References
- Anand, V., Ashforth, B. E., & Joshi, M. (2004). Business as usual: The acceptance and perpetuation of corruption in organizations. Academy of Management Perspectives, 19(4), 9–23. https://journals.aom.org/doi/https://doi.org/10.5465/ame.2004.13837437
- Arain, M. A., Tarraf, R., & Ahmad, A. (2019). Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. Journal of Multidisciplinary Healthcare, 12(1), 73–81. https://doi.org/https://doi.org/10.2147/JMDH.S183275
- Ashforth, B. E., & Anand, V. (2003). The normalization of corruption in organizations. Research in Organizational Behavior, 18(2), 1–52. https://doi.org/https://doi.org/10.1016/S0191-3085(03)25001-2
- Azer, M., Shaker, A., Nagy, S., Raafat, A., & Abuzaid, M. (2012). Organizational risk assessment based on attacks repetition. In Seventh international conference on availability, reliability and security.
- Bachmann, M. (2010). Deciphering the hacker underground. In T. J. Holt & B. Schell (Eds.), Corporate hacking and technology-driven crime (pp. 105–126). IGI Global.
- Baker, E. M., Baker, W. H., & Tedesco, J. C. (2007). Organizations respond to phishing: Exploring the public relations tackle box. Communications Research Reports, 24(4), 327–339. https://doi.org/https://doi.org/10.1080/08824090701624239
- Bakhshi, T., Papadaki, M., & Furnell, S. (2009). Social engineering: Assessing vulnerabilities in practice. Information Management & Computer Security, 17(1), 53–63. https://doi.org/https://doi.org/10.1108/09685220910944768
- Bandura, A. (1997). Self-efficacy: The exercise of control. W. G. Freeman and Company.
- Barnes, P., & Webb, J. (2007). Organizational susceptibility to fraud and theft, organizational size and the effectiveness of management controls: Some UK evidence. Managerial and Decision Economics, 28(3), 181–193. https://doi.org/https://doi.org/10.1002/mde.1320
- Beccaria, C. (1819). An essay on crimes and punishments ( E. D. Ingraham, Trans.). Philip H. Nicklin.
- Benson, M. L., & Simpson, S. S. (2018). White-collar crime: An opportunity perspective (3rd ed.). Routledge.
- Bohn, J. G. (2010). Development and exploratory validation of an organizational efficacy scale. Human Resource Development Quarterly, 21(3), 227–251. https://doi.org/https://doi.org/10.1002/hrdq.20048
- Boyle, D. M., DeZoort, F. T., & Hermanson, D. R. (2015). The effect of alternative fraud model use on auditors’ fraud risk judgments. Journal of Accounting and Public Policy, 34(6), 578–596. https://doi.org/https://doi.org/10.1016/j.jaccpubpol.2015.05.006
- Braithwaite, J. (2020). Regulatory mix, collective efficacy, and crimes of the powerful. Journal of White Collar and Corporate Crime, 1(1), 62–71. https://doi.org/https://doi.org/10.1177/2631309X19872430
- Bullee, J., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801–830. https://doi.org/https://doi.org/10.1108/ICS-07-2019-0078
- Button, M., & Cross, C. (2017). Cyberfrauds, scams and their victims. Routledge.
- Caldwell, T. (2011). Ethical hackers: Putting on the white hat. Network Security, 2011(7), 10–13. https://doi.org/https://doi.org/10.1016/S1353-4858(11)70075-7
- Cascarino, R. 2012). Corporate fraud and internal control. Wiley.
- Chantler, A., & Broadhurst, R. (2006). Social engineering and crime prevention in cyberspace ( Technical report). Queensland University of Technology. http://eprints.qut.edu.au/7526/1/7526.pdf
- Charmaz, K. (2002). Qualitative interviewing and grounded theory analysis. In J. F. Gubrium & J. A. Holstein (Eds.), The handbook of interview research (pp. 675–694). Sage.
- Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588–608. https://doi.org/https://doi.org/10.2307/2094589
- Collins, M. E., & Loughran, T. A. (2018). Rational choice theory, heuristics, and biases. In W. Bernasco, J. van Gelder, & H. Elffers (Eds.), The Oxford handbook of offender decision making [ online version]. Oxford University Press. https://doi.org/https://doi.org/10.1093/oxfordhb/9780199338801.013.1
- Corbin, J., & Strauss, A. (1990). Grounded theory research: Procedures, canons, and evaluative Criteria. Qualitative Sociology, 13(1), 3–21. https://doi.org/https://doi.org/10.1007/BF00988593
- Dalton, D. R., & Kesner, I. F. (1988). On the dynamics of corporate size and illegal activity: An empirical assessment. Journal of Business Ethics, 7(11), 861–870. https://doi.org/https://doi.org/10.1007/BF00383049
- Daud, M., Rasiah, R., George, M., Asirvatham, D., & Thangiah, G. (2018). Bridging the gap between organizational practices and cyber security compliance: Can cooperation promote compliance in organisations. International Journal of Business and Society, 19(1), 161–180. http://www.ijbs.unimas.my/images/repository/pdf/Vol19-no1-paper11.pdf
- Donaldson, L. (1995). American anti-management theories of organization: A critique of paradigm proliferation. Cambridge University Press.
- Drew, J. M., & Cross, C. (2013). Fraud and its PREY: Conceptualising social engineering tactics and its impact on financial literacy outcomes. Journal of Financial Services Marketing, 18(3), 188–198. https://doi.org/https://doi.org/10.1057/fsm.2013.14
- Fernandez-Aleman, J. L., Sanchez-Henarejos, A., Toval, A., Sanchez-Garcia, A. B., Hernandez-Hernandez, I., & Fernandez-Luque, L. (2015). Analysis of health professional security behaviors in a real clinical setting: An empirical study. International Journal of Medical Informatics, 84(6), 454–467. https://doi.org/https://doi.org/10.1016/j.ijmedinf.2015.01.010
- Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory. Aldine Publishing Company.
- Glebovskiy, A. (2019). Inherent criminogenesis in business organisations. Journal of Financial Crime, 26(2), 432–446. https://doi.org/https://doi.org/10.1108/JFC-01-2018-0010
- Gonzalez, G. C., & Hoffman, V. B. (2018). Continuous auditing’s effectiveness as a fraud deterrent. Auditing: A Journal of Practice & Theory, 37(2), 225–247. https://doi.org/https://doi.org/10.2308/ajpt-51828
- Gottschalk, P. (2018). Convenience triangle in white-collar crime: Case studies of relationships between motive, opportunity, and willingness. International Journal of Law, Crime and Justice, 55, 80–87. https://doi.org/https://doi.org/10.1016/j.ijlcj.2018.10.001
- Gottschalk, P., & Tcherni-Buzzeo, M. (2016). Reasons for gaps in crime reporting: The case of white-collar criminals investigated by private fraud examiners in Norway. Deviant Behavior, 38(3), 267–281. https://doi.org/https://doi.org/10.1080/01639625.2016.1196993
- Grant, D. S., Bergesen, A. J., & Jones, A. W. (2002). Organizational size and pollution: The case of the U.S. chemical industry. American Sociological Review, 67(3), 389–407. https://doi.org/https://doi.org/10.2307/3088963
- Greenberg, J. (1990). Employee theft as a reaction to underpayment inequity: The hidden cost of pay cuts. Journal of Applied Psychology, 75(5), 561–568. https://doi.org/https://doi.org/10.1037/0021-9010.75.5.561
- Hatfield, J. M. (2018). Social engineering in cybersecurity: The evolution of a concept. Computers & Security, 73, 102–113. https://doi.org/https://doi.org/10.1016/j.cose.2017.10.008
- Henisz, W. J., & Delios, A. (2001). Uncertainty, imitation, and plant location: Japanese multinational corporations, 1990–1996. Administrative Science Quarterly, 46(3), 443–475. https://doi.org/https://doi.org/10.2307/3094871
- Holt, T. J. (2009). Lone hacks or group cracks. In F. Schmalleger & M. Pittaro (Eds.), Crimes of the internet (pp. 336–355). Pearson Education.
