Information security education, training, and awareness within the mobile financial services sector.

Abstract

Previous research has underscored the critical role of integrating technology, processes, and human factors in ensuring the resilience and security of Information Technology (IT) systems. Often, failures in IT systems within organizations stem not from technological weaknesses, but from insufficient user awareness regarding security protocols. This study delves into the significance of Information Security Awareness (ISA) in fostering secure behaviours among users of Mobile Financial Services (MFS) in Kenya. Through an examination of factors contributing to effective cybersecurity awareness initiatives, this research offers valuable insights for organizations evaluating the role of ISA in enhancing the cybersecurity practices of MFS users. Adopting an interdisciplinary approach that merges insights from financial services and information systems disciplines, this study draws on data collected from five counties in Kenya using questionnaires. The study encompasses 1159 MFS users and 23 professionals engaged in providing financial services through mobile channels. Results reveal that 52% of respondents experienced financial losses due to fraudulent mobile money transactions, while a significant 69% had never participated in any awareness sessions on mobile security. These findings underscore the pressing need for comprehensive training programs to instil secure behaviours among MFS users, particularly in light of the escalating adoption of MFS. To establish a robust framework for cybersecurity awareness tailored to MFS, the study adopts the NIST and MediaPro Adaptive awareness frameworks. Through thorough analysis, the research proposes the Adaptive Governance Awareness Model (AGAM). This model offers strategic guidelines for planning, evaluating, and implementing cybersecurity awareness initiatives targeting MFS users, thereby enhancing overall cybersecurity resilience within the MFS ecosystem.