A look at narcissist traits, cybersecurity awareness, and breach costs: a study addressing students and professionals from the accounting field
DOI:
https://doi.org/10.17524/repec.v19.e3686Palavras-chave:
Consciência sobre segurança cibernética, Custos de violação, NarcisismoResumo
Objective: To analyze the influence of cybersecurity awareness and narcissistic personality traits on breach cost awareness.
Method: Descriptive research with a quantitative approach. Data were collected through a survey of two samples: 262 accounting students and 166 accounting professionals. Descriptive statistics and logistic regression were applied.
Results: Both students and professionals struggled with classifying breach costs and reporting them in financial statements. Cybersecurity awareness enabled professionals to understand the impacts of these costs better and feel more confident in their classification. Among students with stronger narcissistic traits, overconfidence led to reports of greater cybersecurity awareness; however, they failed to acknowledge their difficulties in classifying and reporting these costs. Professionals exhibited higher narcissistic scores and demonstrated greater knowledge in reporting breach costs in financial statements.
Contributions: The findings contribute to the literature, as empirical evidence on this topic remains limited, and offer practical implications for the professional field. They encourage reflection among companies and accounting education institutions on the need to develop specialized courses and content on cybersecurity, equipping accountants and aspiring accountants to recognize the financial impacts of cyberattacks.
Tradução
Referências
Allam, S., Flowerday, S. V., & Flowerday, E. (2014). Smartphone information security awareness: a victim of operational pressures. Computers & Security, 42, 56-65.
Anderson, R., Barton, C., Böhme, R., Clayton, R., Eeten, M. J. van, Levi, M., ... & Savage, S. (2013). Measuring the cost of cybercrime. In Böhme, R. (eds). The Economics of Information Security and Privacy. Springer, Berlin, Heidelberg. (pp. 265-300). https://doi.org/10.1007/978-3-642-39498-0_12
Avelino, B. C. (2017). Olhando-se no espelho: uma investigação sobre o narcisismo no ambiente acadêmico. [Tese de doutorado, Universidade de São Paulo]. Biblioteca Digital. https://doi.org/10.11606/T.12.2017.tde-06042017-165713
Avelino, B. C., & Lima, G. A. S. F. (2017). Narcisismo e desonestidade acadêmica. Revista Universo Contábil, 13(3), 70. doi:10.4270/ruc.2017319
Bakarich, K. M., & Baranek, D. (2019). Something phish-y is going on here: a teaching case on business email compromise. Current Issues in Auditing, 14(1), A1-A9.
Baumeister, R. F., Bushman, B. J., & Campbell, W. K. (2000). Self-esteem, narcissism, and aggression: does violence result from low self-esteem or from threatened egotism? Current Directions in Psychological Science, 9, 26-29.
Boss, S. R., Gray, J., & Janvrin, D. J. (2022). Accountants, cybersecurity isn’t just for “techies”: incorporating cybersecurity into the accounting curriculum. Issues in Accounting Education, 37(3), 73-89.
Campbell, W. K., Hoffman, B. J., Campbell, S. M., & Marchisio, G. (2011). Narcissism in organizational contexts. Human Resource Management Review, 21(4), 268-284.
Carpenter, M. A., Geletkanycz, M. A., & Sanders, G. M. (2004). Upper echelons research revisited: antecedents, elements and consequences of top management team composition. Journal of Management, 30(6), 749-778.
Cram, W. A., & D'Arcy, J. (2016). Teaching information security in business schools: current practices and a proposed direction for the future. Communications of the Association for Information Systems, 39(1), 3.
Curtis, S. R., Rajivan, P., Jones, D. N., & Gonzalez, C. (2018). Phishing attempts among the dark triad: patterns of attack and vulnerability. Computers in Human Behavior, 87, 174-182.
Decreto n. 10.222, de 5 de fevereiro de 2020. Aprova a Estratégia Nacional de Segurança Cibernética. https://www.planalto.gov.br/ccivil_03/_ato2019-2022/2020/decreto/d10222.htm
Eaton, T. V., Grenier, J. H., & Layman, D. (2019). Accounting and cybersecurity risk management. Current Issues in Auditing, 13(2), C1-C9.
Gordon, L. A., & Loeb, M. P. (2006). Managing cybersecurity resources: a cost-benefit analysis (Vol. 1). New York: McGraw-Hill.
Hambrick, D. C. (2007). Upper echelons theory: an update. Academy of Management Review, 32(2), 334-343.
Hambrick, D. C., & Mason, P. A. (1984). Upper echelons: the organization as a reflection of its top managers. Academy of Management Review, 9(2), 193-206.
Janvrin, D. J., & Wang, T. (2022). Linking cybersecurity and accounting: an event, impact, response framework. Accounting Horizons, 36(4), 67-112.
