Skip to Main Content
Article navigation
Research Article| November 13 2025

‘Ctrl, alt, report’: the influence of policy, cyber security job relevance, rank and gender on cyber security incident reporting Available to Purchase

Kristiina Ahola;
Kristiina Ahola
Department of Defence,
Defence Science and Technology Group Edinburgh
, Edinburgh,
Australia

Kristiina Ahola joined defence science and technology group (DSTG) in 2022. At DSTG she is a research scientist in the Information Sciences Division, where her primary aim is to assess the socio-technical aspects of combat systems. In 2023, she completed a master of psychology (organisational and human factors) at the University of Adelaide and is a registered psychologist.

Corresponding author Kristiina Ahola kristiina.ahola@defence.gov.au
Search for other works by this author on:
This Site
PubMed
Google Scholar
Daniel Sturman;
Daniel Sturman
School of Psychology,
The University of Adelaide
, Adelaide,
Australia

Dr Daniel Sturman is an organisational psychologist and human factors researcher. He is currently a lecturer at the University of Adelaide and completed a PhD in psychology at Macquarie University.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Marcus Butavicius;
Marcus Butavicius
Department of Defence,
Defence Science and Technology Group Edinburgh
, Edinburgh,
Australia

Marcus Butavicius is a senior research scientist with DSTG. He joined DSTG in 2001, where he investigated the role of simulation in training, theories of human reasoning and the analysis of biometric technologies. In 2002, he completed a PhD in psychology at the University of Adelaide on mechanisms of visual object recognition. In 2003 he joined the Intelligence, Surveillance and Reconnaissance Division, where his work focused on data visualisation, decision-making, the human aspects of cyber security and interface design. He is also a visiting research fellow in the School of Psychology at the University of Adelaide.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Agata McCormac;
Agata McCormac
Department of Defence,
Defence Science and Technology Group Edinburgh
, Edinburgh,
Australia

Agata McCormac joined DSTG in 2006. She is a research scientist with the Information Sciences Division, where her work focuses on the human aspects of cyber security. She was awarded a Master of Psychology (organisational and human factors) at the University of Adelaide in 2005. She is registered as an organisational psychologist with the psychology board of Australia and holds an adjunct lecturer position within the School of Psychology at the University of Adelaide.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Nadia Scott;
Nadia Scott
Department of Defence,
Defence Science and Technology Group Edinburgh
, Edinburgh,
Australia

Nadia Scott is an early-career researcher in the Information Sciences Division at DSTG. With a background in psychological science, she is interested in applying principles of human behaviour and psychology to address challenges in cyber security. She is currently completing a Master of Psychology (organisational and human factors) at the University of Adelaide.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Andrew Reeves;
Andrew Reeves
UNSW Institute for Cyber Security,
University of New South Wales Canberra at ADFA
, Canberra,
Australia

Dr Andrew Reeves is the Deputy Director of the University of New South Wales’ Institute for Cyber Security (IFCyber). He is a registered organisational psychologist and holds a PhD from the University of Adelaide, where he currently serves as a visiting research fellow. Andrew has also held the position of Director of organisational and behavioural research at Cybermindz.org, an international non-profit organisation that supports the mental well-being and thriving of cyber teams. His current research interests include the application of psychological theory and methodology to disrupt the decision-making processes of cyber security attackers, the improvement of mental health support systems within the cyber sector and the development of methods to assess and foster an effective cyber security culture within organisations.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Malcolm Pattinson
Malcolm Pattinson
Defence and Security Institute,
The University of Adelaide
, Adelaide,
Australia

Dr Malcolm Pattinson is currently a cyber-security consultant and researcher in the University of Adelaide’s Business School. Over the last two decades, his work has been dedicated to teaching and research in the domain of information and cyber security, particularly about the practices of digital-device users and how their behaviour impacts on the confidentiality, integrity and availability of organisational data. He is a founding member of the human aspects of cyber security research team, which is a collaboration between the University of Adelaide and DSTG. Malcolm is co-chair of the International Federation for Information Processing International Symposium on Human Aspects of Information Security and Assurance and has been a board member of the ISACA-Adelaide Chapter for many years.

