Abstract
The continued rise in information security threats has created a sustained risk to the competitiveness of businesses using computerised technology, particularly in Africa. It is posited that employees are the weakest link to the security of information systems across African businesses. The persistent affirmative campaigns in the fields of science, technology, engineering, and mathematics (STEM) has seen a steady rise of women employees entering the Information Technology (IT) industry. On one hand, this has presented new opportunities for women to play a more meaningful and significant contribution to IT in the advent of cyberfeminism. On the other hand, women now constitute great risk to the security of information systems. This emergent trend in Africa challenges the traditional paradigms where men accounted for higher percentages of sophisticated use of and threat to IT systems. The study applied the descriptive research design to describe the level of efficacy presented by women working in South African organisations. The intention was neither to formulate nor to test any hypothesis, but to use descriptive statistics to understand women’s efficacy, and the potential insider threat women could pose. A total number of 155 closed-ended questionnaires were distributed to women and men working in businesses operating in South Africa. 150 responses were obtained. A computerised statistical analysis software was used to analyse data. Results show that while both women and men had a reasonable understanding of information security tenets, women were perceived to be more cautious regarding how they expressed this understanding. The work is of significance to those in business practice in Africa because of the understanding that men will no longer be seen as the primary malefactors for information security threats. The implication for this study is that as more women are encouraged to pursue STEM disciplines, they will equally become weak links to the security of information systems. It is theorised that gender will no longer be a factor in determining security threat.