Password behaviour: A threat to cyber security A study of future financial sector employees in Denmark

Cyber security policies focus on systems, often overlooking the human factor. Is Generation Zs password authentication behaviour a risk to the financial sector?

Several reports demonstrate that one of the weakest links in organisations, regardless of size, industry or country of operation, is the human factor (Howarth, 2014) (Turban, et al., 2015) (IBM Security, 2019) (Center for Cybersikkerhed, 2019). Individual employees are an easy target through which malicious adversaries, using social engineering, gain access. At the human aspect, the high probability of threat to cyber-attacks lies within two somewhat embarrassingly simple and seemingly uncomplicated areas; these are opening malware emails and creating and reusing insecure passwords. This paper focus on the latter.
The research question driving the study is “Are future financial sector employees’ online attitudes and behaviours putting the sector at risk of cyber-attacks?”.


Research on password creation and use concentrates primarily on theory and generic, non-specific situations.  The literature does not cover the coupling of theoretical insight directly to implications for a specific business sector.
Cyber security is the risk causing most concern within the financial sector; a risk compounded by the sector’s dependence on IT.  A recent 2020 survey of trust and risk shows a slight decrease in concern by respondents – those responsible for risk in the financial sector – from 81% in 2019 to 74% in 2020.  The 7% decline could be an indication of one of two factors; namely, an increased effort in the investment or that other risks have become more challenging, either way, they agree that cybercrime adversaries, social engineers, are continually more skilled and advanced criminals. (Finanstilsynet/Financial Services Authority, 2020)
This paper seeks to explore the extent of risk, concentrating specifically on the financial sector, most recently identified by the Centre for Cybersecurity, a separate entity of the Danish Ministry of Defence, as the most susceptible to cyber-attack in Denmark (Center for Cybersikkerhed, 2019).
The study explores future financial sector employees’, identified as Generation Z, attitudes and behaviours towards cyber security and specifically password creation and use.
To lay the foundation for understanding the vulnerability at the human factor, the theoretical section of the paper provides a concise overview of social engineering, behaviour economics and password creation and use. The focus then turns towards future financial sector employees, presenting literature on  Generation Z, their digital behaviour, attitudes towards security, and finally their attitudes towards personal data sharing in the cybersphere.

Vælg et tema eller søg efter projekter