THE IMPACT OF CYBERSECURITY MEASURES ON THE FREQUENCY OF

SECURITY INCIDENTS IN CORPORATE ENVIRONMENTS AMONG

EDUCATIONAL INSTITUTIONS, IN THIKA, KIAMBU COUNTY

STUDENT NAME: AKECH GREGORY DENG

ADMISSION NUMBER: 15533

A RESEARCH PROPOSAL SUBMITTED TO KICJ AS PARTIAL FULFILLMENT

FOR THE DIPLOMA IN SECURITY MANAGEMENT

I declare that this is my original work and has not been submitted to any institution for marking

or an award.

Name: Akech Gregory Deng

Signature:………………………………………. Date:………………………………

ii
 RECOMMENDATION

The work presented herein is correct to the best of my knowledge as the college supervisor.

Name: Katiwa Lydia

Signature:………………………………………. Date:………………………………

iii
 DEDICATION

This work is dedicated to my parents for their unwavering support and encouragement. I also

dedicate it to all those who strive for security in educational environments.

iv
 ACKNOWLEDGMENT

I would like to express my deepest gratitude to God for providing me with the strength and

wisdom to undertake this research. I also extend my heartfelt thanks to my parents for their

endless support and encouragement throughout this journey. Additionally, I appreciate the

guidance and support from my supervisor, Katiwa Lydia, and all the faculty members at KICJ.

My sincere thanks go to my friends and colleagues who provided valuable insights and

assistance during the research process.

v
 EXECUTIVE SUMMARY

In the digital age, cybersecurity has become a critical concern for institutions that handle vast

amounts of sensitive data, including educational organizations. This study focuses on Mount

Kenya University in Thika, Kiambu County, to examine the impact of cybersecurity measures on

the frequency of security incidents in a corporate environment. As cyber threats increase in

sophistication, it is essential to understand the effectiveness of existing cybersecurity strategies

in mitigating breaches and safeguarding institutional data (Anderson, 2022).

The study sets out to achieve several objectives. Firstly, it aims to establish the relationship

between the implemented cybersecurity measures and the frequency of security incidents at

Mount Kenya University (Graham & David, 2019). Additionally, the research will investigate

how varying rates of security incidents affect the effectiveness of these cybersecurity protocols

(Sharma, 2021). The underlying causes contributing to security breaches will also be identified,

along with an evaluation of the effectiveness of current cybersecurity measures (Thompson &

Davies, 2020). The study will further examine the role of employee training, technological

advancements, and institutional cybersecurity policies in mitigating the risk of security incidents

(Kshetri, 2018). External threats such as hackers and malware, as well as the cost implications of

cybersecurity investments, will also be explored (Anderson, 2022).

A quantitative research methodology will be employed, primarily using structured questionnaires

to gather data from IT staff, administrators, and security personnel at Mount Kenya University.

The data collected will be analyzed to determine patterns, correlations, and the overall

effectiveness of current security strategies (Thompson & Davies, 2020). These findings will

inform recommendations on improving cybersecurity frameworks and implementing best

practices to reduce security breaches (Graham & David, 2019).

vi
This research will contribute significantly to enhancing cybersecurity at Mount Kenya University

and beyond. The findings are expected to provide actionable insights into strengthening security

measures and addressing gaps in the current strategies (Sharma, 2021). By offering evidence-

based recommendations, the study will aid decision-makers in shaping more robust policies and

investing in technologies and training programs that enhance institutional security (Kshetri,

2018).

vii
 ABSTRACT

The rapid evolution of cyber threats has posed significant challenges to institutions worldwide,

particularly educational institutions that handle vast amounts of sensitive data. Mount Kenya

University, located in Thika, Kiambu County, is no exception. This research examines the

impact of cybersecurity measures on the frequency of security incidents within the university's

corporate environment. The overarching aim is to assess the effectiveness of current

cybersecurity protocols, identify potential gaps, and provide recommendations for mitigating

security breaches.

