Factors affecting risky cybersecurity behaviors by U.S. workers: An exploratory study

Effects of Internal and External Factors on Hospital Data Breaches: Quantitative Study

BACKGROUND

Health care data breaches are the most rapidly increasing type of cybercrime; however, the predictors of health care data breaches are uncertain.

OBJECTIVE

This quantitative study aims to develop a predictive model to explain the number of hospital data breaches at the county level.

METHODS

This study evaluated data consolidated at the county level from 1032 short-term acute care hospitals. We considered the association between data breach occurrence (a dichotomous variable), predictors based on county demographics, and socioeconomics, average hospital workload, facility type, and average performance on several hospital financial metrics using 3 model types: logistic regression, perceptron, and support vector machine.

RESULTS

The model coefficient performance metrics indicated convergent validity across the 3 model types for all variables except bad debt and the factor level accounting for counties with >20% and up to 40% Hispanic populations, both of which had mixed coefficient directionality. The support vector machine model performed the classification task best based on all metrics (accuracy, precision, recall, F1-score). All the 3 models performed the classification task well with directional congruence of weights. From the logistic regression model, the top 5 odds ratios (indicating a higher risk of breach) included inpatient workload, medical center status, pediatric trauma center status, accounts receivable, and the number of outpatient visits, in high to low order. The bottom 5 odds ratios (indicating the lowest odds of experiencing a data breach) occurred for counties with Black populations of >20% and <40%, >80% and <100%, and >40% but <60%, as well as counties with ≤20% Asian or between 80% and 100% Hispanic individuals. Our results are in line with those of other studies that determined that patient workload, facility type, and financial outcomes were associated with the likelihood of health care data breach occurrence.

CONCLUSIONS

The results of this study provide a predictive model for health care data breaches that may guide health care managers to reduce the risk of data breaches by raising awareness of the risk factors.

Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories

Cybersecurity procedures and policies are prevalent countermeasures for protecting organizations from cybercrimes and security incidents. Without considering human behaviors, implementing these countermeasures will remain useless. Cybersecurity behavior has gained much attention in recent years. However, a systematic review that provides extensive insights into cybersecurity behavior through different technologies and services and covers various directions in large-scale research remains lacking. Therefore, this study retrieved and analyzed 2210 articles published on cybersecurity behavior. The retrieved articles were then thoroughly examined to meet the inclusion and exclusion criteria, in which 39 studies published between 2012 and 2021 were ultimately picked for further in-depth analysis. The main findings showed that the protection motivation theory (PMT) dominated the list of theories and models examining cybersecurity behavior. Cybersecurity behavior and intention behavior counted for the highest purpose for most studies, with fewer studies focusing on cybersecurity awareness and compliance behavior. Most examined studies were conducted in individualistic contexts with limited exposure to collectivistic societies. A total of 56% of the analyzed studies focused on the organizational level, indicating that the individual level is still in its infancy stage. To address the research gaps in cybersecurity behavior at the individual level, this review proposes a number of research agendas that can be considered in future research. This review is believed to improve our understanding by revealing the full potential of cybersecurity behavior and opening the door for further research opportunities.

Cyber-security and risky behaviors in a developing country context: a Pakistani perspective

Cyber-security behavior research is scant with even scarce studies carried out in developing countries. We examine the cyber-security and risky Internet behaviors of undergraduate students from Pakistan, taking into account the diversity of these students in terms of demographics, socioeconomic status, and the digital divide. Data were collected using a survey questionnaire. A total of 294 students belonging to six different cities of Pakistan were surveyed employing multistage stratified sampling in face-to-face interaction. The results indicated significant differences of cyber-security posture in terms of gender, age and digital divide variables. The profiles of students based on cyber-security and risky Internet behaviors indicate three groups with a majority of them falling into group that exhibits more risk-averse yet low cyber-security behavior. Moreover, proactive cyber-security awareness behavior has a positive impact on high risk-averse behavior. The implications of the findings are studied in terms of providing customized training and awareness. The future directions are laid out for further explorations in terms of cultural differences within and cross-country contexts.