IDEAS home Printed from https://ideas.repec.org/a/eee/teinso/v83y2025ics0160791x25001903.html

An exploratory study on the human component using a cultural model to define open research topics for secure socio-technical systems

Author

Listed:
  • Brockinton, Amanda
  • Salnitri, Mattia
  • Kooner-Evans, Francesca
  • McAlaney, John
  • Thompson, Shelley

Abstract

Social engineering attacks like phishing emails target the human component of the whole socio-technical system (STS) of an organisation. These human components are exploited by actors to gain access and breach the whole system with examples like ransomware, pretexting, and even physical presences such as tailgating. Exploratory interviews investigate human components in organisations from six professionals with cybersecurity, psychology, and/or cyberpsychology backgrounds. Each interview lasted 30–45 min and were conducted remotely. Due to the sensitive nature of the cybersecurity field, participants were given full anonymity, meaning that interviews are not quoted directly. Results of the thematic analysis (TA) created six themes from the dataset: the weakest link narrative; influences (external and internal); the knowing-doing gap (a disconnect between knowledge and action); technology is always changing/security is always changing (security can always be better); the professional-client relationship in security and; the integration of technology and human behaviour in security. Additionally, results suggested that a thematic analysis is a useful multidisciplinary approach to help understand directions of future research. This is because of its explanatory power in describing how human components can be better integrated into systems to create more robust security cultures in organisations.