Cybersecurity incidents have a profound effect on institutions, leading to financial losses,

damage to reputation, and compromised data security (Graham & David, 2019). This study sets

out to establish a relationship between cybersecurity measures and the frequency of security

breaches, with a particular focus on how these incidents affect institutional operations. The

study’s specific objectives include evaluating the effectiveness of current security measures,

determining how employee training impacts cybersecurity, analyzing the role of technological

advancements, and exploring the implications of institutional policies on the frequency of

breaches (Sharma, 2021).

A quantitative research methodology will be employed to achieve these objectives. Data will be

collected through questionnaires distributed to IT personnel, administrators, and security staff at

Mount Kenya University. This approach will allow for a thorough analysis of the institution’s

current cybersecurity framework, identifying key areas of vulnerability. The analysis will also

focus on external threats, such as malware and hacking attempts, and how these threats

contribute to the frequency of security incidents (Kshetri, 2018). The results will provide

viii
valuable insights into the role of employee training in enhancing cybersecurity effectiveness and

the cost implications of maintaining robust cybersecurity systems (Thompson & Davies, 2020).

A key component of this research is examining how advancements in technology influence the

frequency of security incidents. While new technologies offer increased protection, they also

present new challenges, such as more sophisticated cyber-attacks. This dual impact will be

explored, with an emphasis on understanding the benefits and drawbacks of emerging

technologies within the context of cybersecurity (Anderson, 2022). Furthermore, the study will

assess best practices in cybersecurity that correlate with a reduced frequency of incidents.

Identifying these practices will allow the university to make data-driven decisions regarding

future cybersecurity investments.

The significance of this study lies in its potential to inform decision-making at Mount Kenya

University and other educational institutions facing similar challenges. As cyber threats continue

to evolve, it is imperative that institutions continually evaluate and upgrade their security

frameworks. The results of this study will not only enhance Mount Kenya University’s ability to

protect its systems and data but also provide a broader contribution to the understanding of

cybersecurity in educational environments (Sharma, 2021). Recommendations will be made for

improving employee training, updating technological infrastructure, and refining institutional

policies to create a more secure digital environment (Kshetri, 2018).

The expected findings of this research include a clear correlation between the implementation of

advanced cybersecurity measures and a decrease in the frequency of security incidents. The

study also anticipates identifying gaps in the current cybersecurity policies and highlighting the

importance of employee training and awareness in minimizing security risks. Additionally, the

ix
cost-benefit analysis of cybersecurity investments will offer practical insights into how

institutions can allocate resources more effectively to enhance security.

In conclusion, this research is expected to provide actionable insights into how educational

institutions, particularly Mount Kenya University, can mitigate the risks associated with cyber

threats. By analyzing current security measures, technological advancements, and employee

training programs, this study will offer a comprehensive framework for strengthening

cybersecurity and reducing the frequency of incidents in a corporate educational environment.

As cyber threats continue to evolve, the findings from this research will play a critical role in

shaping the future of cybersecurity in educational institutions (Graham & David, 2019).

x
 TABLE OF CONTENTS

DECLARATION...........................................................................................................................ii

RECOMMENDATION...............................................................................................................iii

DEDICATION..............................................................................................................................iv

ACKNOWLEDGMENT...............................................................................................................v

EXECUTIVE SUMMARY..........................................................................................................vi

ABSTRACT................................................................................................................................viii

TABLE OF CONTENTS.............................................................................................................xi

LIST OF TABLES......................................................................................................................xiv

ACRONYMS AND ABBREVIATIONS....................................................................................xv

OPERATIONAL DEFINITION OF TERMS:........................................................................xvi

CHAPTER ONE: INTRODUCTION..........................................................................................1

1.0 Overview....................................................................................................................................1

1.1 Background of the Study...........................................................................................................1

1.2 Statement of the Problem...........................................................................................................5

1.3 Purpose of the Study..................................................................................................................5

1.4 Objectives of the Study..............................................................................................................6

1.5 Research Questions....................................................................................................................7

1.6 Hypothesis of the Study.............................................................................................................8

1.7 Significance of the Study...........................................................................................................8

1.8 Limitations of the Study............................................................................................................9

1.9 Assumptions of the Study........................................................................................................10

1.10 Theoretical Framework..........................................................................................................11

xi
1.10.1 Protection Motivation Theory (PMT).................................................................................11

