The role of human factors in cybersecurity has gained increasing interest in the past decade. Social science research methods can provide a unique avenue for obtaining a holistic overview of how cybersecurity is both implemented and perceived within an organisation. One-to-one semi-structured interviews were conducted with 17 participants from a finance sector organisation.
Five themes emerged from the thematic analysis: friction between cybersecurity and other processes; resource allocation; collaborative cybersecurity and professional responsibility; the role of training and awareness in effective cybersecurity; and employee and organisational trust. Cybersecurity employees, general employees, and management had both conflicting and consistent priorities in relation to cybersecurity. Pressures such as time and lack of resources were noted as disablers of effective cybersecurity in the organisation.
Moreover, the study details the potential benefit of social science research methodology being incorporated into existing risk assessment frameworks, to provide a holistic view of an organisation, and understanding cybersecurity as the symbiosis of technology, policy, process, and people.