Effects of Cybercrime Management on Information Security of selected Hotels in Nairobi Kenya

Abstract

Information assets are critical to any business and paramount to the survival of any organization in today's globalized digital economy. Unauthorized information leak, which is intolerable, often indicates poor or inadequate information security measures. Internationally, hotels have in recent years become targets for cybercrimes as they form rich grounds of information and data needed to commit cyber-crimes. Cybercrime management can be divided into aspects such as cyber-threats, security frameworks policies, and management appreciation of the business value of IT investments. These factors have a significant influence on an organization's information security. The purpose of this study was to investigate the effects of cybercrimes on information security of selected hotels in Nairobi Kenya. The objectives of the study were: To investigate the existing security framework policies adopted by selected hotels in Kenya to ensure information security; To establish the common types of cyber-threats and their effect on information security; and To determine management appreciation of the business value of IT investments in ensuring information security. Descriptive and explanatory research design was adopted for the study. The target population was 935 and a sample size 280 from four selected hotels was used. Purposive sampling was used to select hotels for the study, stratified sampling to stratify respondents into departments and simple random sampling was used to select individual respondents. Semi-structured questionnaires were used to collect data from the management and the IT department personnel while structured questionnaires were used for the employees. Secondary sources of data were used to supplement data collected from the field. The data collection instruments were tested using Cronbach‘s alpha for reliability and a pilot study was used to test for validity of the instruments. The data were analyzed using descriptive statistics, factor analysis and multiple regression. From data analysis the regression model indicated that three aspects of cybercrimes explained to a large extent the variance of information security. Further analysis of the data revealed that both cyber- threats and management appreciation affected information security with cyber threat having the highest influence. The study concluded that cyber-threats such as malware strongly influenced information security, followed by a management appreciation of the business value of IT investments in terms of budget allocation as the strongest influences of information security. These are consistent with and supports prior research that these aspects of cybercrime affected information security of organizations in other countries. The study recommends a regular (monthly) and complete review and full implementation of information security structures, regular and collective collaboration of hotels and cybercrime police on cybercrime incidences and also additional funding and support of the IT investments to ensure information security.