1.10.2 General Deterrence Theory (GDT).....................................................................................12

CHAPTER TWO: LITERATURE REVIEW...........................................................................14

2.0 Introduction..............................................................................................................................14

2.1 Review of Related Literature...................................................................................................14

2.1.1 The Relationship Between Cybersecurity Measures and the Frequency of Security

Incidents.............................................................................................................................15

2.1.2 Impact of the Frequency of Security Incidents on the Effectiveness of Cybersecurity

Measures............................................................................................................................15

2.1.3 Causes of the Frequency of Security Incidents.....................................................................16

2.1.4 Effectiveness of Current Cybersecurity Measures in Mitigating Security Incidents...........16

2.1.5 The Role of Employee Training in Cybersecurity Effectiveness.........................................16

2.1.6 Impact of Technological Advancements on the Frequency of Security Incidents...............17

2.1.7 The Relationship Between Cybersecurity Policies and the Frequency of Security Incidents

...........................................................................................................................................17

2.1.8 Role of External Threats in the Frequency of Security Incidents.........................................17

2.1.9 Best Practices in Cybersecurity and Their Correlation with the Frequency of Security

Incidents.............................................................................................................................18

2.1.10 Cost Implications of Cybersecurity Measures on the Frequency and Severity of Security

Incidents.............................................................................................................................18

CHAPTER THREE: RESEARCH METHODOLOGY..........................................................20

3.0 Introduction..............................................................................................................................20

3.1 Research Design......................................................................................................................20

xii
3.2 Population of the Study...........................................................................................................21

3.3 Sample Size.............................................................................................................................22

3.4 Sampling Techniques...............................................................................................................23

3.5 Data Collection Procedures.....................................................................................................24

3.6 Data Analysis Procedures........................................................................................................27

3.7 Ethical Considerations.............................................................................................................28

REFERENCES............................................................................................................................31

APPENDICES..............................................................................................................................33

Appendix 1: Sample Questionnaire...............................................................................................33

xiii
 LIST OF TABLES

Table 3. 1 : Distribution of the Total Population by Gender, Age and Department......................22

Table 3. 2 : Sample Size and Distribution of Respondents...........................................................23

Table 3. 3 : Sampling Techniques Used in the Study....................................................................23

Table 3. 4 : Structure of the Questionnaire....................................................................................26

xiv
 ACRONYMS AND ABBREVIATIONS

AI - Artificial Intelligence

APT - Advanced Persistent Threat

CCTV - Closed-Circuit Television

DDoS - Distributed Denial of Service

GDPR - General Data Protection Regulation

ICT - Information and Communication Technology

IDS - Intrusion Detection System

ISP - Internet Service Provider

IT - Information Technology

MFA - Multi-Factor Authentication

MKU - Mount Kenya University

NIST - National Institute of Standards and Technology

SOC - Security Operations Center

VPN - Virtual Private Network

xv
 OPERATIONAL DEFINITION OF TERMS:

Cybersecurity Protocols: Refers to the comprehensive set of technologies, strategies, and

practices employed to safeguard digital systems from cyber threats. In this study, cybersecurity

protocols encompass tools such as firewalls, data encryption, multi-factor authentication, and

employee awareness training.

Security Breach Incidents: Denotes any event or occurrence that jeopardizes the

confidentiality, integrity, or availability of information systems. Within this research, security

breach incidents include, but are not limited to, phishing attempts, malware infections, data

breaches, and unauthorized system access.

Incident Occurrence Frequency: The rate or number of times security-related incidents are

reported within a given timeframe. This study quantifies the frequency of incidents, such as

malware attacks and phishing schemes, over a two-year span from 2022 to 2024.

Mount Kenya University (MKU): A prominent higher education institution located in Thika,

Kiambu County, which serves as the focal point of this research. The study examines the

cybersecurity measures implemented at MKU and evaluates their efficacy in curbing security

breaches.

Information Technology (IT) Professionals: Refers to the individuals tasked with overseeing

and maintaining Mount Kenya University's digital infrastructure. These professionals are key

respondents in this study, offering valuable insights into the cybersecurity practices in place.

