Skip to main content
SpringerLink
Log in

Factors Associated with Cybersecurity Culture: A Quantitative Study of Public E-health Hospitals in South Africa

  • Conference paper
  • First Online:
Human Aspects of Information Security and Assurance (HAISA 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 674))

Abstract

The healthcare sector has become a high target of cyber threats due to the nature of the industry and the potential of personal and confidential information. Human related factors have proven to be the major contributor to the challenges confronting cybersecurity across different domains. Addressing the human problem in cybersecurity calls for a coordinated and inclusive cybersecurity measure like Cybersecurity Culture (CSC). CSC has been argued as an essential cybersecurity measure that contributes to changing human behaviour in terms of their attitude, beliefs and values as well as their performance towards security that may impact positive security behaviour. Research work in CSC is limited in the healthcare sector as existing works focus on financial and insurance sectors. Following a quantitative research method, this paper conducted an empirical study to identify CSC factors that are associated with public e-health hospitals in South Africa. The findings revealed that under the component of preparedness are issues of awareness and competency as factors that are highly associated with CSC. Under management, lack of a cybersecurity team, top management support as well as rewards and punishment were identified. Factors relating to responsibility and environmental components were also identified to have an association with CSC among Information Technology users. Identifying the factors would assist in the development of a framework for establishing CSC in the hospitals which would form a base for hospitals in developing CSC in their settings.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Horner, A., Rautenbach, P., Mbananga, N., Mashamba, T., Kwinda, H.: An e-health decision support system for improving compliance of health workers to the maternity care protocols in South Africa. Appl. Clin. Inform. 4(1), 25–36 (2013)

    Article  Google Scholar 

  2. Krüger, K., Strand, L., Geitung, J., Eide, G., Grimsmo, A.: Can electronic tools help improve nursing home quality? Int. Sch. Res. Not. 2011, 1–8 (2011)

    Google Scholar 

  3. Mandava, M., Lubamba, C., Ismail, A., Bagula, A., Bagula, H.: Cyber-healthcare for public healthcare in the developing world,” In: Proceedings of IEEE Symposium on Computer and Communications, pp.14–19, (2016)

    Google Scholar 

  4. Europaean Commisson.: eHealth Action Plan 2012–2020: Innovative Healthcare for the 21st Century, (2012). https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0736:FIN:EN:PD

  5. An Roinn Slainte Department of Health.: eHealth Strategy for Ireland (2013)

    Google Scholar 

  6. Wikler, E., Bausch, P., Cutler, D.: Paper Cuts: Reducing Health Care Administrative Costs, Center for American Progress, Washington, DC (2012). https://dash.harvard.edu/bitstream/handle/1/17190515/33796/papercuts_final.pdf?sequence=1

  7. Yüksel, B., Küpçü, A., Özkasap, Ö.: Research issues for privacy and security of electronic health services. Futur. Gener. Comput. Syst. 68, 1–13 (2017). https://doi.org/10.1016/j.future.2016.08.011

    Article  Google Scholar 

  8. ITRC.: 2018 END-OF-YEAR DATA BREACH Report, (2019). https://www.idtheftcenter.org/wp-content/uploads/2019/02/ITRC_2018-End-of-Year-Aftermath_FINAL_V2_combinedWEB.pdf. Accessed 23 June 2020

  9. Ponemon Institute.: 2017 Cost of Data Breach Study Global Overview, (2018). https://www.ponemon.org/blog/2017-cost-of-data-breach-study-united-states%0Ahttps://www.ibm.com/security/data-breach.

    Google Scholar 

  10. Identity Theft Resource Center (ITRC).: 2019 END-OF-YEAR DATA BREACH REPORT (2020). https://www.idtheftcenter.org/wp-content/uploads/2020/01/01.28.2020_ITRC_2019-End-of-Year-Data-Breach-Report_FINAL_Highres-Appendix.pdf

  11. Statista.: Statistic U.S. data breaches by industry 2019 | Statista (2020). https://www.statista.com/statistics/273572/number-of-data-breaches-in-the-united-states-by-business/. Accessed 25 Jun 2020

  12. Murphy, S.: Healthcare Information Security and Privacy, 1st edn. McGraw - Hill Education Group, New York (2015)

    Google Scholar 

  13. Ponemon Institute.: Cost of a Data Breach Report 2019, IBM Security (2019)

    Google Scholar 

  14. Ghafur, S., Grass, E., Jennings, N., Darzi, A.: The challenges of cybersecurity in health care: the UK national health service as a case study. Lancet Dig. Health 1(1), 10–12 (2019)

    Article  Google Scholar 

  15. Roohparvar, R.: 5 Industries that Top the Hit List of Cyber Criminals in 2017, Infoguard Cyber Security (2017). http://www.infoguardsecurity.com/5-industries-top-hit-list-cyber-criminals-2017/. Accessed 10 May 2019

