izpis_h1_title_alt

The impact of formal and informal organizational norms on susceptibility to phishing : combining survey and field experiment data
ID Petrič, Gregor (Author), ID Roer, Kai (Author)

.pdfPDF - Presentation file, Download (1,91 MB)
MD5: 6416D17D76F1CC58013762DD94855AC5
URLURL - Source URL, Visit https://www.sciencedirect.com/science/article/pii/S0736585321002057 This link opens in a new window

Abstract
Phishing is one of the most common forms of social engineering that exploits human vulnerabilities and causes immense personal and organizational costs. This study advances the research on the factors of susceptibility to phishing in three regards. First, it addressed the role of organizational norms in susceptibility to phishing. Second, it aimed for high external and ecological validity by combining survey and phishing experiments data on large samples of organizations and their employees. Third, it employed a two-level design that considered explanatory variables at the individual and organizational levels. The study chiefly explored how formal, descriptive, injunctive, and personal norms influence employee interactions with phishing emails. To this end, an explanatory model was tested on 83,269 employees in 510 organizations using a multilevel modeling approach. Clicking on links in simulated phishing emails and entering personal information in simulated fraudulent websites were deemed as two types of susceptibility to phishing. Formal norms and collectively shared injunctive norms were found to exert the strongest effects on susceptibility to phishing; in contrast, personal norms exert a weak influence, and descriptive norms can result in a boomerang effect. These results have significant theoretical and practical implications for both researchers and managers seeking organizational-level mechanisms to reduce the threat of phishing emails.

Language:English
Keywords:information security, norms, human factors, social engineering, phishing, organizational behavior
Work type:Article
Typology:1.01 - Original Scientific Article
Organization:FDV - Faculty of Social Sciences
Publication status:Published
Publication version:Version of Record
Year:2022
Number of pages:15 str.
Numbering:Vol. 67, art. 101766
PID:20.500.12556/RUL-136392 This link opens in a new window
UDC:005.7:004.738.5:343.52
ISSN on article:1879-324X
DOI:10.1016/j.tele.2021.101766 This link opens in a new window
COBISS.SI-ID:106109699 This link opens in a new window
Publication date in RUL:28.04.2022
Views:749
Downloads:256
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Record is a part of a journal

Title:Telematics and informatics
Shortened title:Telemat. inform.
Publisher:Elsevier
ISSN:1879-324X
COBISS.SI-ID:23250181 This link opens in a new window

Licences

License:CC BY 4.0, Creative Commons Attribution 4.0 International
Link:http://creativecommons.org/licenses/by/4.0/
Description:This is the standard Creative Commons license that gives others maximum freedom to do what they want with the work as long as they credit the author.

Secondary language

Language:Slovenian
Keywords:informacijsko-komunikacijska tehnologija, varnost, phishing prevare, organizacijsko vedenje

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back