Factors associated with the cybersecurity culture: A quantitative study of public e-health hospitals in South Africa

Abstract

The healthcare sector has become a high target of cyber threats due to the nature of the industry and the potential of personal and confidential information. Human related factors have proven to be the major contributor to the challenges confronting cybersecurity across different domains. Addressing the human problem in cybersecurity calls for a coordinated and inclusive cybersecurity measure like Cybersecurity Culture (CSC). CSC has been argued as an essential cybersecurity measure that contributes to changing human behaviour in terms of their attitude, beliefs and values as well as their performance towards security that may impact positive security behaviour. Research work in CSC is limited in the healthcare sector as existing works focus on financial and insurance sectors. Following a quantitative research method, this paper conducted an empirical study to identify CSC factors that are associated with public e-health hospitals in South Africa. The findings revealed that under the component of preparedness are issues of awareness and competency as factors that are highly associated with CSC. Under management, lack of a cybersecurity team, top management support as well as rewards and punishment were identified. Factors relating to responsibility and environmental components were also identified to have an association with CSC among Information Technology users. Identifying the factors would assist in the development of a framework for establishing CSC in the hospitals which would form a base for hospitals in developing CSC in their settings.