This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.
References
[1]
Joseph, O.O. and Kibera, F. (2019) Organizational Culture and Performance: Evidence from Microfinance Institutions in Kenya. SageOpen, 9. https://doi.org/10.1177/2158244019835934
[2]
Wairimu, Z. and Mwilaria, S.M. (2017) Microfinance Institutions’ Social Intermediation and Micro and Small Enterprises Survival in Thika Town, Kenya. AsiaPacificJournalofMultidisciplinaryResearch, 5, 87-93. https://www.apjmr.com
[3]
Kiganda, M. (2022) An Assessment of the Factors Affecting Cyber Resilience in Micro-Finance Institutions. https://su-plus.strathmore.edu/handle/11071/12982
[4]
Mohamed, E. (2024) Measuring the Effects of Digital Transformation on Organisational Performance: A Case Study of Microfinance Institutions. In: Carter, S.D. and Bensal, S., Eds., Management and Resilience of African Organizations in Times of Crisis, Springer, 125-142. https://doi.org/10.1007/978-3-031-56007-1_8
[5]
Wu, Y., Xie, Z., Ji, S., Liu, Z., Zhang, X., Lin, C., et al. (2023) Fraud-Agents Detection in Online Microfinance: A Large-Scale Empirical Study. IEEETransactionsonDependableandSecureComputing, 20, 1169-1185. https://doi.org/10.1109/tdsc.2022.3151132
[6]
Limna, P., Kraiwanit, T. and Siripipattanakul, S. (2023) The Relationship between Cyber Security Knowledge, Awareness and Behavioural Choice Protection among Mobile Banking Users in Thailand. InternationalJournalofComputingSciencesResearch, 7, 1133-1151. https://doi.org/10.25147/ijcsr.2017.001.1.123
[7]
Abdullah, W.M.Z.B.W., Zainudin, W.N.R.A.B., Ismail, S.B. and Zia-ul-haq, H.M. (2022) The Impact of Microfinance Services on Malaysian B40 Households’ Socioeconomic Performance: A Moderated Mediation Analysis. InternationalJournalofSustainableDevelopmentandPlanning, 17, 1983-1996. https://doi.org/10.18280/ijsdp.170634
[8]
Wong, L., Lee, V., Tan, G.W., Ooi, K. and Sohal, A. (2022) The Role of Cybersecurity and Policy Awareness in Shifting Employee Compliance Attitudes: Building Supply Chain Capabilities. InternationalJournalofInformationManagement, 66, Article ID: 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520
[9]
Onumo, A., Ullah-Awan, I. and Cullen, A. (2021) Assessing the Moderating Effect of Security Technologies on Employees Compliance with Cybersecurity Control Procedures. ACMTransactionsonManagementInformationSystems, 12, 1-29. https://doi.org/10.1145/3424282
[10]
Ewool, L.M. and Quartey, J.A. (2021) Evaluation of the Effect of Risk Management Practices on the Performance of Microfinance Institutions. InternationalJournalofAcademicResearchinAccounting, FinanceandManagementSciences, 11, 211-241. https://doi.org/10.6007/ijarafms/v11-i1/8440
[11]
Hijji, M. and Alam, G. (2022) Cybersecurity Awareness and Training (CAT) Framework for Remote Working Employees. Sensors, 22, Article No. 8663. https://doi.org/10.3390/s22228663
[12]
Al-Mohannadi, H., Awan, I., Al Hamar, J., Al Hamar, Y., Shah, M. and Musa, A. (2018) Understanding Awareness of Cyber Security Threat among IT Employees. 2018 6thInternationalConferenceonFutureInternetofThingsandCloudWorkshops (FiCloudW), Barcelona, 6-8 August 2018, 188-192. https://doi.org/10.1109/w-ficloud.2018.00036
[13]
Siddiqi, M.A., Pak, W. and Siddiqi, M.A. (2022) A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures. AppliedSciences, 12, Article No. 6042. https://doi.org/10.3390/app12126042
[14]
Hartarska, V. and Cull, R.J. (2023) Handbook of Microfinance, Financial Inclusion and Development. Edward Elgar Publishing.