- Holt, T. J. (2010). Examining the role of technology in the formation of deviant subcultures. Social Science Computer Review, 28(4), 466–481. https://doi.org/https://doi.org/10.1177/0894439309351344
- Holt, T. J., & Graves, D. C. (2007). A qualitative analysis of advance fee fraud e-mail schemes. International Journal of Cyber Criminology, 1(1), 137–154. http://www.cybercrimejournal.com/thomasdanielleijcc.pdf
- Holtfreter, K. (2005). Is occupational fraud ‘typical’ white-collar crime? A comparison of individual and organizational characteristics. Journal of Criminal Justice, 33(4), 353–365. https://doi.org/https://doi.org/10.1016/j.jcrimjus.2005.04.005
- Holtfreter, K. (2008). Determinants of fraud losses in nonprofit organizations. Nonprofit Management & Leadership, 19(1), 45–63. https://doi.org/https://doi.org/10.1002/nml.204
- Huang, W., & Brockman, A. (2011). Social engineering exploitations in online communications: Examining persuasions used in fraudulent emails. In T. Holt (Ed.), Crime online (pp. 87–111). Carolina Academic Press.
- Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics, 3(4), 305–360. https://doi.org/https://doi.org/10.1016/0304-405X(76)90026-X
- Kearney, W. D., & Kruger, H. A. (2013). A framework for good corporate governance and organizational learning: An empirical study. International Journal of Cybersecurity and Digital Forensics, 2(1), 36–47. http://oaji.net/articles/2014/541-1394064140.pdf
- Kennedy, J. P. (2016). Functional redundancy as a response to employee theft within small businesses. Security Journal, 30(1), 162–183. https://doi.org/https://doi.org/10.1057/sj.2015.37
- Kennedy, J. P. (2018). Asset misappropriation in small businesses. Journal of Financial Crime, 25(2), 369–383. https://doi.org/https://doi.org/10.1108/JFC-01-2017-0004
- Kennedy, J. P. (2020). Organizational and macro-level corporate crime theories. In M. L. Rorie (Ed.), The handbook of white-collar crime (pp. 175–190). Wiley.
- Kimberly, J. R. (1976). Organizational size and the structuralist perspective: A review, critique, and proposal. Administrative Science Quarterly, 21(4), 571–597. https://doi.org/https://doi.org/10.2307/2391717
- King, A., & Thomas, J. (2009). You can’t cheat an honest man: Making ($$$s and) sense of the Nigerian e-mail scams. In F. Schmalleger & M. Pittaro (Eds.), Crimes of the Internet (pp. 206–224). Prentice Hall.
- Kweon, E., Lee, H., Chai, S., & Yoo, K. (2019). The utility of information security training and education on cybersecurity incidents: Empirical evidence. Information System Frontiers, 23, 1–13. Advance online publication. https://doi.org/https://doi.org/10.1007/s10796-019-09977-z
- Lawson, P., Zielinska, O., Pearson, C., & Mayhorn, C. B. (2017). Interaction of personality and persuasion tactics in email phishing attacks. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 61(1), 1331–1333. https://doi.org/https://doi.org/10.1177/1541931213601815
- Maguire, E. R. (2003). Organizational structure in American police agencies. State University of New York Press.
