Abstract

Insider threats have consistently been identified as key threats to State-owned Corporations and governments (SoCs). Research has shown that huge amounts of resources go towards safeguarding organizations’ assets and information systems from external threats in total disregard of potential threats from malicious and compromised insiders. Recent studies indicate that insider threats are on the rise and have cost the Kenyan economy $ 36Million USD. In addition, investigations show that these threats are increasing in scale, scope, and sophistication. The general objective of the study was to investigate on the organizational factors influencing insider security threats in State-owned Corporations in Kenya. Specifically, the study evaluated the influence of organizational security policies, organizational security learning practices and organizational communication practices on insider security threats in State-owned Corporations in Kenya. The study was anchored on the CISA Insider Threats Risk Score Model, deterrence theory, social learning theory and the communication privacy management theory. The study adopted descriptive correlational research design. The target population was 187 State-owned Corporations in Kenya. A census sampling design was used targeting the Security managers or their equivalent in SoCs. The researcher utilized a self-administered questionnaire as the data collection method. Data was analysed through quantitative techniques using the SPSS. The study established that organizational security policies have significant influence on insider security threats in SoCs in Kenya. The study also established that organizational security learning practices have significant influence on insider security threats in SoCs in Kenya. In addition, the study revealed that organizational communication practices have significant influence on insider security threats in SoCs in Kenya. The study also deduced that the combined influence of organizational security policies, learning practices and communication practices (organizational factors) significantly influence insider security threats in SoCs in Kenya. The study recommends that SoCs consider conducting a comprehensive review of their existing security policies, ensuring clarity on the severity of consequences for insider threats. Further, the study recommends that SoCs work on strengthening their learning policies to emphasize the importance of observational learning, role modeling, and positive reinforcement in the context of security awareness to address insider security threats. Additionally, the study recommends that SoCs provide training programs that emphasize effective communication practices surrounding privacy management.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.