Phishing Exploits: A malicious tactic where attackers impersonate legitimate entities in

electronic communications in an attempt to steal sensitive information. This study evaluates the

prevalence of phishing exploits as a specific type of security incident encountered at MKU.

xvi
Data Compromise: Occurs when unauthorized parties gain access to sensitive or confidential

information. In this research, data compromises are analyzed as part of the broader set of security

breach incidents, with attention to their frequency and correlation with cybersecurity protocols.

Malicious Software (Malware): Harmful software designed to infiltrate, damage, or disable

computer systems. This research investigates the incidence of malware infections as one of the

critical types of security threats at Mount Kenya University.

Cybersecurity Training Programs: The organized efforts to educate employees on identifying,

preventing, and responding to cyber threats. The study assesses the impact of these training

initiatives on reducing the number of security incidents at the university.

Multi-Factor Authentication (MFA): A layered security system that requires two or more

verification steps to access sensitive information or systems. This research explores the role of

MFA in preventing unauthorized access to the university's digital resources.

xvii
 CHAPTER ONE: INTRODUCTION

1.0 Overview

This chapter introduces the study on the impact of cybersecurity measures on the frequency of

security incidents at Mount Kenya University in Thika, Kiambu County. With the rise of cyber

threats targeting educational institutions, there is a growing need to implement robust security

measures to protect sensitive data and systems. The chapter presents the background of the study,

the research problem, and the key objectives. Additionally, it highlights the importance of

understanding how effective cybersecurity measures are in reducing security breaches, data theft,

and other cyber risks in the university’s corporate environment (Anderson, 2022). This chapter

also sets the stage for discussing the theoretical and conceptual frameworks that guide the

research, providing a foundation for the methodology and analysis that follows (Graham &

David, 2019). Through this study, the effectiveness of cybersecurity protocols in academic

institutions will be evaluated, contributing to a safer digital landscape for Mount Kenya

University and similar institutions (Sharma, 2021).

1.1 Background of the Study

Cybersecurity has become one of the most pressing global concerns in today’s digital age,

affecting industries, governments, and institutions alike. The rise of cyber threats, including data

breaches, ransomware, phishing, and hacking, has led to significant financial and reputational

damage to organizations. Globally, the annual cost of cybercrime is projected to reach $10.5

trillion by 2025, making it one of the most economically damaging crimes in history (Morgan et

al., 2020).

Educational institutions, traditionally seen as low-priority targets, are now experiencing a surge

in cyberattacks due to the valuable personal and academic data they store (Sharma et al., 2021).

1
Universities across the world, including prominent institutions in the United States and Europe,

have suffered major security breaches, leading to compromised sensitive information and

disrupted academic operations.

The transition to digital learning, accelerated by the COVID-19 pandemic, has further increased

the vulnerability of these institutions to cyber threats. A 2021 report indicated that cyberattacks

on educational institutions globally increased by 30% as universities rapidly shifted to online

learning platforms (Anderson et al., 2022). This surge in attacks underscores the need for robust

cybersecurity measures to protect not only sensitive data but also the continuity of education

services in an increasingly digital environment.

Regional Perspective: Africa’s Cybersecurity Challenges

In the African context, cybersecurity has emerged as a growing concern as more countries

embrace digital infrastructure. The rapid growth of internet penetration across the continent,

coupled with a lack of adequate cybersecurity infrastructure, has left many African nations

vulnerable to cyberattacks. Africa saw an alarming rise in cybercrime, with over 50 million

cyberattacks reported in 2021, with significant financial and data loss in both government and

corporate institutions (Kshetri et al., 2020). In South Africa, for example, the banking and

financial sectors have been heavily targeted by cybercriminals, resulting in losses amounting to

millions of dollars. Similarly, in Nigeria, the cybersecurity landscape remains fragile, with both

government and private sectors suffering from frequent data breaches and ransomware attacks

(Asamoah et al., 2019).

Educational institutions in Africa are particularly susceptible to cyber threats, as many lack the

advanced cybersecurity tools needed to defend against sophisticated attacks. The rise of digital

education, coupled with insufficient investment in cybersecurity infrastructure, has created a

2
fertile ground for cybercriminals. African universities, which house valuable research data,

student information, and institutional records, have become targets for attackers seeking to

exploit weak security measures. With the rise of cyberattacks on institutions in Africa, there is an

urgent need for capacity building and investment in cybersecurity protocols to protect these

institutions and ensure the safety of their data (Graham et al., 2019).

National Perspective: The Impact of Cybersecurity Challenges in Kenya

Kenya is one of the leading countries in East Africa in terms of internet penetration and digital

transformation. However, this growth has come with its own set of challenges. Cybersecurity

remains a critical issue in Kenya as the country experiences an increasing number of

cyberattacks targeting both public and private institutions. In 2020 alone, Kenya witnessed more

than 37 million cyber threats, with the financial sector being the hardest hit (Communications

Authority of Kenya, 2020). The rise in mobile banking and digital transactions has made the

country vulnerable to hackers and cybercriminals, resulting in significant financial losses.

In the education sector, universities and colleges in Kenya have also become key targets for

cyberattacks. Institutions such as Kenyatta University and the University of Nairobi have

reported cases of hacking attempts aimed at accessing sensitive academic records and student

data (Muema et al., 2021). The shift to online learning and digital examination systems during

the COVID-19 pandemic exposed these institutions to increased security risks, with several

instances of exam leaks and system breaches reported across the country.

The Kenyan government, through the Communications Authority of Kenya and the National

Cybersecurity Strategy, has made efforts to improve cybersecurity awareness and build capacity

in combating cyber threats. However, despite these efforts, the country’s cybersecurity

framework still faces significant challenges. Many institutions lack adequate resources and

3
expertise to implement effective cybersecurity measures, leaving them vulnerable to attacks

(Wamuyu et al., 2021). As Kenya continues to advance in its digital transformation agenda, there

is an increasing need for universities and other educational institutions to invest in

comprehensive cybersecurity measures to protect their data and maintain their reputation.

Local Perspective: Cybersecurity Concerns in Thika, Kiambu County

At the county level, institutions in Thika, Kiambu County, are not immune to the growing

cybersecurity threats affecting the nation. With institutions such as Mount Kenya University and

several other colleges in the area, the region has witnessed a growing number of cyber incidents.

Mount Kenya University, in particular, has faced challenges related to cybersecurity, especially

in the context of online learning and digital management systems (Wachira et al., 2022). The

university has experienced instances of data breaches, phishing attempts, and unauthorized

access to its internal systems, raising concerns over the safety of student and institutional data.

Despite the growing awareness of cybersecurity risks in Thika, many educational institutions still

lack the necessary security infrastructure to mitigate these threats effectively. The limited

financial resources allocated to cybersecurity and the absence of trained cybersecurity

professionals have left gaps in the defense mechanisms of these institutions. As digital education

continues to grow in popularity, especially after the COVID-19 pandemic, the cybersecurity risks

in Thika and the wider Kiambu County will likely intensify (Njuguna et al., 2021). In summary,

the global, regional, national, and local contexts indicate that educational institutions are

becoming increasingly vulnerable to cyberattacks. This research seeks to examine the impact of

cybersecurity measures at Mount Kenya University, aiming to understand the effectiveness of

the existing protocols and identify areas for improvement. As the frequency and sophistication of

4
cyber threats continue to rise, it is essential for institutions to adopt comprehensive cybersecurity

strategies to protect their data and maintain operational continuity.

1.2 Statement of the Problem

Despite the growing awareness of cybersecurity risks and the adoption of digital education

systems, educational institutions in Thika, Kiambu County, such as Mount Kenya University,

continue to face significant cybersecurity challenges. These institutions are vulnerable to

cyberattacks, data breaches, and unauthorized access due to limited financial resources,

inadequate security infrastructure, and a shortage of trained cybersecurity professionals

(Wachira, 2022). As the frequency and sophistication of cyber threats increase, there is a

pressing need to evaluate the effectiveness of the current cybersecurity measures in place at

Mount Kenya University. The gap in understanding how well these security protocols mitigate

incidents like phishing, malware, and data theft poses a risk to the institution’s data integrity and

operational continuity (Njuguna, 2021). Addressing this problem is essential to ensuring that the

university’s systems are secure and capable of handling the evolving cyber threats in today’s

digital landscape.

