A cyber security culture framework and its impact on Zimbabwean organizations

Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. Cybersecurity culture is a set of the attitudes, assumptions, beliefs, values and knowledge that people use in their interaction with the information assets. In Zimbabwe not much has been done in terms of cultivating a culture of cyber security in organisations although giant steps have been taken to adopt and use ICTs. The lack of a framework to provide direction, focus, guidance and a standardised way of addressing cybersecurity issues in Zimbabwe is one of the challenges being faced in the ICT industry. With no cybersecurity framework in place, dealing with cybersecurity issues becomes problematic as there is no guidance and direction on how to prevent, respond and reduce cybersecurity breaches and risk as well as improve personnel awareness. A cybersecurity framework that will support a cybersecurity culture to prevent cyber-attacks in Zimbabwe is therefore required under these circumstances. The research question is “How can a cyber security culture framework be developed to solve cybersecurity problems for grassroot users of cyberspace in Zimbabwe?” In that regard, the contextual nature of the problem that this research seeks to solve can only be addressed from an Interpretivist position. In this research, an Interpretivist or Constructivist paradigm was used. A qualitative research methodology was used and Focus Group discussions were used as the research design in a workshop environment