Search for other works by this author on:
This Site
PubMed
Google Scholar
Author & Article Information
Corresponding author Kristiina Ahola kristiina.ahola@defence.gov.au
Publisher: Emerald Publishing
Received: March 14 2025
Revision Received: September 16 2025
Accepted: September 17 2025
Online ISSN: 2056-497X
Print ISSN: 2056-4961
Funding
Funding Group:
  • Funding Statement(s):
     This research was funded by Defence Science and Technology Group.
© 2025 Emerald Publishing Limited
2025
Emerald Publishing Limited
Licensed re-use rights only
Information and Computer Security 1–16.
https://doi.org/10.1108/ICS-02-2025-0044
Article history
Received:
March 14 2025
Revision Received:
September 16 2025
Accepted:
September 17 2025
Purpose

Cyber security incidents present a growing risk to organisations due to their increasing sophistication and prevalence. It is crucial for employees, often viewed as an organisation’s “first line of defence”, to report these incidents promptly. Doing so minimises damage and enables cyber security teams to detect and mitigate threats effectively. This study aims to examine the key factors influencing cyber security incident reporting.

Design/methodology/approach

In total, 549 working Australian adults completed the cyber security incident reporting inventory (CSIRI; pronounced, “Siri”) and demographic items via an online survey.

Findings

Participants were significantly more likely to report incidents if their organisation had a cyber security policy (formal or informal), if they perceived cyber security as relevant to their role or if they held higher-ranking hierarchical positions. Employees identifying with diverse gender identities exhibited significantly more negative attitudes and lower perceived behavioural control in reporting cyber security incidents compared to the male, female and non-binary groups. Therefore, organisations should introduce or refine cyber security policies and training to support the needs of their diverse employees. Organisations that leverage such insights can reinforce their “first line of defence” and improve cyber hygiene.

Originality/value

The study extends previous analyses by incorporating employees’ hierarchical position level as an additional factor in cyber security incident reporting, offering new insights into how organisational rank influences reporting behaviour.

Keywords:
Cyber security, Cyber security incident reporting, Incident reporting, Individual differences, Theory of planned behaviour
© 2025 Emerald Publishing Limited
2025
Emerald Publishing Limited
Licensed re-use rights only
You do not currently have access to this content.
Don't already have an account? Register

Purchased this content as a guest? Enter your email address to restore access.

Please enter valid email address.
Email address must be 94 characters or fewer.
Pay-Per-View Access
$41.00
Rental
This article is also available for rental through DeepDyve. Read this now at DeepDyve
180 Views
View Metrics
A Reward-Driven bloom’s taxonomy framework for cybersecurity awareness: integrating cognitive learning with gamification principles
Determinants of the acceptance of cybersecurity chatbots: an extended protection motivation perspective
Evaluating cyber resilience frameworks for e-government: applicability of NIST CSF, ISO/IEC 27001 and COBIT 2019 in developing country contexts
Everyday tracking and extraordinary harm: item finder misuse in digital coercive control

Suggested Reading

Hey “CSIRI”, should I report this? Investigating the factors that influence employees to report cyber security incidents in the workplace
Information and Computer Security (August,2024)
New health and safety contact centre
Structural Survey (October,2001)
Facilitating a just and trusting culture
Int J Health Care Qual Assur (February,2015)
Reporting adverse events at geriatric facilities: Categorization by type of adverse event and function of reporting personnel
Int J Health Care Qual Assur (March,2014)
Consumer security behaviors and trust following a data breach
Managerial Auditing Journal (April,2018)

Related Chapters

Walk the talk: Leaders’ enacted priority of safety, incident reporting, and error management
Leading in Health Care Organizations: Improving Safety, Satisfaction and Financial Performance
On the Turning Away: An Exploration of the Employee Resignation Process
Research in Personnel and Human Resources Management
Improving Workplace Health and Safety Through Digital Twins
HR 5.0 Integration: Unleashing the Potential of the Digital Twin Revolution

Recommended for you

These recommendations are informed by your reading behaviors and indicated interests.

Cited By

Google Scholar
This Feature Is Available To Subscribers Only

or Create an Account

Close Modal
Close Modal