George Mwathi Njoroge is an ICT Manager in a Kenyan government office where he has been head of department since 2010. He received a Bachelors Honours Degree in Computer Science and Engineering from Maseno University. He has vast experience in running ICT department in both private and public sectors, including small and medium enterprises and ICT training institutions. He has successfully carried several ICT projects, including in house system development and system administration. He is an active member of Information Security Management Systems (ISMS) committee in his current job location.
Project Summary
Project Title: Human Factors Affecting Favourable Cybersecurity Culture: A Case of Small and Medium-sized Enterprises (SMEs) Providing Enterprise wide Information Systems Solutions in Nairobi City County in Kenya.
Abstract: Recent news coverage in both print and electronic media clearly indicates that cyberattacks are increasingly on the rise. As compared to large enterprises, SMEs are highly vulnerable to cyberattacks for they lack adequate cybersecurity controls in place to cope up with evolving cyber threats. Reports from the industry have underlined human factors as the root cause of many cybersecurity incidents in organizations. This study, thus, purposed to examine the key human factors that impact on favourable cybersecurity culture in Kenyan SMEs that provides enterprise wide information Systems solutions and that are premised in Nairobi City County. To achieve this, a quantitative research inform of descriptive research design was conducted. Mail survey method was adopted to gather primary data through a structured questionnaire from SMEs selected from the official 2019 yellow pages Kenya online directory. The regression analysis results established that top management support and involvement together with reward and deterrence measures are positive and significant predictors of favourable cybersecurity culture and thus form important strategies for instilling favourable cybersecurity culture in SMEs considered. Other strategies that need to be developed by these SMEs are cybersecurity policy, cybersecurity change management, cybersecurity training and awareness programs, cybersecurity monitoring and audit for they were also found to have a positive effect on favourable cybersecurity culture. The study concludes by emphasizing the need for adequate and consistent top management support and involvement in cybersecurity issues.