Cybersecurity Culture: An Ill-Defined Problem

Abstract

Cybersecurity necessitates the development of a solution that encourages acceptable user behaviour in the reality of cyberspace. Nowadays, users are considered to be the weakest link in the security chain – due to their insecure behaviour and their lack of awareness. However, even users who possess more cybersecurity awareness are reported to behave no differently from those who lack any form of cybersecurity awareness. Therefore, cultivating a cybersecurity culture is regarded as the best approach for addressing the human factors that weaken the cybersecurity chain. Research focusing on defining and measuring the cybersecurity culture is considered to be lacking. Additionally, there is an apparent lack of widely accepted key concepts that further delimits the culture. Both these assertions suggest that cybersecurity culture is an ill-defined problem. Therefore, this paper will attempt to confirm that cybersecurity culture is an ill-defined problem by means of content analysis. Classifying cybersecurity culture as an ill-defined problem can guide future researchers in what problem-solving processes to employ when addressing the problem of cybersecurity culture.