Factors affecting cybersecurity awareness: A qualitative study in Saudi Arabia

Abstract: The objective of this research was to gain a deeper comprehension of how individuals perceive and respond to cybersecurity and how various internal and external factors influence these behaviors and attitudes. Conducted at ABC organization in Saudi Arabia, the study employed the qualitative methodology. Two online focus groups were employed featuring open-ended questions. The data were subsequently analyzed thematically using inductive and deductive coding techniques. Several theories were used as theoretical lenses to analyze the data. After the collected data had been analyzed, three main themes emerged: (a) perceived safeguards and threats, (b) personal and professional experience in information security, and (c) necessity of education and raising awareness. Additionally, two sub-themes were revealed: (a) costs and benefits and (b) necessity of safeguard measures and attaining trust. The study’s identified themes and sub-themes offer a thorough comprehension of the demographic, social, cultural, and internalized factors influencing cybersecurity-related behavior. The identified themes could potentially be applicable to other settings. Future qualitative research could further explore the transferability of these findings by conducting similar studies in different organizational, cultural, and linguistic contexts. It is also recommended for future quantitative research to delve deeper than surface-level data and consider underlying meaning, factors, connections, or relationships that may skew the results. It is crucial to delve into hidden meanings, not just accept data at face value.

How to cite this paper

 Saleh, T., Kanaan, R., Alzubaidi, R., Kanaan, G & Nino, M. (2025). Factors affecting cybersecurity awareness: A qualitative study in Saudi Arabia.Uncertain Supply Chain Management, 13(4), 751-762.

