Cyber incidents threaten organizations, and while technical measures catch many, they miss some. Therefore, employee reporting is crucial. This article shifts the focus from policy compliance, often centered on phishing, to the employee perspective, offering a broader view of reportable incidents and reasons for reporting. We interviewed 13 CISOs and 27 employees and surveyed 51 incident reporters. Our findings show that employees identify many reportable situations beyond phishing. Several factors drive the reasons for reporting and not reporting incidents. We suggest further research to develop targeted behavioral interventions to encourage incident reporting.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Beyond Phishing: A Human-Centered Exploration of Cyber Incident Reporting

  • Sander Ebbers,
  • Jurjen Jansen,
  • Wouter Ph. Stol

摘要

Cyber incidents threaten organizations, and while technical measures catch many, they miss some. Therefore, employee reporting is crucial. This article shifts the focus from policy compliance, often centered on phishing, to the employee perspective, offering a broader view of reportable incidents and reasons for reporting. We interviewed 13 CISOs and 27 employees and surveyed 51 incident reporters. Our findings show that employees identify many reportable situations beyond phishing. Several factors drive the reasons for reporting and not reporting incidents. We suggest further research to develop targeted behavioral interventions to encourage incident reporting.