behaviour. Similarly, perceived behavioural control, threat appraisal and self-efficacy directly and significantly impact cybersecurity-compliant behaviour. These results highlight the importance of fostering a comprehensive South African HEIs cybersecurity environment, highlighting awareness training, transparent policies, practical experience, and efforts to cultivate empowerment sense amongst employees regarding cybersecurity practices. This study contributes to advancing knowledge on cybersecurity behaviour in South African HEIs by offering insights specific to the institutional cybersecurity environment and ultimately fostering a more secure cybersecurity structure within these institutions.en_US
dc.description.availabilityUnrestricteden_US
dc.description.degreeMIT (Information Systems)en_US
dc.description.departmentInformaticsen_US
dc.description.facultyFaculty of Engineering, Built Environment and Information Technologyen_US
dc.description.sdgSDG-04: Quality Educationen_US
dc.description.sdgSDG-09: Industry, innovation and infrastructureen_US
dc.description.sdgSDG-16: Peace,justice and strong institutionsen_US
dc.description.sdgSDG-17: Partnerships for the goalsen_US
dc.identifier.citation*en_US
dc.identifier.doihttps://doi.org/10.25403/UPresearchdata.26311141en_US
dc.identifier.otherS2024en_US
dc.identifier.urihttp://hdl.handle.net/2263/97127
dc.identifier.uriDOI: https://doi.org/10.25403/UPresearchdata.26311141.v1
dc.language.isoenen_US
dc.publisherUniversity of Pretoria
dc.rights© 2023 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria.
dc.subjectUCTDen_US
dc.subjectSustainable Development Goals (SDGs)en_US
dc.subjectSouth Africanen_US
dc.subjectCybersecurityen_US
dc.subjectCybersecurity policies Awarenessen_US
dc.subjectCybersecurity awarenessen_US
dc.subjectCybersecurity behaviouren_US
dc.subjectTheory of planned behaviouren_US
dc.subjectHigher education institutionsen_US
dc.subjectCybersecurity policiesen_US
dc.subjectProtection motivation theoryen_US
dc.subjectInstitutional cybersecurity environmenten_US
dc.titleEmployees’ cybersecurity awareness and behaviour in South African higher education institutionsen_US
dc.typeDissertationen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Yusuf_Employees’_2024.pdf
Size:
1.7 MB
Format:
Adobe Portable Document Format
Description:
Dissertation

License bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: