A look at narcissist traits, cybersecurity awareness, and breach costs: a study addressing students and professionals from the accounting field

Autores

  • Márcia Figueredo D'Souza Universidade do Estado da Bahia -UNEB
  • Juliana Ventura Amaral Universidade de São Paulo USP https://orcid.org/0000-0001-7223-3848

DOI:

https://doi.org/10.17524/repec.v19.e3686

Palavras-chave:

Consciência sobre segurança cibernética, Custos de violação, Narcisismo

Resumo

Objective: To analyze the influence of cybersecurity awareness and narcissistic personality traits on breach cost awareness. 

Method: Descriptive research with a quantitative approach. Data were collected through a survey of two samples: 262 accounting students and 166 accounting professionals. Descriptive statistics and logistic regression were applied. 

Results: Both students and professionals struggled with classifying breach costs and reporting them in financial statements.  Cybersecurity awareness enabled professionals to understand the impacts of these costs better and feel more confident in their  classification. Among students with stronger narcissistic traits, overconfidence led to reports of greater cybersecurity awareness;  however, they failed to acknowledge their difficulties in classifying and reporting these costs. Professionals exhibited higher narcissistic scores and demonstrated greater knowledge in reporting breach costs in financial statements. 

Contributions: The findings contribute to the literature, as empirical evidence on this topic remains limited, and offer practical implications for the professional field. They encourage reflection among companies and accounting education institutions on the need  to develop specialized courses and content on cybersecurity, equipping accountants and aspiring accountants to recognize the  financial impacts of cyberattacks.

Tradução

Biografia do Autor

Márcia Figueredo D'Souza, Universidade do Estado da Bahia -UNEB

Pós-doc em Controladoria e Contabilidade pela FEA/USP. Doutora em Controladoria e Contabilidade pela FEA/USP. Mestre em Contabilidade pela Fundação Visconde de Cairu -FVC. Especialista em Educação à distancia pela UNEB. Bacharel em Ciências Contábeis pela Universidade Estadual de Feira de Santana. Bacharel em Administração pelo Centro Universitário Estácio da Bahia. Professora da UNEB e Professora do curso de Ciências Contábeis do Centro Universitário Estácio da Bahia.