Refrences

Abu-Alhaija, M. (2020). Cyber security: Between challenges and prospects. ICIC Express Letters Part B: Applications 11(11), cha 1019–1028. https://doi.org/10.24507/icicelb.11.11.1019
Addae, J. H., Sun, X., Towey, D., & Radenkovic, M. (2019). Exploring user behavioral data for adaptive cybersecurity. User Modeling and User-Adapted Interaction, 29(3), 701–750. https://doi.org/10.1007/s11257-019-09236-5
Ahmad, S., Wasim, S., Irfan, S., Gogoi, S., Srivastava, A., & Farheen, Z. (2019). Qualitative v/s. quantitative research—a summarized review. Journal of Evidence-Based Medicine and Healthcare, 6(43), 2828–2832. https://doi.org/10.18410/jebmh/2019/587
Ali, N. (2023). Influence of Data-Driven Digital Marketing Strategies on Organizational Marketing Performance: Mediating Role of IT Infrastructure. In: Yaseen, S.G. (eds) Cutting-Edge Business Technologies in the Big Data Era. SICB 2023. Studies in Big Data, vol 135. Springer, Cham. https://doi.org/10.1007/978-3-031-42463-2_31
Almansoori, A., Al-Emran, M., & Shaalan, K. (2023). Exploring the frontiers of cybersecurity behavior: A systematic review of studies and theories. Applied Sciences, 13(9), 5700. https://doi.org/10.3390/app13095700
Alsmadi, D., Maqousi, A., & Abuhussein, T. (2022). Engaging in cybersecurity proactive behavior: Awareness in COVID-19 age. Kybernetes. https://doi.org/10.1108/k-08-2022-1104
Al-Soud, A., Al Dweri, K., & Al Dweri, K. (2024). Exploring the landscape of cyber crimes targeting women: A literature review on cyber security laws. Al-Balqa Journal for Research and Studies, 27(2), 272–290 . https://doi.org/10.35875/04x1hz93
Alzighaibi, A. R. (2021). Cybersecurity attacks on academic data and personal information and the mediating role of education and employment. Journal of Computer and Communications, 9(11), 77–90. https://doi.org/10.4236/jcc.2021.911006
Alzubaidi, A. (2021). Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia. Heliyon, 7(1), e06016. https://doi.org/10.1016/j.heliyon.2021.e06016
An, Q., Hong, W. C. H., Xu, X., Zhang, Y., & Kolletar-Zhu, K. (2022). How education level influences internet security knowledge, behaviour, and attitude: A comparison among undergraduates, postgraduates and working graduates. Research Square. https://doi.org/10.21203/rs.3.rs-1977578/v1
Archibald, M. M., Ambagtsheer, R. C., Casey, M., & Lawless, M. (2019). Using Zoom videoconferencing for qualitative data collection: Perceptions and experiences of researchers and participants. International Journal of Qualitative Methods, 18, 160940691987459. https://doi.org/10.1177/1609406919874596
Cai, L., Yuen, K. F., & Wang, X. (2023). Explore public acceptance of autonomous buses: An integrated model of UTAUT, TTF and trust. Travel Behaviour and Society, 31, 120–130. https://doi.org/10.1016/j.tbs.2022.11.010
Castillo-Vergara, M., Alvarez-Marin, A., Pinto, E. C., & Valdez-Juárez, L. E. (2022). Technological acceptance of Industry 4.0 by students from rural areas. Electronics, 11(14). https://doi.org/10.3390/electronics11142109
Chaveesuk, S., Khalid, B., Bsoul-Kopowska, M., Rostańska, E., & Chaiyasoonthorn, W. (2022). Comparative analysis of variables that influence behavioral intention to use MOOCs. PLOS ONE, 17(4), e0262037. https://doi.org/10.1371/journal.pone.0262037
Dwivedi, Y. K., Rana, N. P., Jeyaraj, A., Clement, M., & Williams, M. D. (2017). Re-examining the unified theory of acceptance and use of technology (UTAUT): Towards a revised theoretical model. Information Systems Frontiers, 21(3), 719–734. https://doi.org/10.1007/s10796-017-9774-y
Eneizan, B., Mohammed, A. G., Alnoor, A., Alabboodi, A. S., & Enaizan, O. (2019). Customer acceptance of mobile marketing in Jordan: An extended UTAUT2 model with trust and risk factors. International Journal of Engineering Business Management, 11. https://doi.org/10.1177/1847979019889484
Eyisi, D. (2016). The usefulness of qualitative and quantitative approaches and methods in researching problem-solving ability in science education curriculum. Journal of Education and Practice, 7(15), 91–100. (EJ1103224). ERIC. http://files.eric.ed.gov/fulltext/EJ1103224.pdf
Fidler, C. S., Kanaan, R. K., & Rogerson, S. (2011). Barriers to e-Government Implementation in Jordan: The Role of Wasta. International Journal of Technology and Human Interaction (IJTHI), 7(2), 9-20. http://doi.org/10.4018/jthi.2011040102
Guest, G., Namey, E., & McKenna, K. (2016). How many focus groups are enough? Building an evidence base for nonprobability sample sizes. Field Methods, 29(1), 3–22. https://doi.org/10.1177/1525822x16639015
Hanna, M. (2020). Exploring cybersecurity awareness and training strategies to protect information systems and data [Doctoral dissertation, Walden University]. Walden Dissertations and Doctoral Studies Collection. https://scholarworks.waldenu.edu/dissertations/8902
Hooda, A., Gupta, P., Jeyaraj, A., Giannakis, M., & Dwivedi, Y. K. (2022). The effects of trust on behavioral intention and use behavior within e-government contexts. International Journal of Information Management, 67, 102553. https://doi.org/10.1016/j.ijinfomgt.2022.102553
Jamil, H. (2022). Factors affecting users cybersecurity practices: A study of Australian microbusinesses [Doctoral dissertation, Charles Sturt University]. Charles Sturt University Research Output. https://researchoutput.csu.edu.au/ws/portalfiles/portal/290130889/Factors_Affecting_Users_Cybersecurity_Practices_A_Study_of_Australian_Microbusinesses.pdf
Juozapavičius, A., Brilingaitė, A., Bukauskas, L., & Lugo, R. G. (2022). Age and gender impact on password hygiene. Applied Sciences, 12(2), 894. https://doi.org/10.3390/app12020894
Kannelønning, K., & Katsikas, S. K. (2023). A systematic literature review of how cybersecurity-related behavior has been assessed. Information & Computer Security. https://doi.org/10.1108/ics-08-2022-0139
Kotliar, D. M., & Carmi, E. (2023). Keeping Pegasus on the wing: Legitimizing cyber espionage. Information, Communication & Society. https://doi.org/10.1080/1369118x.2023.2245873
Krueger, R., & Casey, M. A. (2015). Focus groups: A practical guide for applied research (5th ed.). SAGE.
Lee, C. C., Ruane, S., Lim, H. S., Zhang, R., & Shin, H. (2021). Exploring the behavioral intention to use collaborative commerce: A case of Uber. Journal of International Technology and Information Management, 30(5), 97–119. https://doi.org/10.58729/1941-6679.1545
Li, Y., & Siponen, M. T. (2011). A call for research on home users’ information security behaviour. Pacific Asia Conference on Information Systems, 112. https://aisel.aisnet.org/pacis2011/112/
Morgan, D. L., & Hoffman, K. (2018). Focus groups. In U. Flick (Ed.), The SAGE handbook of qualitative data collection (pp. 250–263). SAGE.
Mou, J., Cohen, J. B., Bhattacherjee, A., & Kim, J. (2022). A test of protection motivation theory in the information security literature: A meta-analytic structural equation modeling approach in search advertising. Journal of the Association for Information Systems, 23(1), 196–236. https://doi.org/10.17705/1jais.00723
Ng, K. C., Zhang, X., Thong, J. Y., & Tam, K. Y. (2021). Protecting against threats to information security: An attitudinal ambivalence perspective. Journal of Management Information Systems, 38(3), 732–764. https://doi.org/10.1080/07421222.2021.1962601
Nguyen, T. N. M., Whitehead, L., Dermody, G., & Saunders, R. (2021). The use of theory in qualitative research: Challenges, development of a framework and exemplar. Journal of Advanced Nursing, 78(1).
Nowell, L. S., Norris, J. M., White, D. E., & Moules, N. J. (2017). Thematic analysis: Striving to meet the trustworthiness criteria. International Journal of Qualitative Methods, 16(1), 1–13. https://doi.org/10.1177/1609406917733847
QSR International. (2022). Best transcription software for audio & video for research | NVivo. https://www.qsrinternational.com/nvivo-qualitative-data-analysis-software/about/nvivo/modules/transcription
Quayyum, F., Cruzes, D. S., & Jaccheri, L. (2021). Cybersecurity awareness for children: A systematic literature review. International Journal of Child-Computer Interaction, 30, 100343. https://doi.org/10.1016/j.ijcci.2021.100343
Saldana, J. (2013). The coding manual for qualitative researchers (2nd ed.). SAGE.
Singh, S., Sahni, M. M., & Kovid, R. K. (2020). What drives FinTech adoption? A multi-method evaluation using an adapted technology acceptance model. Management Decision, 58(8), 1675–1697. https://doi.org/10.1108/md-09-2019-1318
Sulaiman, N. S., Fauzi, M. A., Wider, W., Rajadurai, J., Hussain, S., & Harun, S. A. (2022). Cyber–Information security compliance and violation behaviour in organisations: A systematic review. Social Sciences, 11(9), 386. https://doi.org/10.3390/socsci11090386
Veale, M., & Brown, I. (2020). Cybersecurity. Internet Policy Review, 9(4). https://doi.org/10.14763/2020.4.1533
Westcott, R., Ronan, K., Bambrick, H., & Taylor, M. (2017). Expanding protection motivation theory: Investigating an application to animal owners and emergency responders in bushfire emergencies. BMC Psychology, 5(13), 1–14. https://doi.org/10.1186/s40359-017-0182-3
Williams, M., & Moser, T. (2019). The art of coding and thematic exploration in qualitative research. International Management Review, 15(1), 45–55.
Yaseen, S.G. & El Qirem, I.A. (2018). Intention to use e-banking services in the Jordanian commercial banks. International Journal of Bank Marketing, 36(3), 557-571. https://doi.org/10.1108/IJBM-05-2017-0082.

Journals

USCM Volumes

Keywords

Authors

Countries

Uncertain Supply Chain Management

Factors affecting cybersecurity awareness: A qualitative study in Saudi Arabia Pages 751-762 Download PDF

Add Reviews