Impact of Culture on Cybersecurity Awareness in the GCC Region

Abstract

Due to the increasing complexity of technology and the proliferation of global networks, cybersecurity threats pose a serious problem for businesses and governments worldwide. The purpose of this study is to examine the role that national and organisational culture plays in shaping cybersecurity in two GCC countries—Saudi Arabia and the United Arab Emirates. The study used secondary data using a narrative literature review strategy to identify peer-reviewed and grey literature focusing on culture and its impact on cybersecurity. A total of 12 articles were identified through a systematic search process. The following key observations are made. Cybersecurity practises are thought to be influenced by national cultural characteristics in both Saudi Arabia and the United Arab Emirates. There is clear evidence of a high-power chasm between the two nations, with decisions on cybersecurity and related policies being made at the highest levels of management. This has caused people's lack of confidence and their ignorance on how to better their own cybersecurity habits. Both nations have a collectivist culture that encourages the use of weak passwords and the sharing of passwords and devices amongst friends and relatives. Evidence also suggests that few organisations have a thorough policy for protecting sensitive data. Top-down decision making is encouraged, which limits employees' participation in cybersecurity conversations. There is also worry that workers are not receiving adequate resources or training. Overall, the culture and support of the organisation are moderate to low in terms of cybersecurity.