Article #1.

Sofia J. Reyes-Villanueva

Professor Name 

CYSE201S

30 September 2024

Article Review on the Impact of Cybersecurity and AI’s Related Factors on Incident Reporting Suspicious Behavior and Employees Stress: Moderating Role of Cybersecurity Training.

This article focuses on the relationship between cybersecurity and the stress it can cause employees. One of the main statements is that the stress in employees causes them to not know how to manage cyber risks when they may not have any training in cybersecurity. When it comes to the cybersecurity risk management, the researchers conducted a data-analysis on identifying the main stressors for cybersecurity personnel, and if they have any differences with the typical IT personnel. This article also mentions the rise of AI and how cybersecurity personnel are getting more used to the nature of AI threats and the intentional use of AI.  A way this relates to a principal is with empiricism. Empiricism refers to scientists only being able to study behavior which is real to the senses, which one cannot do with AI since it is not a living thing that can be quite unpredictable. Therefore it is not like cyber security personnel can study and find out its “pattern” or its main intention (which includes psychology and the main reason why a hacker did the attack) since it may be different every time, along with some having a fear of using such technologies due to their lack of understanding and knowledge. Another principle that takes part of the study is relativism. Relativism means that all things are related, either its systems or notes that change one thing that leads to a domino effect in changing something else. Cybersecurity relates to the safety of the systems in the business. The safety of the systems connects to the stress some employees may be experiencing. Another thing that connects and relates to cybersecurity and the stress is the lack of awareness in attacks, and how to respond/report them, along with the use of AI. It creates a small domino effect.

Study’s research or hypotheses.

A  

Types of Research Methods used.

This study aimed to gather comprehensive and measurable data through surveys from diverse sectors such as fast food chains, e-commerce firms, and banks. The selection of participants was also designed to have a broad spectrum such as organizational settings,  and job roles. All this falls under the category of a study known as Survey Research. One of the limitations with this type of research is the sample used may not be representative to all sectors or regions, which limits the generalizability of the findings.

Types of data and analysis.

The Data analysis involved computing descriptive statistics for different factors related to cybersecurity awareness and behavior. The factors include:

  • Cyber Security Incident Management (CSIM)
  • Cyber Security Awareness (CSA)
  • Intention to use AI (IU-AI)
  • Perceived Threats in AI (PT-AI)
  • Cyber Training (CT)
  • Incident Reporting Suspicious Behavior (IRSB)
  • Employee Stress Levels (ESL)

In this study, they labeled the factors so they are rated on a scale from 1(lowest) – 5(highest), where the average score reflects the typical response and the standard deviation indicates the variability in responses. The data table was shown below:

  • Cyber Security Awareness (CSA) rating: 3.66 (highest average)
  • Cyber Security Incident Management (CSIM): 3.24
  • Perceived Threats in AI (PT-AI) : 2.99
  • Cyber Training (CT):  3.01
  • Incident Reporting Suspicious Behavior (IRSB): 3.18
  • Employee Stress Levels (ESL): 3.22
  • Intention to use AI (IU-AI) rating: 2.97 (less frequent or intention of usage)

There were different types of models also done with the data, in the measurement model (As shown in the example above), it indicates strong reliability and validity across the constructs. Meanwhile Discriminant validity assesses the speciality of each construct by examining their correlations with others. The R-Square values explain the proportion of variance in the dependent variables explained by the independent variables. In the next table, they used the mediating effect between the categories and ESL, and then did another table on moderating effects on CT on the relationships between the other categories.

How the article relates to concepts from class

A concept derived from class that fits into this article is victimization. Victimization is the certain action from someone with the outcome of hurting someone else. This simply relates with how hackers who attack the company systems, also end up hurting the employees by stressing them out. Shortly following with victim behavior. Victim Behavior is pointed out in the lack of awareness in cybersecurity in employees. 

Overall Conclusion of the study and its contributions.

As mentioned in the article: “This study contributes to advancing theories in cybersecurity management by highlighting the critical roles of incident reporting and cybersecurity training in mitigating employee stress levels.” Back to the beginning, it shows how being able to manage cybersecurity factors – such as incident management, awareness, intention to use AI, and perceived threats – helps ease the stress and benefits to employee well-being. This also relates to psychology and how these types of issues expand to psychological factors like stress that comes along with cybersecurity practices and adapting to new technology which is addressed in the study of the differences on stress-levels with normal IT and cybersecurity.   To conclude the article, this study helps businesses understand the high need for Cyber Security Awareness Training. It comes with many benefits such as being able to keep their systems safe, employees have an understanding of the threats exposed, how to manage and report risks or attacks, and it helps with employee stress which eventually can help raise the performance of the overall business. According to the article, “decision makers and employees who are well informed about cybersecurity are more likely to embrace AI technologies, equipped to handle associated risks effectively”, along with the study highlighting the ongoing need for cybersecurity education and awareness initiatives to help employees in identifying and responding to cyber threats effectively, even if they are AI and require ethical and regulatory dimensions with technical aspects.The article continues to state that in the future, these types of experimental studies should evaluate the effectiveness of various cybersecurity training programs to help enhance awareness, to help understand the complex dynamics in cybersecurity and the rise of AI being used everywhere. 

Works Cited

https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/330/99