[15]
Al Aamer, A.K. and Hamdan, A. (2023) Cyber Security Awareness and SMEs’ Profitability and Continuity: Literature Review. In: El Khoury, R. and Nasrallah, N., Eds., ContributionstoManagementScience, Springer, 593-604. https://doi.org/10.1007/978-981-99-6101-6_43
[16]
Willison, R., Warkentin, M. and Johnston, A.C. (2016) Examining Employee Computer Abuse Intentions: Insights from Justice, Deterrence and Neutralization Perspectives. Information Systems Journal, 28, 266-293. https://doi.org/10.1111/isj.12129
[17]
Dube, H. and Kwenda, F. (2023) Credit Risk Management and the Financial Performance of Microfinance Institutions in Southern Africa. The Journal of Developing Areas, 57, 145-157. https://doi.org/10.1353/jda.2023.0026
[18]
Rasel, M.A. and Win, S. (2020) Microfinance Governance: A Systematic Review and Future Research Directions. Journal ofEconomicStudies, 47, 1811-1847. https://doi.org/10.1108/jes-03-2019-0109
[19]
Boadi Joseph, M., Bondinuba, F.K., Eyiah, A.L. and DeGraft, O.-M. (2019) Modeling the Relationship between Risks and the Sustainability of Microfinance Institutions (MFIs) in Ghana. JournalofEconomicsandSustainableDevelopment, 10, 103-119.
[20]
European Digital SME Alliance (2020) The EU Cybersecurity Act and the Role of Standards for SMEs-Position Paper.
[21]
Jayeola, O., Sidek, S., Sanyal, S., Hasan, S.I., An, N.B., Mofoluwa Ajibade, S., et al. (2022) Government Financial Support and Financial Performance of SMEs: A Dual Sequential Mediator Approach. Heliyon, 8, e11351. https://doi.org/10.1016/j.heliyon.2022.e11351
[22]
Mwangi, B.J. and Brown, I. (2014) A Decision Model of Kenyan SMEs’ Consumer Choice Behavior in Relation to Registration for a Mobile Banking Service: A Contextual Perspective. InformationTechnologyforDevelopment, 21, 229-252. https://doi.org/10.1080/02681102.2013.874320
[23]
Omondi, R.I.A. and Jagongo, A. (2018) Microfinance Services and Financial Performance of Small and Medium Enterprises; Case of Kilifi Town in Kenya. InternationalAcademicJournalofEconomicsandFinance, 3, 24-43. https://www.iajournals.org/articles/iajef_v3_i1_24_43.pdf
[24]
Miryala, N.K. and Gupta, D. (2022) Data Security Challenges and Industry Trends. International Journal of Advanced Research in Computer and Communication Engineering, 11, 300-310. https://doi.org/10.17148/ijarcce.2022.111160
[25]
Bahuguna, A., Bisht, R.K. and Pande, J. (2020) Country-Level Cybersecurity Posture Assessment: Study and Analysis of Practices. InformationSecurityJournal: AGlobalPerspective, 29, 250-266. https://doi.org/10.1080/19393555.2020.1767239
[26]
Ralarala, S. (2020) The Impact of Cybercrime on e-Commerce and Regulation in Kenya, South Africa and the United Kingdom. Strathmore University.
[27]
Mphatheni, M.R. and Maluleke, W. (2022) Cybersecurity as a Response to Combating Cybercrime. InternationalJournalofResearchinBusinessandSocialScience, 11, 384-396. https://doi.org/10.20525/ijrbs.v11i4.1714
[28]
Tawina, C. (2023) Analyzing Cybersecurity Issues Associated with Mobile Money Usage in Malawi. Ashesi University College.
[29]
Voola, A.P. (2019) Gendered Vulnerabilities in Australian Microfinance. SocialBusiness, 9, 29-47. https://doi.org/10.1362/204440819x15504844628056
[30]
Javaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P. and Hur, J. (2024) Cybersecurity Threats in Fintech: A Systematic Review. ExpertSystemswithApplications, 241, Article ID: 122697. https://doi.org/10.1016/j.eswa.2023.122697
[31]
Al-Sanjrae, A.A. and Al-Nuaimi, Z.A. (2022) Financial Depth and Its Impact on Financial Inclusion by Applying to Iraq and Egypt. Tanmiyat al-Rafidain, 41, 133-160.
