CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


Martha T. Snyder

Committee Member

Yair Levy

Committee Member

Ling Wang


deterrence theory, Indonesia, information security, knowledge hiding, small and medium-sized businesses (SMBs)


Information Systems (IS) misuse can result in cyberattacks such as denial-of-service, phishing, malware, and business email compromise. The study of factors that contribute to the misuse of IS resources is well-documented and empirical research has supported the value of approaches that can be used to deter IS misuse among employees; however, age and cultural nuances exist. Research focusing on older workers and how they can help to deter IS misuse among employees and support cybersecurity countermeasures within developing countries is in its nascent stages. The goal of this study was two-fold. The first goal was to assess what older workers within Indonesian Small to Medium-sized Businesses (SMBs) do to acquire, apply, and share information security countermeasures aimed at mitigating cyberattacks. The second goal was to assess if and how younger workers share information security countermeasures with their older colleagues.

Using a qualitative case study approach, semi-structured interviews were conducted with five dyads of older (50-55 years) and younger (25-45 years) workers from five SMBs in Jakarta, Indonesia. A thematic analysis approach was used to analyze the interview data, where each dyad represented a unit of analysis. The data were organized into three main themes including 1) Indonesian government IS policy and oversight, which included one topic (stronger government IS oversight needed); 2) SMB IS practices, which included three topics (SMB management issues, SMB budget constraints, SMB diligent IS practices, and IS insider threat); and 3) SMB worker IS practices, which included three topics (younger worker job performance, IS worker compliance issues, older worker IS practices) and five sub-topics under older worker IS practices (older worker diligent in IS, older worker IS challenged, older worker riskier IS practices, older worker more IS dependent, and older worker more forgetful on IS practices).

Results indicated that older and younger workers at Indonesian SMBs acquire, apply, and share information security countermeasures in a similar manner: through IS information dissemination from the SMB and through communication from co-workers. Also, while younger workers share IS countermeasures freely with their older co-workers, some have negative perceptions that older co-workers are slower and less proficient in IS. Overall, participants reported positive and cohesive teamwork between older and younger workers at SMBs through strong IS collaboration and transparent information sharing.

The contribution of this research is that it provides valuable empirical data on older worker behavior and social dynamics in Indonesian organizations. This was a context-specific study aimed at better understanding the situationalities of older workers within organizations in the developing country of Indonesia and how knowledge is shared within the organization. This assessment of cybersecurity knowledge acquisition, skill implementation, and knowledge sharing contributes to the development of organization-wide cybersecurity practices that can be used to strengthen Indonesian SMBs and other organizations in developing countries. This study also provides a blueprint for researchers to replicate and extend this line of inquiry. Finally, the results could shed light on how older workers can be a productive part of the solution to information security issues in the workplace.