References
- Houghton C, Casey D, Shaw D, et al. Rigor in qualitative case- study research. Nurse Res. 2013;20:12–17. doi: 10.7748/nr2013.03.20.4.12.e326
- Richardson MD, Lemoine PA, Stephens WE, et al. Planning for cyber security in schools: the human factor. Educ Plan. 2020;27(2):23–39. https://files.eric.ed.gov/fulltext/EJ1252710.pdf
- Lunney R. How can we help employees care about cybersecurity? Creating a cybersecurity-conscious culture by empowering employees to adopt security best practices is an integral step in protecting company data. In: The globe and mail (Online). Toronto: The Globe and Mail; 2019. Oct 25, 2019 https://www.theglobeandmail.com/business/careers/leadership/article-how-can-we-help-employees-care-about-cybersecurity/
- Alruwaili A. A review of the impact of training on cybersecurity awareness. Int J Adv Res Comput Sci. 2019;10(5):1–03. doi: 10.26483/ijarcs.v10i5.6476
- Alabdan R. Phishing attacks survey: types, vectors, and technical approaches. Future Internet. 2020;12(10):168. doi: 10.3390/fi12100168
- Walaza M, Loock M, Kritzinger E. A framework to enhance ICT security through education, training & awareness (ETA) programs in South African small, medium and micro-sized enterprises (SMMEs): a scoping review. In: Silhavy R, (editor) Applied informatics and cybernetics in intelligent systems. Springer; 2020 July; pp. 45–58. doi: 10.1007/978-3-030-51974-2_5
- Williams EJ, Joinson AN. Developing a measure of information seeking about phishing. J Cybersecur. 2020;6(1):1–16. doi: 10.1093/cybsec/tyaa001
- Salahdine F, Kaabouch N. Social engineering attacks: a survey. Future Internet. 2019;11(4):89. doi: 10.3390/fi11040089
- Georgescu T. A study on how the pandemic changed the cybersecurity landscape. Inform Econ. 2021;25(1):42–60. doi: 10.24818/issn14531305/25.1.2021.04
- Williams EJ, Hinds J, Joinson AN. Exploring susceptibility to phishing in the workplace. Inter J Human Comp Stud. 2018;120:1–13. doi: 10.1016/j.ijhcs.2018.06.004
- Busse K, Seifert J, Smith M. Exploring the security narrative in the work context. J Cybersecur. 2020;6(1):1–12. doi: 10.1093/cybsec/tyaa011
- Chaudhary S, Gkioulos V, Katsikas S. Developing metrics to assess the effectiveness of cybersecurity awareness program. J Cybersecur. 2022;8(1):1–19. doi: 10.1093/cybsec/tyac006
- Nguyen KD, Rosoff H, John RS. & Valuing information security from a phishing attack. J Cybersecur. 2017;3(3):159–171. doi: 10.1093/cybsec/tyx006
- Schoenmakers K, Greene D, Stutterheim S, et al. The security mindset: characteristics, development, and consequences. J Cybersecur. 2023;9(1):1–15. doi: 10.1093/cybsec/tyad010
- Mamonov S, Benbunan-Fich R. The impact of information security threat awareness on privacy-protective behaviors. Comput Hum Behav. 2018;83:32–44. doi: 10.1016/j.chb.2018.01.028
- Chua HN, Wong SF, Low YC, et al. Impact of employees’ demographic characteristics on the awareness and compliance of information security policy in organizations. Telemat Inform. 2018;35(6):1770–1780. doi: 10.1016/j.tele.2018.05.005
- Iverson A, Terry P. Plan audits: cybersecurity hot topics for closely-held businesses. J Pension Benefits. 2018;25(4):60–62. Available from: https://pinnacle-plan.com/wp-content/uploads/2018/10/Amanda-Iverson-Article-Cybersecurity-Hot-Topics-for-Closely-Held-Businesses.pdf
- Szabo J How did the Blackbaud ransomware attack occur? Top Class Actions. 2020. Available from: https://topclassactions.com/lawsuit-settlements/privacy/ransomware/how-did-the-blackbaud-ransomware-attack-occur/
- Yates MT, Campbell A. The ethical debate of Blackbaud’s 2020 data breach. Sage. 2021;1:7.
- Clolery P (2020). The hack of Blackbaud: damage is still being assessed. NPT Publishing Group. Available from: https://www.thenonprofittimes.com/npt_articles/the-hack-of-blackbaud-damage-is-still-being-assessed
- Kemper G. Improving employees’ cyber security awareness. Comput Fraud Secur. 2019;2019(8):11–14. doi: 10.1016/s1361-3723(19)30085-5
- Carlton M, Levy Y, Ramim M. Mitigating cyber-attacks through the measurement of non-IT professionals’ cybersecurity skills. Inf Comput Secur. 2019;27(1):101–121. doi: 10.1108/ics-11-2016-0088
- Shivappa V. Cyber resiliency: A critical strategy in protecting global economy from emerging cyber threats. Fintech News. 2021. https://www.fintechnews.org/cyber-resiliency-a-critical-strategy-in-protecting-global-economy-from-emerging-cyber-threats
- Aldawood H, Skinner G. Reviewing cyber security social engineering training and awareness programs—Pitfalls and ongoing issues. Future Internet. 2019;11(3):73. doi: 10.3390/fi11030073
- Rader E, Wash R. Identifying patterns in informal sources of security information. J Cybersecur. 2015;1(1):121–144. doi: 10.1093/cybsec/tyv008
- Kovačević A, Radenković SD. SAWIT—Security awareness improvement tool in the workplace. Appl Sci. 2020;10(9):3065. doi: 10.3390/app10093065
- Steen TV, Norris E, Atha K, et al. What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use? J Cybersecur. 2020;6(1):1–8. doi: 10.1093/cybsec/tyaa019
- Reagin M, Gentry M. Enterprise cybersecurity: building a successful defense program. Front Health Serv Manag. 2018;35(1):13–22.
- Tuttle H. Spurred by remote work, average data breach cost surges to $4.24 million. Risk Manag. 2021;68(9):30. Available from: https://www.rmmagazine.com/articles/article/2021/10/01/spurred-by-remote-work-
- Smith KT, Jones A, Johnson L, et al. Examination of cybercrime and its effects on corporate stock value. J Inf Commun Ethics Soc. 2019;17(1):42–60. doi: 10.1108/JICES-02-2018-0010
- Zwilling M, Klien G, Lesjak D, et al. Cyber security awareness, knowledge and behavior: a comparative study. J Comput Inf Syst. 2020;62(1):1–16. doi: 10.1080/08874417.2020.1712269
- Lapienyte J. Retail became a top target for ransomware and data-theft 2021. Available from: https://cybernews.com/news/retail-became-a-top-target-for-ransomware-and-data-theft/
- Seivold G. What are our weak spots? 2021. Available from: https://losspreventionmedia.com/retail-scores-below-average-in-cyber-security-training/
- Buckner G. Why retail is a top target for cyber-attacks. IT Pro; 2021. https://www.itpro.com/security/cyber-security/360747/why-retailers-are-the-most-targeted-sector-for-cyber-attacks
- Butler R, Butler M. Assessing the information quality of phishing-related content on financial institutions’ websites. Inf Comput Secur. 2018;26(5):514–532. doi: 10.1108/ICS-09-2017-0067
- He W, Zhang Z. Enterprise cybersecurity training and awareness programs: recommendations for success. J Organ Comput Electron Commer. 2019;29(4):249–257. doi: 10.1080/10919392.2019.1611528
- Sabillon R, Serra-Ruiz J, Cavaller V. An effective cybersecurity training model to support an organizational awareness program: the Cybersecurity Awareness Training Model (CATRAM). A case study in Canada. In: IRMA, editor. Research anthology on artificial intelligence applications in security. IGI Global; 2021. pp. 174–188. doi: 10.4018/978-1-7998-7705-9.ch008
- Ghazvini A, Shukur Z. A framework for an effective information security awareness program in healthcare. Int JAdv Comput Sci Appl. 2017;8(2):193–205. doi: 10.14569/ijacsa.2017.080226
- Knowles M. The adult learner: A neglected species. 2nd. Houston, TX: Gulf Publishing Company; 1978.