- Mansfield-Devine, S. (2016). The imitation game: How business email comprise scams are robbing organizations. Computer Fraud and Security, 2016(11), 5–10. https://doi.org/https://doi.org/10.1016/S1361-3723(16)30089-6
- McLean, S. (2013). Beware the botnets: Cyber security is a board level issue. Intellectual Property & Technology Law Journal, 25(12), 22–27. https://www.proquest.com/scholarly-journals/beware-botnets-cyber-security-is-board-level/docview/1462212941/se-2?accountid=201395
- Medlin, B. D., Cazier, J. A., & Foulk, D. P. (2008). Analyzing the vulnerability of U.S. hospitals to social engineering attacks: How many of your employees would share their password? International Journal of Information Security and Privacy, 2(1), 71–83. https://doi.org/https://doi.org/10.4018/jisp.2008070106
- Morrison, P., Williams, L., & Smith, B. H. (2017). Measuring security practice use: A case study at IBM. In ACM 5th international workshop on conducting empirical studies in industry (pp. 16–22). Buenos Aires, Argentina: Association for Computing Machinery (ACM).
- Nix, J., & Wolfe, S. E. (2016). Sensitivity to the Ferguson effect: The role of managerial organizational justice. Journal of Criminal Justice, 47, 12–20. https://doi.org/https://doi.org/10.1016/j.jcrimjus.2016.06.002
- Ocasio, W. (1999). Institutionalized action and corporate governance: The reliance on rules of CEO succession. Administrative Science Quarterly, 44(2), 384–416. https://doi.org/https://doi.org/10.2307/2667000
- Parilla, P. F., Hollinger, R. C., & Clark, J. P. (1988). Organizational control of deviant behavior: The case of employee theft. Social Science Quarterly, 69(2), 261–280. https://www.jstor.org/stable/42862396
- Peltier-Rivest, D. (2009). An analysis of victims of occupational fraud: A Canadian perspective. Journal of Financial Crime, 16(1), 60–66. https://doi.org/https://doi.org/10.1108/13590790910924966
- Pogarsky, G., Roche, S. P., & Pickett, J. T. (2017). Heuristics and biases, rational choice, and sanction perceptions. Criminology, 55(1), 85–111. https://doi.org/https://doi.org/10.1111/1745-9125.12129
- Posey, C., Raja, U., Crossler, R. E., & Burns, A. J. (2017). Taking stock of organizations’ protection of privacy: Caetgorizing and assessing threats to personally identifiable information in the USA. European Journal of Informational Systems, 26(1), 585–604. https://doi.org/https://doi.org/10.1057/s41303-017-0065-y
- Pusch, N., & Holtfreter, K. (2021). Individual and organizational predictors of white-collar crime: A meta-analysis. Journal of White Collar and Corporate Crime, 2(1), 5–23. https://doi.org/https://doi.org/10.1177/2631309X19901317
- Riney, R. A. (2018, April). Two-step fraud defense system: Prevention and detection. Journal of Corporate Accounting & Finance, 29(2), 74–86. https://doi.org/https://doi.org/10.1002/jcaf.22336
- Rizzo, J. R., House, R. J., & Lirtzman, S. I. (1970). Role conflict and ambiguity in complex organizations. Administrative Science Quarterly, 15(2), 150–163. https://doi.org/https://doi.org/10.2307/2391486
- Sampson, R. J., Raudenbush, S. W., & Earls, F. (1997). Neighborhoods and violent crime: A multilevel study of collective efficacy. Science, 277(5328), 918–924. https://doi.org/https://doi.org/10.1126/science.277.5328.918
- Schell, B. H., & Holt, T. J. (2010). A profile of the demographics, psychological predispositions, and social/behavioral patterns of computer hacker insiders and outsiders. In T. J. Holt & B. H. Schell (Eds.), Corporate hacking and technology-driven crime (pp. 190–213). IGI Global.
- Schell, B. H., & Melnychuck, J. (2010). Female and male hacker conference attendees. In T. J. Holt & B. H. Schell (Eds.), Corporate hacking and technology-driven crime (pp. 144–168). IGI Global.
- Scott, W. R., & Davis, G. F. (2007). Organizations and organizing. Routledge.
- Sebescen, N., & Vitak, J. (2017). Securing the human: Employee security vulnerability risk in organizational settings. Journal of the Association for Information Science & Technology, 68(9), 2237–2247. https://doi.org/https://doi.org/10.1002/asi.23851
- Shepherd, D., & Button, M. (2019). Organizational inhibitions to addressing occupational fraud: A theory of differential rationalization. Deviant Behavior, 40(8), 971–991. https://doi.org/https://doi.org/10.1080/01639625.2018.1453009
- Shover, N., & Hochstetler, A. (2006). Choosing white-collar crime. Cambridge University Press.
