Location

Accra, Ghana and Virtual

Start Date

28-8-2025 3:45 PM

End Date

28-8-2025 4:15 PM

Description

Organisations employ several strategies for mitigating insider threats, and yet recent studies have shown that insider threats continue to surge. Strategies are mostly reliant on technological solutions and more recently, a human centered approach where the focus is on psychological profile and behavioural habits of the individual posing the threat (the insider). The role of employees in reporting the insider or in the reporting of security incidents has received limited attention. This paper, through a literature review synthesis, identifies the factors influencing an employee’s willingness to report an insider and consequently reporting of security incidents. Through a thematic analysis of 30 papers, two main themes emerged. First, reporting of security incidents was influenced by human factors of attitude about oneself, the perceived benefits and consequences of reporting, and the attitudes towards colleagues. Second, reporting of security incidents was influenced by organisational resources, rules, and regulations, as well as competing values and culture.

Download

Share

COinS
 
Aug 28th, 3:45 PM Aug 28th, 4:15 PM

Employee’s Willingness to Engage in Information Security Incident Reporting

Accra, Ghana and Virtual

Organisations employ several strategies for mitigating insider threats, and yet recent studies have shown that insider threats continue to surge. Strategies are mostly reliant on technological solutions and more recently, a human centered approach where the focus is on psychological profile and behavioural habits of the individual posing the threat (the insider). The role of employees in reporting the insider or in the reporting of security incidents has received limited attention. This paper, through a literature review synthesis, identifies the factors influencing an employee’s willingness to report an insider and consequently reporting of security incidents. Through a thematic analysis of 30 papers, two main themes emerged. First, reporting of security incidents was influenced by human factors of attitude about oneself, the perceived benefits and consequences of reporting, and the attitudes towards colleagues. Second, reporting of security incidents was influenced by organisational resources, rules, and regulations, as well as competing values and culture.