- Miller C (2020). Adult learning theory and its importance in employee training. BizLibrary. https://www.bizlibrary.com/blog/learning-methods/adult-learning-theory/
- Culatta R. Andragogy (Malcom Knowles) 2018. Available from: http://instructionaldesign.org/theories/andraogy
- Major A, Calandrino T. Beyond chunking: Micro-learning secrets for effective online design. FDLA J. 2018;15(2):27–30. https://nsuworks.nova.edu/fdla-journal/vol3/issl/13/
- Creswell JW, editor. Chapter 4: Specifying a purpose and research questions or hypothesis. In: Educational research planning, conducting and evaluating quantitative and qualitative research. Prentice Hall/Pearson Education; 2015.
- Kellenberg F, Schmidt J, Werner C. The adult learner: Self-determined, self- 103 regulated, and reflective. Signum Temporis. 2017;9(1):23–29. doi: 10.1515/sigtem-2017-0001
- McDougall J. The quest for authenticity: a study of an online discussion forum and the needs of adult learners. Aus J Adult Learn. 2015;55(1):94–113. https://www.learntechlib.org/p/159576/
- Gonzalez E 7 tips for applying adult learning theory to employee training. The Blueprint. [cited 2020 December 1]. Available from: https://www.fool.com/the-blueprint/adult-learning-theory/
- Knowles MS. The modern practice of adult education: Andragogy versus pedagogy. Englewood Cliffs, Cambridge: Prentice Hall; 1970.
- Dew JR. Empowerment and democracy in the workplace: Applying adult education theory and practice for cultivating empowerment. Westport, Ct: Quorum Books; 1997.
- Knowles MS. Andragogy in action. San Francisco, CA: Jossey-Bass; 1984.
- Halpern R, Tucker C. Leveraging adult learning theory with online tutorials. Ref Ser Rev. 2015;43(1):112–124. doi: 10.1108/rsr-10-2014-0042
- Malison K, Thammakoranonta N. An exploratory study of self-directed learning: The differences between it and non-IT employees in Thailand. J Entrep Educ. 2018;21(3):1–16. https://www.abacademies.org/articles/an-exploratory-study-of-selfdirected-learning-the-differences-between-it-and-nonit-employees-in-thailand-7367.html
- Fox A. Microlearning for effective performance management. Talent Dev. 2016;70(4):116–117. https://www.td.org/magazines/tdmagazine/microlearning-for-effective-performance-management
- Fox D. Making employees more cyber-aware. Risk Manag. 2018;65(6):8–9. https://www.rmmagazine.com/articles/article/2018/06/01/-Making-Employees-More-Cyber-Aware-
- Marzaban A, Barati Z. On the relationship between critical thinking ability, language learning strategies and reading comprehension of male and female intermediate EFL university students. Theory Pract Lang Stud. 2016;6(6):1241–1247. doi: 10.17507/tpls.0606.14
- Torrence DR. Motivating trainees to learn. J Train Dev. 1993;47(3):55–58. https://link.gale.com/apps/doc/A13770772/
- Offor P, Tejay G Information systems security training in organizations: Andragogical perspective. Twentieth Americas Conference on Information Systems; 2014. p. 1–9. https://www.researchgate.net/profile/Patrick_Offor/publication/264496540_Information_Systems_Security_Training_in_Organizations_Andragogical_Perspective/links/5414da50cf2788c4b35aa70/Information-Systems-Security-Training-in-Organizations-Andragogical-Per
- Ismail S, Sitnikova E, Slay J Using integrated system theory approach to assess security for SCADA systems cyber security for critical infrastructures: a pilot study. In 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD); IEEE; 2014. p. 1000–1006. doi: 10.1109/FSKD.2014.6980976.
