Human Errors in Data Breaches: An Exploratory Configurational Analysis

Information Systems (IS) are critical for employee productivity and organizational success. Data breaches are on the rise—with thousands of data breaches accounting for billions of records breached and annual global cybersecurity costs projected to reach $10.5 trillion by 2025. A data breach is the unauthorized disclosure of sensitive information—and can be achieved intentionally or unintentionally. Significant causes of data breaches are hacking and human error; in some estimates, human error accounted for about a quarter of all data breaches in 2018. Furthermore, the significance of human error on data breaches is largely underrepresented, as hackers often capitalize on organizational users’ human errors resulting in the compromise of systems or information. The research problem that this study addressed is that organizational data breaches caused by human error are both costly and have the most significant impact on Personally Identifiable Information (PII) breaches. Human error types can be classified in three categories—Skill-Based Error (SBE), Rule-Based Mistakes (RBM), and Knowledge-Based Mistakes (KBM)—tied to the associated levels of human performance. The various circumstantial and contextual factors that influence human performance to cause or contribute to human error are called Performance Influencing Factors (PIF). These PIFs have been examined in the safety literature and most notably in Human Reliability Analysis (HRA) applications. The list of PIFs is context specific and had yet to be comprehensively established in the cybersecurity literature—a significant research gap. The main goal of this research study was to employ configurational analysis—specifically, Fuzzy-Set Qualitative Analysis (fsQCA)—to empirically assess the conjunctural causal relationship of internal (individual) and external (organizational and contextual) Cybersecurity Performance Influencing Factors (CS-PIFs) leading to Cybersecurity Human Error (CS-HE) (SBE, RBM, and KBM) that resulted in the largest data breaches across multiple organization types from 2007 to 2019 in the United States (US). Feedback was solicited from 31 Cybersecurity Subject Matter Experts (SME), and they identified 1st order CS-PIFs and validated the following 2nd order CS-PIFs: organizational cybersecurity; cybersecurity policies and procedures; cybersecurity education, training, and awareness; ergonomics; cybersecurity knowledge, skills, and abilities; and employee cybersecurity fitness for duty. Utilizing data collected from 102 data breach cases, this research found that multiple combinations, or causal recipes, of CS-PIFs led to certain CS-HEs, that resulted in data breaches. Specifically, seven of the 36 fsQCA models had solution consistencies that exceeded the minimum threshold of 0.80, thereby providing argument for the contextual nature of CS-PIFs, CS-HE, and data breaches. Two additional findings were also discovered—five sufficient configurations were present in two models, and the absence of strong cybersecurity knowledge, skills, and abilities is a necessary condition for all cybersecurity human error outcomes in the observed cases

Moral decisions, moral distress, and the psychological health of nurses

The major focus of this thesis is the role of feelings and emotions in moral thinking/knowing, ethical conduct and, in particular, moral distress in nursing. Research has consistently found that the moral decisions nurses must make can sometimes lead to distress. However, such experiences are overly individualised in the literature. An alternative view of the person, drawing on the philosophy of Alfred North Whitehead (e.g. 1927-8/1978) and the recent work of Paul Stenner (e.g. 2008), sees human subjectivity or mind as processual and always embodied and in-the-world. The emphasis upon the body draws attention to the role of felt experiences this thesis views feelings as integral to both sense-making knowing and thinking and sensibility or emotionality. The emphasis in-the-world highlights that subjectivity is embedded within social contexts, which include relations of power and organisations of material and symbolic capital aligned with those relations. Influenced by deep empiricism (e.g. Stenner, 2011a), this thesis develops a novel bricolage methodology based on a metaphor of diffraction to explore nurses experiences of moral distress. Nurses feelings of discomfort, a particular form of feelings of knowing , appear to be the seeds of moral distress. Various situations seem to be important antecedents for these seeds to bloom into full moral distress, including certain clinical issues, ethical conflict with colleagues, and issues of competency. Nurses also experience some aspects of their job as systemic barriers to high standards of care, which can also be morally distressing. Such distress sometimes affects nurses relationships, their physical health, and their mental health. Participants have found several strategies useful in coping with their distress. It is argued that these strategies are about altering one s feelings through changing one s activities and/or environment. Additionally, past distress may remain a dormant part of a person s subjectivity and re-emerge or become (re)enacted in the narrations of those past distressing experiences. It is suggested that subjectivity entails an organisation of past experiences in the present, for present purposes and in anticipation of the future. Six dominant thematic patternings, which recurred throughout the analyses, are discussed: (i) the centrality of feelings; (ii) the relationality of felt experiences; (iii) the complexity of morality, moral conduct, and moral distress moral/ethical issues become entangled with identity, power, professional competency, and social relations; (iv) the prominence of power and interest; (v) nurses' lives as afflicted by moral distress; and (vi) life-as-process. Discussion of these motifs leads to a rethinking of moral distress. Implications for nursing practice, moral distress research and the study of feelings, emotions, and affect are discussed

Designing for Numerical Transcription Typing: Frequent Numbers Matter

In the text entry domain, the task of number entry is often overlooked despite the prevalence of number entry tasks in the real world. Number entry often occurs in safety critical contexts, such as the medical domain, where errors can lead to patient death. In order to prevent errors from happening, it is important to design devices that help the user in their number entry task, and guard against error. To do this effectively, more needs to be known about the task of number transcription so that appropriate design interventions can be created. Current research commonly uses randomly generated numbers in the evaluation of number entry interfaces. However, it is not clear that random numbers are appropriate in this context. The first half of the thesis builds on research that shows that the familiarity of a number can affect how it is read, and investigates how this finding impacts upon transcription of familiar numbers. This is investigated by replicating seminal transcription typing studies using both words and numbers. The results of these experiments suggest that familiar numbers are represented more strongly than non-familiar numbers in memory, and as a result familiar numbers are significantly faster to transcribe. This novel finding then motivates a series of studies that aim to reduce errors in a medical number entry task. First, a log analysis of hospital devices shows that there are clear patterns in the numbers used, providing evidence that medical workers are likely to be more familiar with some numbers rather than others. The knowledge of these frequently used numbers is then utilised in three novel approaches to number entry interface design. First, knowledge of the landscape of frequent numbers in this context is used to create a set of heuristics for the design of number entry interfaces. Second, an experiment shows that adapting the interface specifically for frequent number entry can speed up interaction. Finally an experiment explores how an understanding of the numbers used to program devices can be used to check for and prevent number transcription errors. This thesis highlights the importance of understanding the frequency and familiarity of num- bers used in specific contexts. It explores how this knowledge can improve both evaluation and design of number entry interfaces