  16. Van ‘t Wout, C.: Develop and maintain a cybersecurity organisational culture. In: Proceedings of the14th International Conference on Cyber Warfare and Security (ICCWS), pp. 457–466 (2019)

    Google Scholar 

  17. Holdsworth, J., Apeh, E.: An effective immersive cyber security awareness learning platform for businesses in the hospitality sector. In: Proceedings of the 25th IEEE International Requirements Engineering Conference Workshops (REW), pp. 111–117 (2017)

    Google Scholar 

  18. Gcaza, N., Von Solms, R., Van Vuuren, J.: An ontology for a national cyber-security culture environment. In: Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), pp. 1–10 (2015)

    Google Scholar 

  19. Kotz, D., Gunter, C., Kumar, S., Weiner, J.: Privacy and security in mobile health: a research agenda. Computer 49(6), 22–30 (2016)

    Article  Google Scholar 

  20. Grobler, M., van Vuuren, J.: Broadband broadens scope for cybercrime in Africa. In: Proceedings of the 2010 IEEE Information Security for South Africa conference, pp. 1–8 (2010)

    Google Scholar 

  21. Marotta, A., Pearlson, K.: A culture of cybersecurity at Banca Popolare di Sondrio. In: Proceedings of the 25th Americas Conference on Information Systems (AMCIS), pp. 1–10 (2019)

    Google Scholar 

  22. Branley-bell, D., Coventry, L., Sillence, E.: Promoting cybersecurity culture change in healthcare. In: Proceedings of the 14th PErvasive Technologies Related to Assistive Environments Conference, pp. 544–549 (2021)

    Google Scholar 

  23. Corradini, I.: Building a cybersecurity culture. In: Building a Cybersecurity Culture in Organizations. SSDC, vol. 284, pp. 63–86. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43999-6_4

    Chapter  Google Scholar 

  24. Ismail, W., Yusof, M.: Mitigation strategies for unintentional insider threats on information leaks. Int. J. Secur. Appl. 12(1), 37–46 (2018)

    Google Scholar 

  25. Gcaza, N.: A National Strategy towards Cultivating a Cybersecurity Culture in South Africa. PhD thesis, Nelson Mandela Metropolitan University Port Elizabeth, South Africa 1–380 (2017)

    Google Scholar 

  26. Gcaza, N., Von Solms, R.: A strategy for a cybersecurity culture: a South African perspective. Electron. J. Inf. Syst. Developing Countries 80(1), 1–17 (2017)

    Article  Google Scholar 

  27. Reid, R., Van Niekerk, J.: From information security to cyber security cultures. In: Proceedings of the 2014 Information Security for South Africa (ISSA) Conference, pp. 1–7 (2014)

    Google Scholar 

  28. Huang, K., Pearlson, K.: For what technology can’ t fix: building a model of organizational cybersecurity culture. In: Proceeding of the 52nd Hawaii International Conference on System Sciences, pp. 6398–6407 (2019)

    Google Scholar 

  29. Alshaikh, M.: Developing cybersecurity culture to influence employee behavior: a practice perspective. Comput. Secur. 98, 102003 (2020)

    Article  Google Scholar 

  30. Mwim, E., Mtsweni, J.: Systematic review of factors that influence the cybersecurity culture research aims. In: Clarke, N., Furnell, S. (eds.) Human Aspects of Information Security and Assurance HAISA 2022. IFIP Advances in Information and Communication Technology, vol. 658, pp. 147–172. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-12172-2_12

  31. Abeyratne, R.: Rulemaking in Air transport: A Deconstructive Analysis. Springer, Switzerland, vol. 252 (2016). https://doi.org/10.1007/978-3-319-44657-8

  32. Ciuperca, E.M., Vevera, V., Cirnu, C.: Social variables of cyber security educational programmes. In: Proceeding of the 15th International Scientific Conference eLearning and Software for Education Bucharest, Bucharest, pp. 190–194 (2019)

    Google Scholar 

  33. Da Veiga, A., Astakhova, V., Botha, A., Herselman, M.: Defining organisational information security culture - Perspectives from academia and industry. Comput. Secur. 92, 101713 (2020)

    Article  Google Scholar 

  34. European Union Agency for Network and Information Security (ENISA): Cyber Security Culture in Organisations. (2017). www.enisa.europa.eu

  35. Da Veiga, A.: Achieving a Security Culture. In: Cybersecurity Education for Awareness and Compliance, pp. 72–100. IGI Global (2018)

    Google Scholar 

  36. Reid, R., Van Niekerk, J.: Towards an education campaign for fostering a societal, cyber security culture. In: Proceeding of the 8th International Symposium on Human Aspects of Information Security & Assurance (HAISA), pp. 174–184 (2014)

    Google Scholar 

  37. Ponemon Institute.: The Rise of Ransomware. Ponemon Institute LLC (2017). https://www.ponemon.org/local/upload/file/Ransomware. Report Final 1.pdf. Accessed 11 July 2020