- Hong KS, Chi YP, Chao LR, et al. An integrated system theory of information security management. Inf Manage Comput Secur. 2003;11(5):243–248. doi: 10.1108/09685220310500153
- Zaini MK, Masrek MN, Johari MK, et al. Theoretical modeling of information security: organizational agility model based on integrated system theory and resource-based view. Int J Acad Res Progress Educ Dev. 2018;7(3). doi: 10.6007/IJARPED/v7-i3/4379
- Rogers RW. A protection motivation theory of fear appeals and attitude change1. J Psychol. 1975;91(1):93–114. doi: 10.1080/00223980.1975.9915803
- Thomas JE. Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Int J Bus Manag. 2018;12(3):1–23. doi: 10.5539/ijbm.v13n6p1
- Lewis I, Watson B, Tay R, et al. The role of fear appeals in improving driver safety: a review of the effectiveness of fear-arousing (threat) appeals in road safety advertising. Int J Behav Consult Ther. 2007;3(2):203. doi: 10.1037/h0100799
- Van Bavel R, Rodríguez-Priego N, Vila J, et al. Using protection motivation theory in the design of nudges to improve online security behavior. Inter J Human Comp Stud. 2019;123:29–39. doi: 10.1016/j.ijhcs.2018.11.003
- Menard P, Bott GJ, Crossler RE. User motivations in protecting information security: Protection motivation theory versus self-determination theory. J Manage Inf Syst. 2017;34(4):1203–1230. doi: 10.1080/07421222.2017.1394083
- Schein EH. Organizational culture and leadership. Fifth ed. NJ: Wiley; 2017.
- Marinova SV, Cao X, Park H. Constructive organizational values climate and organizational citizenship behaviors: a configurational view. J Manage. 2019;45(5):2045–2071. doi: 10.1177/0149206318755301
- Moser A, Korstjens I. Series: Practical guidance to qualitative research. Part 1: Introduction. Eur J Gener Pract. 2017;23(1):271–273. doi: 10.1080/13814788.2017.1375093
- Mei XY, Lantai T. Understanding travel constraints: An exploratory study of Mainland Chinese International Students (MCIS) in Norway. Tourism manage perspect. 2018;28:1–9. doi: 10.1016/j.tmp.2018.07.003
- Hanson JL, Balmer DF, Giardino AP. Qualitative research methods for medical educators. Acad Pediatr. 2011;11(5):375–386. doi: 10.1016/j.acap.2011.05.001
- Creswell JW. Qualitative inquiry and research design: Choosing among five approaches. 2nd ed. Thousand Oaks, California: Sage Publications; 2009.
- McGrath C, Palmgren PJ, Liljedahl M. Twelve tips for conducting qualitative research interviews. Med Teach. 2019;41(9):1002–1006. doi: 10.1080/0142159x.2018.1497149
- Palinkas LA, Horwitz SM, Green CA, et al. Purposeful sampling for qualitative data collection and analysis in mixed method implementation research. Administration Policy Mental Health Mental Health Serv Res. 2015;42(5):533–544. doi: 10.1007/s10488-013-0528-y
- Percy WH, Kostere K, Kostere S. Generic qualitative research in psychology. Qual Rep. 2015;20(2):76–85. doi: 10.46743/2160-3715/2015.2097
- Yin RK. Case study research: Design and methods. 5th ed. Thousand Oaks, California: Sage; 2014.
- Zhong C Strategies that Chinese small and medium-sized enterprises use to attract venture capital () [ Doctoral dissertation, Walden University]. ProQuest Dissertations & Theses Global; 2018.
- Al-Yateem N. The effect of interview recording on quality of data obtained: a methodological reflection. Nurse Res. 2012;19(4):31–35. doi: 10.7748/nr2012.07.19.4.31.c9222
- Rubin HJ, Rubin IS. Qualitative interviewing: The art of hearing data. 3rd ed. Thousand Oaks, California: Sage; 2012.
- Arnold E, Lane S. Qualitative research: a valuable tool for transfusion medicine. Transfus Med. 2011;51(4):688–691. doi: 10.1111/j.1537-2995.2010.03046.x
- Merriam SB. Qualitative research: a guide to design and implementation. 3rd ed. San Francisco, CA: John Wiley, & Sons; 2009.
- Finney J Security awareness training: Information (IT) & cyber security 2017. Available from: https://linfordco.com/blog/security-awareness-training/
- Antonioli D, Ghaeini HR, Adepu S, et al. Gamifying ICS security training and research: Design, implementation, and results of S3. Cyber Phys Sys Sec Privacy. 2017;93(105): doi: 10.1145/3140241.3140253
- Stuart P. New directions in training individuals. Pers Rev. 1992;71(9):86–94. https://eurekamag.com/research/013/163/013163003.php
- Ani UD, He H, Tiwari A. Human factor security: Evaluating the cybersecurity capacity of the industrial workforce. J Syst Inf Technol. 2019;21(1):2–35. doi: 10.1108/JSIT-02-2018-0028
- Bada M, Sasse AM, Nurse JR Cyber security awareness campaigns: Why do they fail to change behavior? 2019. Available from: https://arxiv.org/abs/1901.02672
- Nuvias MEA. Nuvias MEA partners with leading email security & archiving vendor Mimecast to meet cloud security demands in Middle East. Internet Business News. Business Wire. 2017. Available from: https://www.businesswire.com/news/home/20170118005049/en/Nuvias-MEA-Partners-with-Leading-Email-Security-Archiving-Vendor-Mimecast-to-Meet-Cloud-Security-Demands-in-the-Middle-East
- Anees A, Hussain I. A novel method to identify initial values of chaotic maps in cybersecurity. Symmetry. 2019;11(2):140. doi: 10.3390/sym11020140
- Mubashir AA, Tarraf R, Ahmad A. Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. J Multidiscip Healthc. 2019;12:73–81. doi: 10.2147/JMDH.S183275
- Tioh JN, Mina M, Jacobson DW. Cyber security training a survey of serious games in cyber security. IEEE. 2017;5(1): doi: 10.1109/fie.2017.8190712
- Herath T, Rao HR. Protection motivation and deterrence: a framework for security policy compliance in organizations. Eur J Inf Syst. 2009;18(2):106–125. doi: 10.1057/ejis.2009.6
- Kamiya S, Kang JK, Kim J, et al. What is the impact of successful cyberattacks on target firms? (No. w24409). National Bureau of Economic Research; 2018; doi: 10.2139/ssrn.3135514.
- Patton MQ. Two decades of developments in qualitative inquiry: a personal, experiential perspective. Qual Soc Work. 2002;1(3):261–283. doi: 10.1177/1473325002001003636
- Zakaria R, Musta’amal AH, Amin NFM, et al. Transcribing with ATLAS. ti. Berlin: Universitätsverlag der TU; 2016.
- Ponelis SR. Using interpretive qualitative case studies for exploratory research in doctoral studies: a case of Information Systems research in small and medium enterprises. Int J Doctoral Stud. 2015;10:535–550. doi: 10.28945/2339
- Leedy P, Ormrod J, Johnson LR. Practical research: Planning and design. Cranbury, New Jersey: Pearson Education; 2014. p. 360.
- Lord N. What is cyber security? 2018. https://digitalguardian.com/blog/what-cyber-security
- Cuthbert S. The rise of the cyber insider. Comput Fraud Secur. 2018;2018(10):20–20. doi: 10.1016/S1361-3723(18)30099-X
- Barlow JB, Warkentin M, Ormond D, et al. Don’t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. J Assoc Inf Syst. 2018;19(8):689–715. doi: 10.17705/1jais.00506
- Herath T, Yim MS, D’Arcy J, et al. Examining employee security violations: moral disengagement and its environmental influences. Information Technology & People. 2018;31(6):1135–1162. doi: 10.1108/itp-10-2017-0322.