- Simon, H. A., & Newell, A. (1958). Heuristic problem solving. Operations Research, 6(1), 1–10. https://doi.org/https://doi.org/10.1287/opre.6.1.1
- Simpson, S. S. (2013). White-collar crime: A review of recent developments and promising directions for future research. Annual Review of Sociology, 39(1), 309–331. https://doi.org/https://doi.org/10.1146/annurev-soc-071811-145546
- Skogan, W. G. (2008). Why reforms fail. Policing and Society, 18(1), 23–34. https://doi.org/https://doi.org/10.1080/10439460701718534
- Standing, C., Mingers, J., & Standing, S. (2018). The use of social media in supporting the development of open organizations for innovation. Systems Research and Behavioral Science, 35(6), 838–855. https://doi.org/https://doi.org/10.1002/sres.2521
- Steinmetz, K. F. (2016). Hacked. NYU Press.
- Steinmetz, K. F., Pimentel, A., & Goe, W. R. (2019). Decrypting social engineering: An analysis of conceptual ambiguity. Critical Criminology. Advance online publication. https://doi.org/https://doi.org/10.1007/s10612-019-09461-9
- Suh, J. B., & Shim, H. S. (2020). The effect of ethical corporate culture on anti-fraud strategies in South Korean financial companies: Mediation of whistleblowing and a sectoral comparison approach in depository institutions. International Journal of Law, Crime, and Justice, 60(1), 1–12. https://doi.org/https://doi.org/10.1016/j.ijlcj.2019.100361
- Sutherland, E., & Cressey, D. (1974). Principles of criminology (9th ed.). Lippincott.
- Sykes, G. M., & Matza, D. (1957). Techniques of neutralization: A theory of delinquency. American Sociological Review, 22(6), 664–670. https://doi.org/https://doi.org/10.2307/2089195
- Tomlinson, E., & Pozzuto, A. (2016). Criminal decision making in organizational contexts. In S. R. van Slyke, M. L. Benson, & F. T. Cullen (Eds.), The Oxford handbook of white-collar crime (pp. 367–381). Oxford University Press.
- Van Akkeren, J., & Buckby, S. (2017). Perceptions of the causes of individual and fraudulent co-offending: Views of forensic accountants. Journal of Business Ethics, 146(2), 383–404. https://doi.org/https://doi.org/10.1007/s10551-015-2881-0
- Verizon. (2020). 2020 data breach investigations report. Retrieved August 10, 2020, from https://enterprise.verizon.com/resources/reports/dbir/
- Weisbord, M. R. (2012). Productive workplaces. Jossey-Bass.
- Whitty, M. T. (2019). Predicting susceptibility to cyber-fraud victimhood. Journal of Financial Crime, 26(1), 277–292. https://doi.org/https://doi.org/10.1108/JFC-10-2017-0095
- Williamson, O. E. (1970). Corporate control and business behavior. Prentice-Hall.
- Willison, R., & Backhouse, J. (2006). Opportunities for computer crime: Considering systems risk from a criminological perspective. European Journal of Information Systems, 15(1), 403–414. https://doi.org/https://doi.org/10.1057/palgrave.ejis.3000592
- Wooten, T. C., Coker, J. W., & Elmore, R. C. (2003). Financial control in religious organizations. Nonprofit Management & Leadership, 13(4), 343–365. https://doi.org/https://doi.org/10.1002/nml.4
- Yekini, K., Ohalehi, P., Oguchi, I., & Abiola, J. (2018). Workplace fraud and theft in SMEs: Evidence from the mobile phone telephone sector in Nigeria. Journal of Financial Crime, 25(4), 969–983. https://doi.org/https://doi.org/10.1108/JFC-03-2017-0025