  38. Gcaza, N., Von Solms, R., Grobler, M., Van Vuuren, J.: A general morphological analysis: delineating a cyber-security culture. Inf. Comput. Secur. 25(3), 259–278 (2017)

    Article  Google Scholar 

  39. Ogden, S.: Cybersecurity: Creating a Cybersecurity Culture. Master thesis. California State University, San Bernardino (2021)

    Google Scholar 

  40. ISACA.: The Business Impact of a Cybersecurity Culture. ISACA (2018)

    Google Scholar 

  41. Gundu, T., Maronga, M., Boucher, D.: Industry 4. 0 business perspective: fostering a cyber security culture in a culturally diverse workplace. In: Proceedings of the 4th International Conference on the Internet, Cyber Security and Information Systems. Kalpa Publication in Computing, pp. 85–94 (2019)

    Google Scholar 

  42. Georgiadou, A., Mouzakitis, S., Bounas, K., Askounis, D.: A cyber-security culture framework for assessing organization readiness. J. Comput. Inf. Syst. 62, 1–11 (2020)

    Google Scholar 

  43. Bounas, K., Georgiadou, A., Kontoulis, M., Mouzakitis, S., Askounis, D.: Towards a cybersecurity culture tool through a holistic, multi-dimensional assessment framework. In: Proceedings of the 13th IADIS International Conference Information Systems (IS), pp. 135–139 (2020)

    Google Scholar 

  44. Van Vuuren, J.: Methodology and Model to Establish Cybersecurity for National Security in Africa using South Africa as a Case Study. PhD thesis, University of Venda, Limpopo, South Africa (2016)

    Google Scholar 

  45. Georgiadou, A., Mouzakitis, S., Askounis, D.: Designing a cyber-security culture assessment survey targeting critical infrastructures during COVID-19 crisis. Int. J. Netw. Secur. IT’s Appl. 13(1), 33–50 (2021)

    Google Scholar 

  46. Alhogail, A., Mirza, A., Bakry, S.H.: A comprehensive human factor framework for information security in organizations. J. Theor. Appl. Inf. Technol. 78(2), 201–211 (2015)

    Google Scholar 

  47. Schein, E.: Organizational Culture and Leadership, 3rd edn. Jossey-Bass, San Francisco, California (2004)

    Google Scholar 

  48. Van Niekerk, J., von Solms, R.: Information security culture: a management perspective. Comput. Secur. 29(4), 476–486 (2010)

    Article  Google Scholar 

  49. DeVillis, F. Scale Development: Theory and Applications, FOURTH. SAGE, Los Angeles (2017)

    Google Scholar 

  50. Streiner, D.: Starting at the beginning an introduction to coefficient alpha and internal consistency. J. Pers. Assess. 80(1), 99–103 (2003)

    Article  Google Scholar 

  51. Chalil, K.: Statistical Methods for Development Research: Correlation (2020)

    Google Scholar 

  52. Zetter, K.: Why Hospitals Are the Perfect Targets for Ransomware. WIRED (2016). https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/. Accessed 02 July 2020

  53. Mello, J.: Healthcare Security $65 Billion Market. Cybersecurity Ventures (2017). https://cybersecurityventures.com/healthcare-cybersecurity-report-2017/. Accessed 06 Oct 2020

  54. Kruse, C., Frederick, B., Jacobson, T., Monticone, D.: Cybersecurity in healthcare: a systematic review of modern threats and trends. Technol. Health Care 25(1), 1–10 (2017)

    Article  Google Scholar 

  55. Uchendu, B., Nurse, J., Bada, M., Furnell, S.: Developing a cyber security culture: current practices and future needs. Comput. Secur. 109, 102387 (2021)

    Article  Google Scholar 

  56. Martin, G., Martin, P., Hankin, C., Darzi, A., Kinross, J.: Cybersecurity and healthcare: How safe are we? Brit. Med. J. 358 (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information System, School of Computing, College of Science Engineering and Technology, Unisa, Adelaide city centre, FL, South Africa

    Emilia N. Mwim & Bester Chimbo

  2. Head of Information and Cyber Security Centre, CSIR, Pretoria, South Africa

    Jabu Mtsweni

  3. SILGA, Stellenbosch University, Stellenbosch, South Africa

    Jabu Mtsweni

Authors
  1. Emilia N. Mwim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jabu Mtsweni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bester Chimbo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Emilia N. Mwim .

Editor information

Editors and Affiliations

  1. University of Nottingham, Nottingham, UK

    Steven Furnell

  2. University of Plymouth, Plymouth, UK

    Nathan Clarke

Rights and permissions

Reprints and permissions

Copyright information

© 2023 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mwim, E.N., Mtsweni, J., Chimbo, B. (2023). Factors Associated with Cybersecurity Culture: A Quantitative Study of Public E-health Hospitals in South Africa. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38530-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38529-2

  • Online ISBN: 978-3-031-38530-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation