Nkwana, Carol Brenda2024-08-292024-08-292023-03-10https://hdl.handle.net/20.500.14519/548In today’s digital economy, cybersecurity breaches have become a growing challenge. Organizations have the responsibility of protecting their information resources from cybersecurity threats. Some of these threats may originate from within the perimeters of an organization (insider threats). The major objective of this study was to develop a model to reduce cybersecurity insider threats in a South African telecommunication organization. This study was motivated by the fact that cybersecurity insider threats may be a bigger threat than most organizations comprehend. Organizations are investing a lot of financial and human resources to protect themselves from technological vulnerabilities emanating from outside the organization as compared to threats coming from employees. The study used Situational Crime Prevention (SCP) and Social Bond (SB) theories as lenses to develop the model for cybersecurity insider threats reduction. A positivistic research philosophy was selected as being the most appropriate in understanding the challenges of insider threats in organizations. A deductive quantitative approach using a survey research strategy was adopted as the research methodology. Probability sampling based on simple random sampling technique was used to sample participants, and data was collected using a 7-point Likert scale using a close-ended questionnaire. The results indicated that out of 95 respondents, 38.9% were male respondents and 61.1% were female respondents. Most of the participants were between 36 and 45 years at 56.8%, followed by 26–35 years at 30.5%. One respondent was above 55 years. The research model was tested using Structural Equation Modelling (SEM) with quantitative data collected from 95 IT professionals in the telecommunication organization. The results revealed that only two of the ten hypothesized relationships between the model variables were accepted. The results indicated that personal norms in the domain of cybersecurity have a positive influence on individuals’ attitude towards engaging in cybersecurity misbehaviour, and the individual reduction of intention to misbehaviour has a significant relationship with the reduction of insider threats. This study suggests that management should give close and thoughtful attention to factors that encourage their employees to engage in cybersecurity misbehaviour. As an efficient and effective approach to mitigate the risk of cybersecurity insider threats, identification and classification of these factors should be followed by proper planning with a goal of reducing their negative effect on employees’ behaviour.enCC0 1.0 Universalhttp://creativecommons.org/publicdomain/zero/1.0/CybersecurityInsider threatsInformation resourcesTelecommunicationsThesis