[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12788))

Included in the following conference series:

Abstract

Small and medium enterprises (SMEs) make up a significant part of European economies. Despite their economic importance, they are often described as poorly placed to deal with cyber risks because of resource constraints or commercial interests. Providing appropriate tooling would facilitate a greater appreciation of the risks and provide mitigation strategies. In a series of workshops demonstrating visualization tools for cybersecurity, constructs from healthcare models such as awareness, self-efficacy, and a willingness to engage were investigated to throw light on the likelihood that the technologies would be adopted. Although most constructs were validated, it turns out that self-efficacy could more appropriately be interpreted as a desire to understand a broader company narrative rather than empowering any individual to identify and manage cyber risk. As part of an ongoing examination of technology acceptance, this work provides further evidence that technology must be contextualised to make sense for the individual as part of the SME rather than as individual employee.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The work reported here was approved by the Faculty of Engineering and Physical Science Research Ethics Committee (Ref ERGO/FEPS/62067).

References

  1. Abraham, C., Sheeran, P.: The health belief model. Predict. Health Behav. 2, 28–80 (2005)

    Google Scholar 

  2. Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991)

    Google Scholar 

  3. Bell, S., et al.: Cybersecurity is not just a ‘big business’ issue. Gov. Dir. 69(9), 536 (2017)

    Google Scholar 

  4. Blythe, J.: Cyber security in the workplace: understanding and promoting behaviour change. In: Proceedings of CHI taly 2013 Doctoral Consortium, vol. 1065, pp. 92–101. CEUR Workshop Proceedings (2013)

    Google Scholar 

  5. Boletsis, C., Halvorsrud, R., Pickering, B., Phillips, S., Surridge, M.: Cybersecurity for SMEs: introducing the human element into socio-technical cybersecurity risk assessment. In: Proceedings of the IVAPP 2021 Conference, vol. to appear. Scitepress (2021)

    Google Scholar 

  6. Browne, S., Lang, M., Golden, W.: Linking threat avoidance and security adoption: A theoretical model for SMEs (2015)

    Google Scholar 

  7. Carpenter, C.J.: A meta-analysis of the effectiveness of health belief model variables in predicting behavior. Health Commun. 25(8), 661–669 (2010)

    Article  Google Scholar 

  8. Champion, V.L., Skinner, C.S.: The health belief model. In: Glanz, K., Rimer, B.K., Viswanath, K. (eds.) Health Behavior and Health Education: Theory, Research, and Practice, pp. 45–65. John Wiley & Sons, 4th edn. (2008)

    Google Scholar 

  9. Conner, M., Norman, P.: Predicting Health Behaviour, 2nd edn. Open University Press, Maidenhead (2005)

    Google Scholar 

  10. Davis, F.D.: A technology acceptance model for empirically testing new end-user information systems: Theory and results. Ph.D. thesis, Massachusetts Institute of Technology (1985)

    Google Scholar 

  11. Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User acceptance of computer technology: a comparison of two theoretical models. Manag. Sci. 35(8), 982–1003 (1989)

    Article  Google Scholar 

  12. Fishbein, M., Ajzen, I.: Belief, attitude, intention, and behavior: an introduction to theory and research. J. Bus. Ventur. 5, 177–189 (1977)

    Google Scholar 

  13. Halvorsrud, R., Haugstveit, I.M., Pultier, A.: Evaluation of a modelling language for customer journeys. In: Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), pp. 40–48. IEEE (2016)

    Google Scholar 

  14. Jackson, J., Allum, N., Gaskell, G.: Perceptions of risk in cyberspace. Technical report, London School of Economics and Politics (2004). Cyber trust & crime prevention project (04/1157)

    Google Scholar 

  15. Lewis, R., Louvieris, P., Abbott, P., Clewley, N., Jones, K.: Cybersecurity information sharing: a framework for information security management in UK SME supply chains. In: Proceedings of the 22nd European Conference on Information Systems, pp. 1–15 (2014)

    Google Scholar 

  16. Martin, G., Ghafur, S., Kinross, J., Hankin, C., Darzi, A.: WannaCry - a year on. BMJ 361, k2381 (2018)

    Google Scholar 

  17. May, C., et al.: Normalization Process Theory On-line Users’ Manual, Toolkit and NoMAD instrument (2015). http://www.normalizationprocess.org. Accessed 11 Feb 2021

  18. May, C., Finch, T.: Implementing, embedding, and integrating practices: an outline of normalization process theory. Sociology 43(3), 535–554 (2009)

    Google Scholar 

  19. May, C.R., et al.: Development of a theory of implementation and integration: normalization process theory. Implement. Sci. 4, 29:1–29:9 (2009)

    Google Scholar 

  20. Montaño, D.E., Kasprzyk, D.: Theory of reasoned action, theory of planned behavior, and the integrated behavioral model. Health Behav. Theor. Res. Pract. 70(4), 231 (2015)

    Google Scholar 

  21. Pickering, B., Bartholomew, R., Nouri Janian, M., López Moreno, B., Surridge, M.: Ask me no questions: increasing empirical evidence for a qualitative approach to technology acceptance. In: Kurosu, M. (ed.) HCII 2020, Part I. LNCS, vol. 12181, pp. 125–136. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-49059-1_9

    Chapter  Google Scholar 

  22. Pickering, B., Janian, M.N., López Moreno, B., Micheletti, A., Sanno, A., Surridge, M.: Seeing potential is more important than usability: revisiting technology acceptance. In: Marcus, A., Wang, W. (eds.) HCII 2019, Part IV. LNCS, vol. 11586, pp. 238–249. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23535-2_18

    Chapter  Google Scholar 

  23. Pope, C., Halford, S., Turnbull, J., Prichard, J., Calestani, M., May, C.: Using computer decision support systems in NHS emergency and urgent care: ethnographic study using normalisation process theory. BMC Health Serv. Res. 13, 111:1–111:13 (2013)

    Google Scholar 

  24. Rogers, E.M.: Diffusion of Innovations, 5th edn. Free Press, New York (2010)

    Google Scholar 

  25. Rokkas, T., Neokosmidis, I.: Factors affecting the market adoption of cyber-security products in energy and electrical systems: the case of spear. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, pp. 1–8 (2020)

    Google Scholar 

  26. Sharma, K., Singh, A., Sharma, V.P.: SMEs and cybersecurity threats in e-commerce. EDPACS EDP Audit Control Secur. Newsl. 39(5–6), 1–49 (2009)

    Google Scholar 

  27. Simon, J.: Attitudes of Hungarian asthmatic and COPD patients affecting disease control: empirical research based on health belief model. Front. Pharmacol. 4, 135 (2013)

    Article  Google Scholar 

  28. Surridge, M., et al.: Modelling compliance threats and security analysis of cross border health data exchange. In: Attiogbé, C., Ferrarotti, F., Maabout, S. (eds.) MEDI 2019. CCIS, vol. 1085, pp. 180–189. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32213-7_14

    Chapter  Google Scholar 

  29. Vakakis, N., Nikolis, O., Ioannidis, D., Votis, K., Tzovaras, D.: Cybersecurity in SMEs: the smart-home/office use case. In: 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1–7. IEEE (2019)

    Google Scholar 

  30. Venkatesh, V., Morris, M.G., Davis, G.B., Davis, F.D.: User acceptance of information technology: toward a unified view. MIS Q. 27(3), 425–478 (2003)

    Google Scholar 

  31. Von Solms, R., Van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)

    Article  Google Scholar 

  32. Ward, K.: Social networks, the 2016 US presidential election, and Kantian ethics: applying the categorical imperative to Cambridge analytica’s behavioral microtargeting. J. Media Ethics 33(3), 133–148 (2018)

    Article  Google Scholar 

  33. Warkentin, M., Johnston, A.C., Shropshire, J., Barnett, W.D.: Continuance of protective security behavior: a longitudinal study. Decis. Support Syst. 92, 25–35 (2016)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by the EU H2020 project CyberKit4SME (Grant agreement: 883188).

Author information

Authors and Affiliations

  1. Electronics and Computer Science, IT Innovation, University of Southampton, Gamma House, Enterprise Road, Southampton, SO16 7NS, UK

    Brian Pickering, Stephen Phillips & Mike Surridge

  2. SINTEF Digital, Forskningsveien 1, 0373, Oslo, Norway

    Costas Boletsis & Ragnhild Halvorsrud

Authors
  1. Brian Pickering
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Costas Boletsis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ragnhild Halvorsrud
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stephen Phillips
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mike Surridge
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Brian Pickering .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pickering, B., Boletsis, C., Halvorsrud, R., Phillips, S., Surridge, M. (2021). It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2021. Lecture Notes in Computer Science(), vol 12788. Springer, Cham. https://doi.org/10.1007/978-3-030-77392-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77392-2_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77391-5

  • Online ISBN: 978-3-030-77392-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation