Towards a framework for enhancing employees' cybersecurity policy awareness in financial institutions

Abstract

In an era marked by technological reliance and the escalating frequency of cyberattacks, prioritising cybersecurity has become imperative for organisations, particularly in the financial sector. The safeguarding of financial data and assets requires measures beyond conventional tools such as firewalls and encryption. However, a critical vulnerability persists in the form of the human element, as many financial sector employees lack adequate training in cybersecurity best practices, leaving organisations susceptible to cyber threats. To address this vulnerability, financial institutions must proactively implement effective awareness programs centred on cybersecurity policies. These programs aim to elevate employee awareness of risks, provide knowledge on identifying and responding to threats, and instilling a pervasive culture of cybersecurity. Despite the acknowledged importance of such programs, a noticeable research gap exists regarding their effectiveness and best practices. This study bridges this gap by proposing a comprehensive framework to enhance cybersecurity policy awareness programs within the financial sector. Informed by an extensive review of relevant literature and insights from interviews with cybersecurity experts and financial professionals, the framework offers practical guidelines to fortify cybersecurity initiatives, ultimately mitigating the potential for cyberattacks. Furthermore, employing a quantitative monomethod, the research gathered perspectives from employees of financial institutions, encompassing both IT and non-IT staff. The results unveiled a significant disparity in the impact of cybersecurity policy awareness programs on employee behaviour, exposing gender differences with males exhibiting a higher likelihood of possessing advanced cybersecurity knowledge. Recognising the implications for women's empowerment in the cybersecurity field, the framework incorporates gender mainstreaming. To address challenges, the study recommends proactive measures, including comprehensive training programs and reporting procedures, to enhance cybersecurity knowledge across all employees. Emphasising the urgency of addressing gender disparities to foster inclusivity and diversity, the refined framework strategically positions itself to tackle compliance issues. It aims to contribute to the cultivation of a robust cybersecurity culture, ensuring a holistic and inclusive approach to policy adherence within financial organisations