Individuals within an organization who repeatedly fall victim to phishing emails, referred to as Repeat Clickers, present a significant security risk to the organizations within which they operate. The causal factors for Repeat Clicking are poorly understood. This paper argues that this behavior afflicts a persistent minority of users and is explained as either the main effect of individual traits (personality or others) or is a moderated interaction between traits and other factors such as cultural influences, situational factors, or social engineering techniques. Because Repeat Clickers represent a disproportionate risk, identifying causal factors and developing mitigations for this behavior should provide substantial return on investment to improving the security of an organization. Developing such mitigations will require a better understanding of the individual differences contributing to repeat clicking behavior. We present pilot data and suggest research questions to improve understanding of the contributing factors of repeated victimization by phishing emails
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....