Referências

Albrechtsen, E., & Hovden, J. (2010). Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study. Computers & Security, 29(4), 432-445.
Allam, S., Flowerday, S. V., & Flowerday, E. (2014). Smartphone information security awareness: a victim of operational pressures. Computers & Security, 42, 56-65.
Anderson, R., Barton, C., Böhme, R., Clayton, R., Eeten, M. J. van, Levi, M., ... & Savage, S. (2013). Measuring the cost of cybercrime. In Böhme, R. (eds). The Economics of Information Security and Privacy. Springer, Berlin, Heidelberg. (pp. 265-300). https://doi.org/10.1007/978-3-642-39498-0_12
Avelino, B. C. (2017). Olhando-se no espelho: uma investigação sobre o narcisismo no ambiente acadêmico. [Tese de doutorado, Universidade de São Paulo]. Biblioteca Digital. https://doi.org/10.11606/T.12.2017.tde-06042017-165713
Avelino, B. C., & Lima, G. A. S. F. (2017). Narcisismo e desonestidade acadêmica. Revista Universo Contábil, 13(3), 70. doi:10.4270/ruc.2017319
Bakarich, K. M., & Baranek, D. (2019). Something phish-y is going on here: a teaching case on business email compromise. Current Issues in Auditing, 14(1), A1-A9.
Baumeister, R. F., Bushman, B. J., & Campbell, W. K. (2000). Self-esteem, narcissism, and aggression: does violence result from low self-esteem or from threatened egotism? Current Directions in Psychological Science, 9, 26-29.
Boss, S. R., Gray, J., & Janvrin, D. J. (2022). Accountants, cybersecurity isn’t just for “techies”: incorporating cybersecurity into the accounting curriculum. Issues in Accounting Education, 37(3), 73-89.
Campbell, W. K., Hoffman, B. J., Campbell, S. M., & Marchisio, G. (2011). Narcissism in organizational contexts. Human Resource Management Review, 21(4), 268-284.
Carpenter, M. A., Geletkanycz, M. A., & Sanders, G. M. (2004). Upper echelons research revisited: antecedents, elements and consequences of top management team composition. Journal of Management, 30(6), 749-778.
Cram, W. A., & D'Arcy, J. (2016). Teaching information security in business schools: current practices and a proposed direction for the future. Communications of the Association for Information Systems, 39(1), 3.
Curtis, S. R., Rajivan, P., Jones, D. N., & Gonzalez, C. (2018). Phishing attempts among the dark triad: patterns of attack and vulnerability. Computers in Human Behavior, 87, 174-182.
Decreto n. 10.222, de 5 de fevereiro de 2020. Aprova a Estratégia Nacional de Segurança Cibernética. https://www.planalto.gov.br/ccivil_03/_ato2019-2022/2020/decreto/d10222.htm
Eaton, T. V., Grenier, J. H., & Layman, D. (2019). Accounting and cybersecurity risk management. Current Issues in Auditing, 13(2), C1-C9.
Gordon, L. A., & Loeb, M. P. (2006). Managing cybersecurity resources: a cost-benefit analysis (Vol. 1). New York: McGraw-Hill.
Hambrick, D. C. (2007). Upper echelons theory: an update. Academy of Management Review, 32(2), 334-343.
Hambrick, D. C., & Mason, P. A. (1984). Upper echelons: the organization as a reflection of its top managers. Academy of Management Review, 9(2), 193-206.
Janvrin, D. J., & Wang, T. (2022). Linking cybersecurity and accounting: an event, impact, response framework. Accounting Horizons, 36(4), 67-112.
Jones D. N. (2022). Shadows behind the keyboard: dark personalities and deception in cyberattacks. Proceedings of the 2022 ACM International Workshop on Security and Privacy Analytics (IWSPA ’22), April 27, 2022, Baltimore, MD, USA. ACM, New York, NY, USA, 2 pages. https://doi.org/10.1145/3510548.3519379
Jones, D. N., Padilla, E., Curtis, S. R., & Kiekintveld, C. (2021). Network discovery and scanning strategies and the dark triad. Computers in Human Behavior, 122, 106799.
Lagazio, M., Sherif, N., & Cushman, M. (2014). A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58-74.
Landwehr, C. E. (2001). Computer cecurity. International Journal of Information Security, 1(1), 3-13.
Lei n. 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
Maasberg, M., Slyke, C. Van, Ellis, S., & Beebe, N. (2020). The dark triad and insider threats in cyber security. Communications of the ACM, 63(12), 64-80.
Magalhães, M., & Koller, S. H. (1994). Relação entre narcisismo, sexo e gênero. Arquivos Brasileiro de Psicologia, 46(3/4), 77-93.
Núcleo de Informação e Coordenação do Ponto BR. (2020). Segurança digital: uma análise da gestão de riscos em empresas brasileiras [livro eletrônico]. Comitê Gestor da Internet no Brasil. https://www.nic.br/media/docs/publicacoes/7/20210514123130/estudos-setoriais-seguranca-digital.pdf
Paulhus, D. & Jones, D. (2015). Measures of dark personalities. In Boyle, G. J., Saklofske, D. H., & Matthews, G. (Eds.). Measures of personality and social psychological constructs (pp. 562-594). Elsevier. 10.1016/B978-0-12-386915-9.00020-6
Raskin, R., & Hall, C. S. (1979). A narcissistic personality inventory. Psychological Reports, 45, 590.
Raskin, R., & Terry, H. (1988). A principal-components analysis of the narcissistic personality inventory and further evidence of its construct validity. Journal of Personality and Social Psychology, 54(5), 890-902.
Reidenbach, M., & Wang, P. (2021). Heartland payment systems: cybersecurity impact on audits and financial statement contingencies. Issues in Accounting Education, 36(2), 93-109.
Resolução CVM n. 35, de 26 de maio de 2021. Estabelece normas e procedimentos a serem observados na intermediação de operações realizadas com valores mobiliários em mercados regulamentados de valores mobiliários. https://conteudo.cvm.gov.br/legislacao/resolucoes/resol035.html
Roohani, S. J. & Zheng, X. (2019). Using ten teaching modules and recently publicized data-breach cases to integrate cybersecurity into upper-level accounting courses. In Calderon, T. G. (Ed.). Advances in accounting education: teaching and curriculum innovations. (Vol. 23), Emerald Publishing Limited, Bingley (pp. 113-125). https://doi.org/10.1108/S1085-462220190000023007
Safa, N. S., Sookhak, M., Solms, R. Von, Furnell, S., Ghani, N. A., & Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78.
Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H. J. (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education, 52(1), 92-100.
Silva, W. R. (2018). Análise econômica dos impactos de ataques cibernéticos. [Dissertação de Mestrado, Faculdade de Economia, Administração e Contabilidade da Universidade de Brasília]. Repositório Aberto da Universidade de Brasília. http://repositorio.unb.br/handle/10482/34838
Woo, H-J. (2003). The hacker mentality: exploring the relationship between psychological variables and hacking activities. Dissertação [Doutorado em Filosofia, University of Georgia].

Publicado

31-03-2025

Como Citar

D’Souza, M. F., & Ventura Amaral, J. (2025). A look at narcissist traits, cybersecurity awareness, and breach costs: a study addressing students and professionals from the accounting field. Revista De Educação E Pesquisa Em Contabilidade (REPeC), 19. https://doi.org/10.17524/repec.v19.e3686