1.3 Purpose of the Study

a) To establish the relationship between Cybersecurity Measures and the Frequency of

Security Incidents at Mount Kenya University.

b) To investigate how the implementation of Cybersecurity Measures affects the Frequency

of Security Incidents within the university.

c) To analyze the effectiveness of existing Cybersecurity Measures in mitigating the

Frequency of Security Incidents in educational institutions.

5
 d) To identify gaps in current Cybersecurity Measures that may contribute to the Frequency

of Security Incidents at Mount Kenya University.

e) To compare the impact of different Cybersecurity Measures on the reduction of Security

Incidents over time at Mount Kenya University.

1.4 Objectives of the Study

I) To establish the relationship between Cybersecurity Measures and the Frequency of

Security Incidents at Mount Kenya University.

II) To investigate how the Frequency of Security Incidents influences the effectiveness of

Cybersecurity Measures in mitigating threats.

III) To identify the underlying factors contributing to the Frequency of Security Incidents at

Mount Kenya University.

IV) To evaluate the effectiveness of current Cybersecurity Measures in preventing or

reducing the Frequency of Security Incidents at the university.

V) To examine the role of employee training in improving the effectiveness of

Cybersecurity Measures at Mount Kenya University.

VI) To determine the impact of technological advancements on the Frequency of Security

Incidents in the university's systems.

VII) To assess the relationship between institutional Cybersecurity Policies and the

Frequency of Security Incidents at Mount Kenya University.

VIII) To investigate the role of external threats, such as hackers and malware, in

contributing to the Frequency of Security Incidents.

IX) To identify best practices in Cybersecurity that correlate with a reduction in the

Frequency of Security Incidents at the university.

6
 X) To explore the cost implications of Cybersecurity Measures and how they affect the

Frequency and Severity of Security Incidents at Mount Kenya University.

1.5 Research Questions

i. What is the relationship between cybersecurity measures and the frequency of security

incidents at Mount Kenya University?

ii. How does the frequency of security incidents impact the effectiveness of cybersecurity

measures implemented at the university?

iii. What are the underlying causes of the frequency of security incidents in educational

institutions, particularly at Mount Kenya University?

iv. How effective are current cybersecurity measures in reducing the frequency of security

incidents at Mount Kenya University?

v. What role does employee training play in the effectiveness of cybersecurity measures at

the university?

vi. How do technological advancements affect the frequency of security incidents at Mount

Kenya University?

vii. What is the relationship between institutional cybersecurity policies and the frequency

of security incidents at Mount Kenya University?

viii. How do external threats (e.g., hackers, malware) influence the frequency of

security incidents at Mount Kenya University?

ix. What best practices in cybersecurity are associated with a lower frequency of security

incidents at Mount Kenya University?

x. What are the cost implications of cybersecurity measures on the frequency and severity

of security incidents at Mount Kenya University?

7
1.6 Hypothesis of the Study

The primary aim of this study is to assess the relationship between cybersecurity measures and

the frequency of security incidents at Mount Kenya University. Based on previous studies, many

researchers suggest that effective cybersecurity measures lead to a reduction in security incidents

(Sharma et al., 2021). However, this study adopts a null hypothesis to test the assumption.

H₀ (Null Hypothesis):

There is no statistically significant relationship between the implementation of cybersecurity

measures and the frequency of security incidents at Mount Kenya University.

This null hypothesis posits that despite the implementation of cybersecurity strategies, the

frequency of security incidents remains unaffected. It is grounded in the assumption that other

external factors, such as evolving cyber threats, human error, or the limitations of cybersecurity

measures, might negate the impact of such protocols (Graham et al., 2019). Testing this

hypothesis will provide a clear understanding of the effectiveness of the existing cybersecurity

framework and whether any modifications are required to reduce security breaches.

1.7 Significance of the Study

This study is significant in several ways, particularly in addressing the growing concern over

cybersecurity in educational institutions such as Mount Kenya University. Firstly, the study

provides critical insights into the relationship between cybersecurity measures and the frequency

of security incidents. By exploring this relationship, the research aims to fill existing gaps in

understanding how effective current cybersecurity protocols are in mitigating threats. This will

be useful not only to the university but also to other academic institutions that face similar risks

(Sharma et al., 2021).