- Stanciu V, Tinca A. Students’ awareness on information security between own perception and reality–an empirical study. Accounting Manage Inf Syst. 2016;15(1). http://online-cig.ase.ro/RePEc/ami/articles/15_1_6.pdf
- Ki-Aries D, Faily S. Persona-centered information security awareness. Computers & Security. 2017;70:663–674. doi: 10.1016/j.cose.2017.08.001
- Lemon LL, Hayes J. Enhancing trustworthiness of qualitative findings: Using leximancer for qualitative data analysis triangulation. Qual Rep. 2020;25(3):604–614. doi: 10.46743/2160-3715/2020.4222
- Kumar S, Athavale VA, Kartikey D. Security issues in cloud computing: a holistic view. Int J Internet Things Web Serv. 2021;6:18–29.
- Morse JM. Critical analysis of strategies for determining rigor in qualitative inquiry. Qual Health Res. 2015;25(9):1212–1222. doi: 10.1177/1049732315588501
- Langtree T, Birks M, Biedermann N. Separating“fact” from fiction: Strategies to improve rigour in historical research. Forum: Qual Soc Res. May 2019;20(2). doi: 10.17169/fqs-20.2.3196
- Nyirenda L, Kumar MB, Theobald S, et al. Using research networks to generate trustworthy qualitative public health research findings from multiple contexts. BMC Med Res Methodol. 2020;20(1):13. doi: https://doi.org/10.1186/s12874-019-0895-5
- Faulkner SL, Trotter SP. Theoretical saturation. In: J. Matthes, C.S. Davis R.F. Potter, editors. The international encyclopedia of communication research methods. Wiley; 2017. pp. 1–2. doi: 10.1002/9781118901731.iecrm0250.
- Given L. The SAGE encyclopedia of qualitative research methods. Sage; 2020; doi: 10.4135/9781412963909.
- Lightman M. Qualitative research in education: a user’s guide. London: Sage Publications; 2006.
- Polit D, Beck C Nursing Research: Generating and Assessing Evidence for Nursing Practice. (9th ed.). Lippincott & Williams; 2012. Rehabilitation Act of 1973, Pub. L. No. 93-112, § 87 Stat. 355 (1973).
- Tracy SJ. Qualitative quality: Eight “big-tent” criteria for excellent qualitative research. Qual Inq. 2010;16(10):837–851. doi: 10.1177/1077800410383121
- National Institutes of Standards and Technology. (NIST). Security requirements for cryptographic modules. 2001. Available from: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf
- National Institute of Health. Human participant protections education for research teams. U.S. Department of Health and Human Services; 2002. http://cme.cancer.gov/clinicaltrials/learning/humanparticipantprotections.asp
- Steneck NH. The role of professional societies in promoting integrity in research. J Health Soc Behav. 2003;27:239–247. Available from: https://journals.sagepub.com/home/hsb
- Sheperis CJ, Young J, Scott R, et al. Counseling research: Quantitative, qualitative, mixed methods. 2nd ed. Boston, MA: Pearson; 2017.
- Hardicre J. Valid informed consent in research: An introduction. Br J Nurs. 2014;23(11):564–567. doi: 10.12968/bjon.2014.23.11.564
- McCormack D, Carr T, McCloskey R, et al. Getting through ethics: The fit between research ethics board assessments and qualitative research. J Empir Res Hum Res Ethics. 2012;7(5):30–36. doi: 10.1525/jer.2012.7.5.30
- Vainio A. Beyond research ethics: Anonymity as “ontology”, “analysis” and “independence”. Qualitative Research. 2013;13(6):685–698. doi: 10.1177/1468794112459669