Revista Científica
ANFIBIOS
ISSN: 2665-1513 (Impreso) | ISSN: 2711-0532 (En línea)
Cultura de Ciberseguridad en las Organizaciones: Un análisis cienciométrico de las Tendencias Globales y Empresariales
Cybersecurity Culture in Organizations: A Scientometric Analysis of Global and Business Trends
Karen Álvarez-Ballestas*
Universidad Tecnológica de Bolívar - Colombia
ORCID iD: https://orcid.org/0009-0006-0534-0743
karalvarez@utb.edu.co Jhorquis Machado-Licona
Universidad Tecnológica de Bolívar - Colombia
ORCID iD: https://orcid.org/0000-0002-6987-7658
jmachado@utb.edu.co *Autor a quien debe ser dirigida la correspondenciaFecha de recepción: 11/08/2025
Fecha de evaluación: 26/08/2025
Fecha de aceptación: 12/10/2025
Cómo citar: Álvarez-Ballestas, K., & Machado-Licona, J. (2025). Cultura de Ciberseguridad en las Organizaciones: Un análisis cienciométrico de las Tendencias Globales y Empresariales. Revista Científica Anfibios, 8(2), 11-21. https://doi.org/10.37979/afb.2025v8n2.178
Resumen
Introducción: La cultura de ciberseguridad se ha convertido en un componente clave en la protección de los activos digitales de las empresas, dado que a pesar de todos los controles técnicos que se puedan implementar para garantizar la seguridad de la información, la influencia del comportamiento humano frente a las amenazas informáticas es primordial. Objetivo: Analizar el comportamiento de la documentación e investigación sobre cultura de ciberseguridad en entornos empresariales durante el periodo 2005–2025. Metodología: Estudio bibliométrico y cienciométrico de 74 artículos obtenidos de la base de datos Scopus. Se aplicaron indicadores de productividad, colaboración, coocurrencia de palabras clave, redes de coautoría y análisis de citas. Resultados: Se evidencia una tendencia creciente en la producción científica a partir de 2017, con una línea de crecimiento exponencial ajustada a un R² = 0.41. Se identificó un enfoque temático centrado en tres ejes: cultura organizacional, comportamiento del usuario y estrategias de concienciación. Destacan autores como Da Veiga, L.V.; Hart, S.; y Rawindaran, N., así como instituciones del Reino Unido, Malasia y Estados Unidos. Conclusiones: La cultura de ciberseguridad es un ámbito en desarrollo que busca entender cómo los elementos humanos y organizacionales influyen en la gestión de riesgos digitales. Las investigaciones actuales se centran en la gamificación para la concientización, la evaluación de la madurez cultural y la cooperación internacional para mejorar las prácticas de seguridad digital en empresas.
Palabras claveCultura de Ciberseguridad; Análisis Bibliométrico; Ciberseguridad Organizacional; Comportamiento del Usuario; Concienciación en Seguridad
Abstract
Introduction: Cybersecurity culture has become a key component in the protection of companies' digital assets, given that despite all the technical controls that can be implemented to guarantee information security, the influence of human behavior in the face of computer threats is paramount. Objective: To analyze the behavior of scientific production on cybersecurity culture in business environments during the period 2005–2025. Methodology: A bibliometric and scientometric study of 74 articles retrieved from the Scopus database. Indicators of productivity, collaboration, keyword co-occurrence, co-authorship networks, and citation analysis were applied. Results: A growing trend in scientific output is evident beginning in 2017, with an exponential growth curve adjusted to an R² = 0.41. A thematic focus was identified around three main axes: organizational culture, user behavior, and awareness strategies. Notable authors include Da Veiga, L.V.; Hart, S.; and Rawindaran, N., along with institutions from the United Kingdom, Malaysia, and the United States. Conclusions: Cybersecurity culture is a developing field that seeks to understand how human and organizational factors influence digital risk management. Current research focuses on gamification for awareness, assessing cultural maturity, and international cooperation to improve digital security practices in companies.
