The Need for Effective Information Security Awareness in Private Financial Company: Case from Libya

Abstract

The increase in cyber-attacks causes individuals and businesses to face financial loss and reputation damage. Most studies in information security ignore human factors and focus only on information security technological countermeasures, while the security culture of employees is vital for financial organizations. Financial organizations need to ensure that the interaction between employees and the information security system, contributes to the protection of information assets. The purpose of this study is to assess the security gap between how far technology has advanced and how much employees are aware of it. The study indicated that there is a serious problem with information security awareness in private financial organizations. The study concluded that the overall information security awareness of private financial organizations is not favorable to the protection of information assets. There is no appropriate foundation for defining how information security should manage in private financial organizations and the risk identification process. The study recommended that private financial organizations should implement information security awareness and training programs and implement a formal information security policy that aids in addressing threats on the technical, process, and people levels.