Jones D. N. (2022). Shadows behind the keyboard: dark personalities and deception in cyberattacks. Proceedings of the 2022 ACM International Workshop on Security and Privacy Analytics (IWSPA ’22), April 27, 2022, Baltimore, MD, USA. ACM, New York, NY, USA, 2 pages. https://doi.org/10.1145/3510548.3519379
Jones, D. N., Padilla, E., Curtis, S. R., & Kiekintveld, C. (2021). Network discovery and scanning strategies and the dark triad. Computers in Human Behavior, 122, 106799.
Lagazio, M., Sherif, N., & Cushman, M. (2014). A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58-74.
Landwehr, C. E. (2001). Computer cecurity. International Journal of Information Security, 1(1), 3-13.
Lei n. 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
Maasberg, M., Slyke, C. Van, Ellis, S., & Beebe, N. (2020). The dark triad and insider threats in cyber security. Communications of the ACM, 63(12), 64-80.
Magalhães, M., & Koller, S. H. (1994). Relação entre narcisismo, sexo e gênero. Arquivos Brasileiro de Psicologia, 46(3/4), 77-93.
Núcleo de Informação e Coordenação do Ponto BR. (2020). Segurança digital: uma análise da gestão de riscos em empresas brasileiras [livro eletrônico]. Comitê Gestor da Internet no Brasil. https://www.nic.br/media/docs/publicacoes/7/20210514123130/estudos-setoriais-seguranca-digital.pdf
Paulhus, D. & Jones, D. (2015). Measures of dark personalities. In Boyle, G. J., Saklofske, D. H., & Matthews, G. (Eds.). Measures of personality and social psychological constructs (pp. 562-594). Elsevier. 10.1016/B978-0-12-386915-9.00020-6
Raskin, R., & Hall, C. S. (1979). A narcissistic personality inventory. Psychological Reports, 45, 590.
Raskin, R., & Terry, H. (1988). A principal-components analysis of the narcissistic personality inventory and further evidence of its construct validity. Journal of Personality and Social Psychology, 54(5), 890-902.
Reidenbach, M., & Wang, P. (2021). Heartland payment systems: cybersecurity impact on audits and financial statement contingencies. Issues in Accounting Education, 36(2), 93-109.
Resolução CVM n. 35, de 26 de maio de 2021. Estabelece normas e procedimentos a serem observados na intermediação de operações realizadas com valores mobiliários em mercados regulamentados de valores mobiliários. https://conteudo.cvm.gov.br/legislacao/resolucoes/resol035.html
Roohani, S. J. & Zheng, X. (2019). Using ten teaching modules and recently publicized data-breach cases to integrate cybersecurity into upper-level accounting courses. In Calderon, T. G. (Ed.). Advances in accounting education: teaching and curriculum innovations. (Vol. 23), Emerald Publishing Limited, Bingley (pp. 113-125). https://doi.org/10.1108/S1085-462220190000023007
Safa, N. S., Sookhak, M., Solms, R. Von, Furnell, S., Ghani, N. A., & Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78.
Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H. J. (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education, 52(1), 92-100.
Silva, W. R. (2018). Análise econômica dos impactos de ataques cibernéticos. [Dissertação de Mestrado, Faculdade de Economia, Administração e Contabilidade da Universidade de Brasília]. Repositório Aberto da Universidade de Brasília. http://repositorio.unb.br/handle/10482/34838
Woo, H-J. (2003). The hacker mentality: exploring the relationship between psychological variables and hacking activities. Dissertação [Doutorado em Filosofia, University of Georgia].
Downloads
Publicado
Como Citar
Edição
Seção
Licença
Copyright (c) 2024 Revista de Educação e Pesquisa em Contabilidade (REPeC)
Este trabalho está licenciado sob uma licença Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Autores que publicam nesta revista concordam com os seguintes termos:
a) Autores mantém os direitos autorais e concedem à revista o direito de primeira publicação, com o trabalho simultaneamente licenciado sob a Licença Creative Commons Attribution 3.0 Unported License, que permite o compartilhamento do trabalho com reconhecimento da autoria e publicação inicial nesta revista. Esta licença permite que outros distribuam, remixem, adaptem ou criem obras derivadas, mesmo que para uso com fins comerciais, contanto que seja dado crédito pela criação original.
b) Não cabe aos autores compensação financeira a qualquer título, por artigos ou resenhas publicados na REPeC.
c) Os artigos e resenhas publicados na REPeC são de responsabilidade exclusiva dos autores.
d) Após sua aprovação, os autores serão identificados em cada artigo, devendo informar à REPeC sua instituição de ensino/pesquisa de vínculo e seu endereço completo.