KeywordsCybersecurity Culture; Bibliometric Analysis; Organizational Cybersecurity; User Behavior; Security Awareness;
Referencias
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/J.COSE.2020.102003
Bada, M., Sasse, A. M., & Nurse, J. R. C. (2019). Cyber Security Awareness Campaigns: Why do they fail to change behaviour? https://arxiv.org/pdf/1901.02672
Bongiovanni, I. (2019). The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, 86, 350–357. https://doi.org/10.1016/J.COSE.2019.07.003
Cheng, E. C. K. ;, Wang, T., Cheng, E. C. K., & Wang, T. (2022). Institutional Strategies for Cybersecurity in Higher Education Institutions. Information 2022, Vol. 13, Page 192, 13(4), 192. https://doi.org/10.3390/INFO13040192
Cone, B. D., Irvine, C. E., Thompson, M. F., & Nguyen, T. D. (2007). A video game for cyber security training and awareness. Computers & Security, 26(1), 63–72. https://doi.org/10.1016/J.COSE.2006.10.005
Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/10.1016/J.COSE.2020.101713
Da Veiga, A., & Eloff, J. H. P. (2010). A framework and assessment instrument for information security culture. Computers & Security, 29(2), 196–207. https://doi.org/10.1016/J.COSE.2009.09.002
Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162–176. https://doi.org/10.1016/J.COSE.2014.12.006
D’Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective. Journal of Management Information Systems, 31(2), 285–318. https://doi.org/10.2753/MIS0742-1222310210
Furnell, S. M., Clarke, N., & Lacey, D. (2010). Understanding and transforming organizational security culture. Information Management & Computer Security, 18(1), 4–13.
https://doi.org/10.1108/09685221011035223
Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346. https://doi.org/10.1016/J.HELIYON.2017.E00346
Hart, S., Margheri, A., Paci, F., & Sassone, V. (2020). Riskio: A Serious Game for Cyber Security Awareness and Education. Computers & Security, 95, 101827. https://doi.org/10.1016/J.COSE.2020.101827
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69–79. https://doi.org/10.1016/J.IM.2013.10.001
Kajzer, M., Darcy, J., Crowell, C. R., Striegel, A., & Van Bruggen, D. (2014). An exploratory investigation of message-person congruence in information security awareness campaigns. Computers & Security, 43, 64–76. https://doi.org/10.1016/J.COSE.2014.03.003
Offner, K. L., Sitnikova, E., Joiner, K., & MacIntyre, C. R. (2020). Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intelligence and National Security, 35(4), 556–585. https://doi.org/10.1080/02684527.2020.1752459
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176. https://doi.org/10.1016/J.COSE.2013.12.003
Progoulakis, I., Rohmeyer, P., & Nikitakos, N. (2021). Cyber Physical Systems Security for Maritime Assets. Journal of Marine Science and Engineering 2021, Vol. 9, Page 1384, 9(12), 1384. https://doi.org/10.3390/JMSE9121384
Rawindaran, N., Jayal, A., & Prakash, E. (2021). Machine Learning Cybersecurity Adoption in Small and Medium Enterprises in Developed Countries. Computers 2021, Vol. 10, Page 150, 10(11), 150. https://doi.org/10.3390/COMPUTERS10110150
Rocha Flores, W., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Computers & Security, 59, 26–44. https://doi.org/10.1016/J.COSE.2016.01.004
Schlienger, T., & Teufel, S. (2005). Tool Supported Management of Information Security Culture. IFIP Advances in Information and Communication Technology, 181, 65–77. https://doi.org/10.1007/0-387-25660-1_5
Tejay, G. P. S., & Mohammed, Z. A. (2023). Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective. Information & Management, 60(3), 103751. https://doi.org/10.1016/J.IM.2022.103751
Uchendu, B., Nurse, J. R. C., Bada, M., & Furnell, S. (2021). Developing a cyber security culture: Current practices and future needs. Computers & Security, 109, 102387.
https://doi.org/10.1016/J.COSE.2021.102387
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from Habit and Protection Motivation Theory. Information & Management, 49(3–4), 190–198. https://doi.org/10.1016/J.IM.2012.04.002
Wong, W. P., Tan, H. C., Tan, K. H., & Tseng, M. L. (2019). Human factors in information leakage: mitigation strategies for information sharing integrity. Industrial Management & Data Systems, 119(6), 1242–1267. https://doi.org/10.1108/IMDS-12-2018-0546
