Systematic Review of Factors that Influence the Cybersecurity Culture

Abstract

There is a need to shift from a purely technological approach in addressing cybersecurity threats to a more human inclusive method. As a result, cybersecurity culture is gaining momentum in research as an approach in addressing cybersecurity challenges due to human related issues. To develop a better understanding of cybersecurity culture, this paper presents a comprehensive view of cybersecurity culture (CSC) factors. These holistic cybersecurity culture factors have been developed by conducting a detailed review of literature. A total of 539 records were initially identified from seven different databases and via other sources, from which 58 records were finally selected using focused inclusion and exclusion criteria. The review identified a total of 29 cybersecurity culture factors, with security education, training, and awareness (SETA), and top management or leadership support appearing among the 10 dominant factors. The researchers produced a consolidated list of factors for CSC that can guide future researchers in this research area.