Suggested Citation

  • Brockinton, Amanda & Salnitri, Mattia & Kooner-Evans, Francesca & McAlaney, John & Thompson, Shelley, 2025. "An exploratory study on the human component using a cultural model to define open research topics for secure socio-technical systems," Technology in Society, Elsevier, vol. 83(C).
    • Handle: RePEc:eee:teinso:v:83:y:2025:i:c:s0160791x25001903
    DOI: 10.1016/j.techsoc.2025.103000
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0160791X25001903
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.techsoc.2025.103000?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Petratos, Pythagoras N., 2021. "Misinformation, disinformation, and fake news: Cyber risks to business," Business Horizons, Elsevier, vol. 64(6), pages 763-774.
    2. Nwafor, Onyi & Singh, Rahul & Collier, Cassie & DeLeon, Dereck & Osborne, Jim & DeYoung, Jon, 2021. "Effectiveness of nudges as a tool to promote adherence to guidelines in healthcare and their organizational implications: A systematic review," Social Science & Medicine, Elsevier, vol. 286(C).
    3. Sunil Venaik & Paul Brewer, 2010. "Avoiding uncertainty in Hofstede and GLOBE," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 41(8), pages 1294-1315, October.
    4. Congiu, Luca & Moscati, Ivan, 2022. "A review of nudges: definitions, justifications, effectiveness," LSE Research Online Documents on Economics 115134, London School of Economics and Political Science, LSE Library.
    5. Mincong Tang & Meng’gang Li & Tao Zhang, 2016. "The impacts of organizational culture on information security culture: a case study," Information Technology and Management, Springer, vol. 17(2), pages 179-186, June.
    6. Athina Ioannou & Iis Tussyadiah & Graham Miller & Shujun Li & Mario Weick, 2021. "Privacy nudges for disclosure of personal information: A systematic literature review and meta-analysis," PLOS ONE, Public Library of Science, vol. 16(8), pages 1-29, August.
    7. Luca Congiu & Ivan Moscati, 2022. "A review of nudges: Definitions, justifications, effectiveness," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 188-213, February.
    8. Neil F Doherty & Malcolm King, 2005. "From technical to socio-technical change: tackling the human and organizational aspects of systems development projects," European Journal of Information Systems, Taylor & Francis Journals, vol. 14(1), pages 1-5, March.
    9. Olt, Christian M. & Mesbah, Neda, 2019. "Weary of Watching Out? - Cause and Effect of Security Fatigue," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 113205, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    10. Kristina Lerman, 2016. "Information Is Not a Virus, and Other Consequences of Human Cognitive Limits," Future Internet, MDPI, vol. 8(2), pages 1-11, May.
    11. David Oliver Kasdan, 2020. "Do Koreans like being nudged? Survey evidence for the contextuality of behavioral public policy," Rationality and Society, , vol. 32(3), pages 313-333, August.
    12. S. Shyam Sundar & Silvia Knobloch‐Westerwick & Matthias R. Hastall, 2007. "News cues: Information scent and cognitive heuristics," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 58(3), pages 366-378, February.
    13. Hofstede, G., 2006. "What did GLOBE really measure? Researchers' minds versus respondents' minds," Other publications TiSEM 53fc2049-e658-4cff-a440-4, Tilburg University, School of Economics and Management.
    14. Rosalie L Tung, 2008. "The cross-cultural research imperative: the need to balance cross-national and intra-national diversity," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 39(1), pages 41-46, January.
    15. Wanda J. Orlikowski, 1992. "The Duality of Technology: Rethinking the Concept of Technology in Organizations," Organization Science, INFORMS, vol. 3(3), pages 398-427, August.
    16. Geert Hofstede, 2006. "What did GLOBE really measure? Researchers’ minds versus respondents’ minds," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 37(6), pages 882-896, November.
    17. Mari Karjalainen & Mikko Siponen & Petri Puhakainen & Suprateek Sarker, 2020. "Universal and Culture-dependent Employee Compliance of Information Systems Security Procedures," Journal of Global Information Technology Management, Taylor & Francis Journals, vol. 23(1), pages 5-24, January.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Sasaki, Innan & Yoshikawa, Katsuhiko, 2014. "Going beyond national cultures – Dynamic interaction between intra-national, regional, and organizational realities," Journal of World Business, Elsevier, vol. 49(3), pages 455-464.
    2. Tobias Steindl, 2021. "Cultural rule orientation, legal institutions, and the credibility of corporate social responsibility reports," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 28(1), pages 310-332, January.
    3. Jay Bates & Jeremy M. Beus & Shaun Parkinson, 2025. "Contextualizing Ethical Climate: Examining Contextual Moderators of the Connection Between Ethical Climate Perceptions and Ethical Behavior," Journal of Business Ethics, Springer, vol. 196(1), pages 129-148, January.
    4. Orcos, Raquel & Pérez-Aradros, Beatriz & Blind, Knut, 2018. "Why does the diffusion of environmental management standards differ across countries? The role of formal and informal institutions in the adoption of ISO 14001," Journal of World Business, Elsevier, vol. 53(6), pages 850-861.
    5. Sjoerd Beugelsdijk & Tatiana Kostova & Kendall Roth, 2017. "An overview of Hofstede-inspired country-level culture research in international business since 2006," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 48(1), pages 30-47, January.
    6. Messner, Wolfgang, 2025. "Quantification of cultural practices and diversity: An empirical experiment with generative artificial intelligence," Journal of World Business, Elsevier, vol. 60(3).
    7. Gupta, Deepika R. & Veliyath, Rajaram & George, Rejie, 2018. "Influence of national culture on IPO activity," Journal of Business Research, Elsevier, vol. 90(C), pages 226-246.
    8. Cristina López-Duarte & Marta M. Vidal-Suárez & Belén González-Díaz, 2019. "Cross-national distance and international business: an analysis of the most influential recent models," Scientometrics, Springer;Akadémiai Kiadó, vol. 121(1), pages 173-208, October.
    9. Bandyopadhyay, Tridib & Woszczynski, Amy B. & Crowell, Dale, 2025. "Musical attributes, cultural dimensions, social media: Insights for marketing music to consumers," Journal of Retailing and Consumer Services, Elsevier, vol. 82(C).
    10. Minoo Tehrani & Andreas Rathgeber & Lawrence Fulton & Bryan Schmutz, 2021. "Sustainability & CSR: The Relationship with Hofstede Cultural Dimensions," Sustainability, MDPI, vol. 13(21), pages 1-17, November.
    11. Erkko Autio & Saurav Pathak & Karl Wennberg, 2013. "Consequences of cultural practices for entrepreneurial behaviors," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 44(4), pages 334-362, May.
    12. Daniel Bertram & Ammar Maleki & Niels Karsten, 2020. "Factoring in Societal Culture in Policy Transfer Design: the Proliferation of Private Sponsorship of Refugees," Journal of International Migration and Integration, Springer, vol. 21(1), pages 253-271, March.
    13. Avloniti, Anthi & Filippaios, Fragkiskos, 2014. "Unbundling the differences between Psychic and Cultural Distance: An empirical examination of the existing measures," International Business Review, Elsevier, vol. 23(3), pages 660-674.
    14. Julius Juma Okello & David Ryan Just & Arjan Verschoor & Sylvester Okoth Ojwang & Janet Mwende Mutiso & Chalmers Kyalo Mulwa & Chenyan Gong & Sam Namanda & Srinivasulu Rajendran & Reuben Tendo Ssali &, 2026. "Nudging the adoption of improved crop varieties: evidence from a large randomized controlled sweetpotato trial in Uganda," Food Security: The Science, Sociology and Economics of Food Production and Access to Food, Springer;The International Society for Plant Pathology, vol. 18(1), pages 241-262, February.
    15. Constanze Chwallek & Andreas Engelen & Monika Oswald & Malte Brettel, 2012. "Die Wirkung des Führungsverhaltens des Top-Managements auf die unternehmerische Orientierung — ein 5-Länder-Vergleich," Schmalenbach Journal of Business Research, Springer, vol. 64(2), pages 138-165, March.
    16. Dan V. Caprar & Sunghoon Kim & Benjamin W. Walker & Paula Caligiuri, 2022. "Beyond “Doing as the Romans Do”: A review of research on countercultural business practices," Journal of International Business Studies, Palgrave Macmillan;Academy of International Business, vol. 53(7), pages 1449-1483, September.
    17. Yeganeh, Hamid, 2014. "A Weighted, Mahalanobian, and Asymmetrical Approach to Calculating National Cultural Distance," Journal of International Management, Elsevier, vol. 20(4), pages 436-463.
    18. Cater, Tomaz & Lang, Rainhart & Szabo, Erna, 2013. "Values and leadership expectations of future managers: Theoretical basis and methodological approach of the GLOBE Student project," Journal of East European Management Studies, Nomos Verlagsgesellschaft mbH & Co. KG, vol. 18(4), pages 442-462.
    19. Kittur, Prathamesh & Agarwal, Shailja, 2024. "Cultural bridges in Business: Critical review and future directions in cross-cultural B2B relationships," Journal of Business Research, Elsevier, vol. 180(C).
    20. Laffranchini, Giacomo & Kim, Si Hyun & Posthuma, Richard A., 2018. "A metacultural approach to predicting self-employment across the globe," International Business Review, Elsevier, vol. 27(2), pages 481-500.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:teinso:v:83:y:2025:i:c:s0160791x25001903. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/technology-in-society .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.