Cultural Influences on Information Security


  • Henry Collier Norwich University
  • Charlotte Morton
  • Dalal Alharthi
  • Jan Kleiner



cybersecurity, resilience, susceptibility, culture, social engineering, behaviours


Humans are by far the weakest link in the information security chain. Many in the information security industry advocate for a technical solution to this problem. Unfortunately, technology does not hold the answer to solving the human problem. Instead, it is important to better understand the problem and find new ways of training individuals, so they have a better security mindset and make better security minded decisions. The security challenges associated with human factors have been widely studied in previous literature and different research groups. Prior research has shown that both human behavioural factors and social media usage factors can be used to better assess a person’s susceptibility to cybercrime. We know that humans are multi-faceted beings who are swayed by many factors. In addition to behavioural factors and social media factors, humans are predisposed by cultural influences. This paper begins the process of understanding how culture influences a person's ability to make positive cybersecurity decisions in a world that is full of data being thrown at them. The end goal of this research is to use culture, along with behaviour and social media usage as new metrics in measuring a person’s susceptibility to cybercrime. This information can then be used by information security practitioners and researchers to better prepare individuals to defend themselves from cyber threats. This paper is the start of the research process into how culture impacts a person’s susceptibility to cybercrime. It shows the significance of identifying what specific aspects of culture impact how someone makes a decision. This can help mitigate social engineering attacks by better understanding the influencing factors which control an end user. The authors will continue their work on this project to develop new Information Awareness (IA) training programmes that work to modify an individual's behaviour, while taking into consideration their behaviours, social media usage and culture.