Exploring transparent communication for organisational cyber-resilience to sophisticated phishing attacks
Chitare, Neeranjan and Coventry, Lynne and Nicholson, James (2025) Exploring transparent communication for organisational cyber-resilience to sophisticated phishing attacks. Information & Computer Security. ISSN 2056-4961
Preview |
Text
author accepted manuscript.PDF - Accepted Version Available under License Creative Commons Attribution Non-commercial. Download (321kB) |
Abstract
Purpose
The purpose of this study is to explore how security practitioners share information about sophisticated phishing attacks and what opportunities and barriers are in place for them to do so.
Design/methodology/approach
For this study, a qualitative research design was chosen to explore the experiences, perceptions and practices of cybersecurity practitioners in dealing with sophisticated phishing attacks. Semi-structured interviews were conducted with 13 cybersecurity practitioners (8 were from the UK and 5 were from India) as the primary method of data collection.
Findings
The results indicate that the phishing threats intercepted before the employee interaction are typically not disclosed to the employee by the security practitioners. Practitioners face challenges in sharing information about phishing attempts and incidents due to privacy concerns, ongoing investigations and potential reputational damage.
Research limitations/implications
The insights obtained from this work are not generalisable to all UK or Indian security practitioners.
Practical implications
The results of this study can be used for developing phishing prevention techniques for briefing targeted employee with a personalised message giving details of the attacks and security guideline.
Social implications
This study results can help build trust and understanding between security practitioners and other employees, leading to more effective collaboration in preventing and responding to sophisticated attacks.
Originality/value
The insights from cybersecurity practitioners highlight significant limitations and hesitations in sharing information about phishing incidents to the targeted employees. The importance of transparent communication, especially in the context of sophisticated attacks, is discussed.
| Item Type: | Article |
|---|---|
| Identification Number: | 10.1108/ICS-01-2025-0024 |
| Dates: | Date Event 8 July 2025 Accepted 25 September 2025 Published Online |
| Uncontrolled Keywords: | Spear phishing, Transparent communication, Cybersecurity practitioners, Incident reporting, Lateral phishing |
| Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science |
| Divisions: | Architecture, Built Environment, Computing and Engineering > Computer Science |
| Depositing User: | Gemma Tonks |
| Date Deposited: | 12 May 2026 11:41 |
| Last Modified: | 12 May 2026 11:41 |
| URI: | https://www.open-access.bcu.ac.uk/id/eprint/17031 |
Actions (login required)
 |
View Item |
Tools
Tools