[32]
Vishwanath, A., Harrison, B. and Ng, Y.J. (2016) Suspicion, Cognition, and Automaticity Model of Phishing Susceptibility. CommunicationResearch, 45, 1146-1166. https://doi.org/10.1177/0093650215627483
[33]
Savaş, S. and Karataş, S. (2022) Cyber Governance Studies in Ensuring Cybersecurity: An Overview of Cybersecurity Governance. InternationalCybersecurityLawReview, 3, 7-34. https://doi.org/10.1365/s43439-021-00045-4
[34]
Conteh, N.Y. and Schmick, P.J. (2016) Cybersecurity: Risks, Vulnerabilities and Countermeasures to Prevent Social Engineering Attacks. InternationalJournalofAdvancedComputerResearch, 6, 31-38. https://doi.org/10.19101/ijacr.2016.623006
[35]
Iqbal, M., Siti Astuti, E., Trialih, R., Wilopo, Arifin, Z. and Alief Aprilian, Y. (2020) The Influences of Information Technology Resources on Knowledge Management Capabilities: Organizational Culture as Mediator Variable. HumanSystemsManagement, 39, 129-139. https://doi.org/10.3233/hsm-190562
[36]
Gomera, W.C. (2020) The Use of Mobile Technology to Enhance the Interaction between Microfinance Institutions and Micro Businesses in the Tanzanian Context. University of Eastern Finland.
[37]
Kumarage, A.M. (2018) From Exclusion to Inclusion: Evolution of the Role of Hansards in the Interpretative Process. https://ssrn.com/abstract=3599972
[38]
Hausstätter, R.S. (2013) In Support of Unfinished Inclusion. ScandinavianJournalofEducationalResearch, 58, 424-434. https://doi.org/10.1080/00313831.2013.773553
[39]
Wilhoit Larson, E., Linabary, J.R. and Long, Z. (2022) Communicating Inclusion: A Review and Research Agenda on Inclusion Research in Organizational Communication. AnnalsoftheInternationalCommunicationAssociation, 46, 63-90. https://doi.org/10.1080/23808985.2022.2069045
[40]
Vignau, B., Clemente, P. and Berthomé, P. (2024) Systematic Literature Review: References Extraction Helper and Automatic Analysis. SoftwareImpacts, 21, Article ID: 100669. https://doi.org/10.1016/j.simpa.2024.100669
[41]
Cheloff, A.Z., Pochapin, M.B. and Popov, V. (2024) Su1981 Potential of Generative AI in Meta-Analysis: Automating Literature Review and Data Extraction. Gastroenterology, 166, S-890. https://doi.org/10.1016/s0016-5085(24)02530-7
[42]
Lai, J.W.M. and Bower, M. (2019) Evaluation of Technology Use in Education: Findings from a Critical Analysis of Systematic Literature Reviews. JournalofComputerAssistedLearning, 36, 241-259. https://doi.org/10.1111/jcal.12412
[43]
Adu, K.K., Patrick, N., Park, E.G. and Adjei, E. (2018) Evaluation of the Implementation of Electronic Government in Ghana. InformationPolity, 23, 81-94. https://doi.org/10.3233/ip-170420
[44]
Skarlatidou, A., Hamilton, A., Vitos, M. and Haklay, M. (2019) What Do Volunteers Want from Citizen Science Technologies? A Systematic Literature Review and Best Practice Guidelines. JournalofScienceCommunication, 18, A02. https://doi.org/10.22323/2.18010202
[45]
Page, M.J., McKenzie, J.E., Bossuyt, P.M., Boutron, I., Hoffmann, T.C., Mulrow, C.D., et al. (2021) The PRISMA 2020 Statement: An Updated Guideline for Reporting Systematic Reviews. BMJ, 123, n71. https://doi.org/10.1136/bmj.n71
