Skip to main content

Raising Awareness of CEO Fraud in Germany: Emotionally Engaging Narratives Are a MUST for Long-Term Efficacy

  • Conference paper
  • First Online:
Information Technology and Systems (ICITS 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 691))

Included in the following conference series:

Abstract

This article illustrates the need for a different approach to awareness-raising as a means to generate more cybersecurity in companies. Important findings from the applied scientific literature on the specific topic of CEO fraud attacks are summarized, and two game-based learning scenarios from a current German project for small and medium-sized enterprises (SMEs) are presented. These scenarios have been developed on the basis of insights from the realm of psychology. It is important to arouse positive emotions in employees with these awareness-raising measures in order to create a lasting effect. This, in turn, gives rise to serious learning games with an emotional design, which includes discursive team exchanges, opportunities for individual identification, appealing multimedia elements, and storytelling. The design of these stories—whether they are analog or digital—and employee investment in them are of central importance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chen D, Wang F, Xing C (2021) Financial reporting fraud and CEO pay-performance incentives. J Manag Sci Eng 6(2):197–210

    Google Scholar 

  2. Chen J, Cumming D, Hou W, Lee E (2016) CEO accountability for corporate fraud: evidence from the split share structure reform in China. J Bus Ethics 138(4):787–806

    Article  Google Scholar 

  3. Troy C, Smith KG, Domino MA (2011) CEO demographics and accounting fraud: who is more likely to rationalize illegal acts? Strateg Organ 9(4):259–282

    Article  Google Scholar 

  4. Masruroh S, Carolina A (2022) Beneish model: detection of indications of financial statement fraud using CEO characteristics. Asia Pac Fraud J 7(1):85–101

    Article  Google Scholar 

  5. Chidambaran NK, Kedia S, Prabhala N (2011) CEO director connections and corporate fraud. Fordham University Schools of Business Research Paper (1787500)

    Google Scholar 

  6. Nistala JS, Aggarwal D (2022) YES Bank Fraud: examining the softer underbelly of the fraud from a behavioral model. J Forensic Account Res 7(1):133–150

    Google Scholar 

  7. Allianz für Sicherheit Homepage. https://www.allianz-fuer-cybersicherheit.de/SharedDocs/Downloads/Webs/ACS/DE/partner/20161129_expkr_statement02.pdf. Accessed 23 Aug 2022

  8. Buss S (2017) Identitätsmissbrauch-Strafbarkeit beim CEO Fraud. Comput und Recht 2017:410–416

    Google Scholar 

  9. Proofpoint Homepage. https://www.proofpoint.com/us/threat-reference/ceo-fraud. Accessed 22 Aug 2022

  10. European Union Agency for Cybersecurity (ENISA) Homepage, 10 February 2016. https://www.enisa.europa.eu/publications/info-notes/how-to-avoid-losing-a-lot-of-money-to-ceo-fraud. Accessed 23 Apr 2021

  11. KnowBe4 (ed): CEO Fraud–Schützen Sie Ihr Unternehmen gezielt gegen Social Engineering/CEO Fraud—Protect your company against social engineering in a targeted manner. Whitepaper. https://www.knowbe4.de/wissen/whitepaper/ceo-fraud. Accessed from Homepage (undated). Accessed 24 May 2021

  12. Zahrte K (2021) Begriff des Zahlungsinstruments und Haftungsverteilung beim CEO-Fraud. Zeitschrift für Bankrecht und Bankwirtschaft 33(2):131–139

    Article  Google Scholar 

  13. Industrie und Handelskammer (IHK) Hessen Homepage. https://www.ihk-hessen-innovativ.de/chef-betrug-mit-folgen-21-mio-schaden-zwei-manager-entlassen/. Accessed 29 Oct 2022

  14. Cisco Homepage. https://www.cisco.com/c/en/us/support/docs/security/email-security-app44-best-practices-guide-for-anti-spoofing.html. Accessed 27 Oct 2022

  15. European Union Agency for Network and Information Security (ENISA) (2018) Cybersecurity culture guidelines: behavioural aspects of cybersecurity, Heraklion, Greece

    Google Scholar 

  16. Sasse MA, Hielscher J, Friedauer J, Peiffer M (2022) Warum IT-Sicherheit in Organisationen einen Neustart braucht/Why IT security in organizations needs a fresh start. In: Federal Office for Information Security (BSI) (ed) Proceedings of the 18. Deutscher IT-Sicherheitskongress des BSI/18th German IT security congress of the BSI, February 2022. At: Virtual Event Volume. ISBN 978-3-922746-84-3

    Google Scholar 

  17. Bada M, Sasse MA, Nurse JRC (2016) Cyber security awareness campaigns. Why do they fail to change behaviour? In: Proceedings of international conference on ICT for sustainable development. ICT4SD 2015, vol 2, 1st edn.

    Google Scholar 

  18. Scholl MC, Fuhrmann F, Scholl LR (2018) Scientific knowledge of the human side of information security as a basis for sustainable trainings in organizational practices. In: Proceedings of the 51st Hawaii international conference on system sciences

    Google Scholar 

  19. Rothschild ML (1999) Carrots, sticks, and promises: a conceptual framework for the management of public health and social issue behaviors. J Mark 63(4):24–37

    Article  Google Scholar 

  20. Maclnnis DJ, Moorman C, Jaworski BJ (1991) Enhancing and measuring consumers’ motivation, opportunity, and ability to process brand information from ads. J Mark 55:32–53

    Article  Google Scholar 

  21. Helisch M, Pokoyski D (eds) (2009) Security awareness–Neue Wege zur erfolgreichen Mitarbeiter-Sensibilisierung / Security awareness—new ways to successfully raise employee awareness. Springer, Wiesbaden

    Google Scholar 

  22. Zwilling M, Klien G, Lesjak D, Wiechetek Ł, Cetin F, Basim HN (2022) Cyber security awareness, knowledge and behavior: a comparative study. J Comput Inf Syst 62(1):82–97

    Google Scholar 

  23. Alshaikh M, Adamson B (2021) From awareness to influence: toward a model for improving employees’ security behaviour. Pers Ubiquit Comput 25(5):829–841

    Article  Google Scholar 

  24. Zhou G, Gou M, Gan Y, Schwarzer R (2020) Risk awareness, self-efficacy, and social support predict secure smartphone usage. Front Psychol 11:1066

    Article  Google Scholar 

  25. BSI—Federal Office for Information Security (ed) (2022) Die Lage der IT-Sicherheit in Deutschland 2022. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2022.html?nn=129410. Accessed from Homepage. Accessed 27 Oct 2022

  26. BSI—Federal Office for Information Security (ed) (2021) The state of IT security in Germany in 2021. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2021.pdf?__blob=publicationFile&v=5. Accessed from Homepage. Accessed 27 Oct 2022

  27. Proofpoint (ed) (2022) State of the Phish Sicherheitsbewusstsein und Bedrohungsabwehr im Fokus–eine umfassende Bestandsaufnahme (German version). https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-de-tr-state-of-the-phish-2022.pdf. Accessed from Homepage. Accessed 27 Oct 2022

  28. Gabler Wirtschaftslexikon: Lernen Homepage. https://wirtschaftslexikon.gabler.de/definition/lernen-41169. Accessed 4 Feb 2022

  29. David DP, Keupp MM, Mermoud A (2020) Knowledge absorption for cyber-security: the role of human beliefs. Comput Hum Behav 106:106255

    Article  Google Scholar 

  30. Johansson K, Paulsson T, Bergström E, Seigerroth U (2022) Improving cybersecurity awareness among SMEs in the manufacturing industry. In: SPS2022. IOS Press, pp 209–220

    Google Scholar 

  31. Johns Hopkins Medical Institutions (2007) Why emotionally charged events are so memorable. ScienceDaily. http://www.sciencedaily.com/releases/2007/10/071004121045.htm. Accessed from Homepage. Accessed 04 Feb 2022

  32. Carpenter P (2019) Transformational security awareness: what neuroscientists, storytellers, and marketers can teach us about driving secure behaviors. Wiley

    Google Scholar 

  33. Doyle W, Carter K (2003) Narrative and learning to teach: implications for teacher-education curriculum. J Curric Stud 35(2):129–137

    Article  Google Scholar 

  34. Stigler JW, Hiebert J (2009) The teaching gap: best ideas from the world’s teachers for improving education in the classroom. Simon and Schuster

    Google Scholar 

  35. Lambach D, Oppermann K (2022) Narratives of digital sovereignty in German political discourse. Governance

    Google Scholar 

  36. Linek SB, Huff M (2022) Serious comics for science popularization: impact of subjective affinities and the crucial role of comic figures. In: INTED2022 proceedings. IATED, pp 517–526

    Google Scholar 

  37. Maalem Lahcen RA, Caulkins B, Mohapatra R, Kumar M (2020) Review and insight on the behavioral aspects of cybersecurity. Cybersecurity 3(1):1–18

    Article  Google Scholar 

  38. Baranowski MT, Lu PAS, Buday R, Lyons EJ, Schell J, Russoniello C (2013) Stories in games for health: more pros or cons? Games Health Res Dev Clin Appl 2(5):256–263

    Google Scholar 

  39. Laamarti F, Eid M, El Saddik A (2014) An overview of serious games. Int J Comput Games Technol 2014:11

    Article  Google Scholar 

  40. Schell J (2019) The art of game design. A book of lenses, 3rd edn. CRC Press, London

    Google Scholar 

  41. Susi T, Johannesson M, Backlund P (2007) Serious games: an overview. Technical report HS-IKI-TR-07–001

    Google Scholar 

  42. Bernardes O, Amorim V, Moreira AC (eds) (2022) Handbook of research on cross-disciplinary uses of gamification in organizations. IGI Global

    Google Scholar 

  43. Erasmus Universität Rotterdam Homepage. https://www.coursera.org/lecture/serious-gaming/different-kinds-of-serious-games-from-simulation-to-gamification-xxMNX. Accessed 27 Oct 2022

  44. Paras B (2005) Game, motivation, and effective learning: an integrated model for educational game design. http://summit.sfu.ca/item/281. Accessed 04 Feb 2022

  45. Hassenzahl M (2008) User experience (UX): towards an experiential perspective on product quality. In: IHM 2008: Proceedings of the 20th French-speaking conference on humancomputer interaction (Conf. Francophone sur l’Interaction Homme-Machine), pp 11–15

    Google Scholar 

  46. Interaction Design Foundation: Emotional design. https://www.interaction-design.org/literature/topics/emotional-design. Accessed 05 Aug 2022

  47. Pavlidis GP, Markantonatou S (2018) Playful education and innovative gamified learning approaches. In: Handbook of research on educational design and cloud computing in modern classroom settings. IGI Global, pp 321–341

    Google Scholar 

  48. Pokoyski D, Matas I, Haucke A, Scholl M (2021) Qualitative Wirkungsanalyse security awareness in KMU (study 1 of the project “ALARM Informationssicherheit”). Technische Hochschule Wildau, Wildau, p 72

    Google Scholar 

  49. Von Tippelskirch H, Schuktomow R, Scholl M, Walch MC (2022) Report zur Informationssicherheit in KMU – Sicherheitsrelevante Tätigkeitsprofile (report 1). TH Wildau, Wildau, p 111

    Google Scholar 

  50. Project “ALARM Information Security”. https://alarm.wildau.biz/en. Accessed 17 Oct 2022

  51. Proofpoint, Beyond Awareness Training. https://www.proofpoint.com/sites/default/files/e-books/pfpt-us-eb-beyond-awareness-training.pdf. Accessed 22 Aug 2022

  52. Scholl M (2021) Information security officer: job profile, necessary qualifications, and awareness raising explained in a practical way; basis: ISO/IEC 2700x, BSI standards 200-x, and IT-Grundschutz compendium. BoD–Books on Demand and Buchwelten-Verlag

    Google Scholar 

  53. TWZ Homepage. https://twz-ev.org/institute/wildau-institut-fuer-innovative-lehre-lebenslanges-machen-und-gestaltende-evaluation/#tab-id-1. Accessed 17 Oct 2022

Download references

Acknowledgements

As the initiator of “Awareness Lab SME (ALARM) Information Security” and project manager, I would like to thank the Federal Ministry for Economic Affairs and Climate Action (BMWK) for funding this project. I am grateful to our long-standing security awareness partner, the company known_sense, and the other subcontractor, Gamebook Studio. My special thanks to the pilot companies for their active involvement and to my research team—also featured on the project website [50]—who have moved the project forward in different constellations. Finally, I would like to acknowledge the anonymous reviewers for their helpful critical comments. Many thanks, too, to Simon Cowper for his detailed and professional proofreading of the text.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Margit Scholl .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Scholl, M. (2023). Raising Awareness of CEO Fraud in Germany: Emotionally Engaging Narratives Are a MUST for Long-Term Efficacy. In: Rocha, Á., Ferrás, C., Ibarra, W. (eds) Information Technology and Systems. ICITS 2023. Lecture Notes in Networks and Systems, vol 691. Springer, Cham. https://doi.org/10.1007/978-3-031-33258-6_40

Download citation

Publish with us

Policies and ethics