- Title
- The role of optimism bias in susceptibility to phishing attacks in a financial services organisation
- Creator
- Owen, Morné
- Subject
- Mixed methods research
- Subject
- Phishing
- Subject
- Optimism bias
- Subject
- Information security
- Subject
- Information storage and retrieval systems Financial services industry
- Subject
- Risk perception
- Date Issued
- 2023-03-31
- Date
- 2023-03-31
- Type
- Academic theses
- Type
- Doctoral theses
- Type
- text
- Identifier
- http://hdl.handle.net/10962/419257
- Identifier
- vital:71629
- Identifier
- DOI 10.21504/10962/419257
- Description
- Researchers looking for ways to change the insecure behaviour that results in successful phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this study is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, in order to ensure secure behaviour. Research is considered that has focused on issues such as personality traits, trust, attitude and information security awareness training (ISAT). We used a mixed methods design to investigate OB behaviour, building on a recontextualised version of the theory of planned behaviour to evaluate the influence that OB has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses (systematic random sampling method) from the employees of a financial services organisation using partial least squares (PLS) path modelling. To evaluate OB behaviour, we conducted an experiment consisting of three ISAT sessions and three simulated phishing attacks. After each phishing experiment, we conducted interviews to gain a better understanding of why people succumbed to the attacks. It was subsequently found that overly optimistic individuals are inclined to behave insecurely, while factors such as attitude and trust significantly influence the intention to behave securely. Our contribution to practice is to enhance the effectiveness of ISAT by identifying and addressing the OB weakness to deliver a more successful training outcome. Our contribution to theory enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and, through research, offering a contextual explanation of the resultant behaviour.
- Description
- Thesis (PhD) -- Faculty of Commerce, Information Systems, 2023
- Description
- Navorsers op soek na ‘n antwoord om onveilige gedrag te verander wat lei na uitvissing het verskeie moontlike redes oorweeg vir sulke gedrag. Daarom is die doel van hierdie verhandeling om die rol van optimistiese vooroordeel (OB - gedefinieer as 'n kognitiewe vooroordeel) te verstaan, wat te optimistiese of onrealistiese individue kenmerk om veilige gedrag te verseker. Navorsing was oorweeg wat gefokus het op kwessies soos persoonlikheidseienskappe, vertroue, gesindheid en inligtingsekuriteitsbewustheidsopleiding (ISAT). Die navorser het gemengde metodes gebruik om OB-gedrag te ondersoek. Daar was voortgebou op 'n gerekontekstualiseerde weergawe van die theory of planned behaviour om die invloed wat OB op uitvissing-vatbaarheid het, te evalueer. Om die data te modelleer, is 'n analise gedoen waar 226 opname antwoorde verkry is van 'n finansiële dienste organisasie en is partial least squares (PLS) path modelling gebruik. Om OB-gedrag te evalueer, het ons 'n eksperiment uitgevoer wat bestaan uit drie ISAT-sessies en drie gesimuleerde uitvissing-aanvalle. Na elke uitvissing-eksperiment het ons onderhoude gevoer om 'n beter begrip te kry waarom mense aan die aanvalle geswig het. Te optimistiese individue is geneig om onveilig op te tree, terwyl faktore soos gesindheid en vertroue die voorneme om veilig op te tree, aansienlik beïnvloed het. Die studie se bydrae tot die praktyk is om die doeltreffendheid van ISAT te verbeter deur die OBswakheid te identifiseer en aan te spreek om 'n meer suksesvolle opleidingsuitkoms te lewer. Verder verryk die studie die Inligtingstelsels-literatuur deur die effek van 'n kognitiewe vooroordeel op uitvissing-vatbaarheid te evalueer en deur navorsing bied dit 'n kontekstuele verduideliking van die gevolglike gedrag.
- Format
- computer
- Format
- online resource
- Format
- application/pdf
- Format
- 1 online resource (279 pages)
- Format
- Publisher
- Rhodes University
- Publisher
- Faculty of Commerce, Information Systems
- Language
- English
- Rights
- Owen, Morné
- Rights
- Use of this resource is governed by the terms and conditions of the Creative Commons "Attribution-NonCommercial-ShareAlike" License (http://creativecommons.org/licenses/by-nc-sa/2.0/)
- Hits: 571
- Visitors: 578
- Downloads: 35
Collections
RU Department of Information Systems
| Thumbnail | File | Description | Size | Format | |||
|---|---|---|---|---|---|---|---|
| View Details Download | SOURCE1 | OWEN-PHD-TR23-35.pdf | 2 MB | Adobe Acrobat PDF | View Details Download |