8
Secondly, the study will help Mount Kenya University and similar institutions evaluate the

effectiveness of their cybersecurity investments. By identifying the causes and contributors to

security incidents, this research will assist institutional leaders in making data-driven decisions

on how to improve their cybersecurity infrastructure and reduce vulnerabilities (Graham et al.,

2019).

Furthermore, this research will benefit policymakers and administrators by providing

recommendations on best practices for cybersecurity. It will outline areas where employee

training, technological investments, and policy reforms are necessary to enhance security. These

findings can contribute to the development of robust cybersecurity frameworks that not only

protect institutional data but also enhance operational continuity in the digital age (Wamuyu et

al., 2021).

Finally, the research will provide practical insights for future studies in the field of cybersecurity,

offering a foundation for further investigation into the impact of external threats, technological

advancements, and institutional policies on cybersecurity incidents in educational settings.

1.8 Limitations of the Study

This study, while valuable, is subject to several limitations that may influence its outcomes.

Firstly, the scope of the research is limited to Mount Kenya University, which means that the

findings may not be generalizable to other institutions, particularly those with different

cybersecurity infrastructures or varying levels of resources (Graham et al., 2019). The study's

focus on a single university in Thika, Kiambu County, may not account for the unique challenges

faced by universities in other regions or countries, limiting the broader applicability of the

results.

9
Secondly, the rapidly evolving nature of cyber threats presents a challenge. As new technologies

and cyberattack strategies emerge, the effectiveness of the current cybersecurity measures being

assessed in this study may change over time. This time-bound factor may influence the accuracy

of the study’s findings in predicting future cybersecurity trends (Sharma et al., 2021).

Additionally, there may be constraints related to data access, as sensitive information regarding

security incidents may be withheld by the institution due to privacy and confidentiality concerns,

potentially limiting the depth of the analysis.

Moreover, the reliance on self-reported data from university staff and administrators through

questionnaires may introduce bias. Respondents may overestimate the effectiveness of existing

cybersecurity measures or underreport incidents to protect the institution’s reputation (Wamuyu

et al., 2021). Lastly, financial and technical constraints could limit the ability to implement

advanced data collection techniques, reducing the comprehensiveness of the research findings.

1.9 Assumptions of the Study

This study is based on several assumptions that are yet to be fully proven but are fundamental to

the research process. Firstly, it is assumed that the cybersecurity measures currently implemented

at Mount Kenya University have a direct influence on the frequency of security incidents. This

assumption guides the analysis of how various security protocols, such as firewalls, intrusion

detection systems, and employee training, impact the occurrence of cyberattacks (Sharma et al.,

2021).

Secondly, it is assumed that respondents, including IT personnel, administrators, and security

staff, will provide accurate and honest information regarding the effectiveness of the

cybersecurity measures in place. The reliability of the data collected through questionnaires and

10
interviews depends on the willingness of respondents to be transparent about the institution's

cybersecurity challenges and incidents (Graham et al., 2019).

Thirdly, the study assumes that external factors, such as advancements in technology and

evolving cyber threats, play a significant role in influencing the frequency of security incidents at

Mount Kenya University. It is assumed that external threats like malware and hackers are key

contributors to the security breaches experienced at the institution (Wamuyu et al., 2021).

Lastly, it is assumed that the frequency of security incidents can be reduced through improved

cybersecurity measures, including enhanced employee training, policy reforms, and

technological investments. This assumption will be tested throughout the research to determine

the effectiveness of these interventions in mitigating security breaches.

1.10 Theoretical Framework

In this study, two key theories will be used to analyze the relationship between cybersecurity

measures and the frequency of security incidents at Mount Kenya University: Protection

Motivation Theory (PMT) and General Deterrence Theory (GDT). These theories offer a

comprehensive framework for understanding how institutions adopt and implement

cybersecurity measures to mitigate security incidents.

1.10.1 Protection Motivation Theory (PMT)

Protection Motivation Theory (PMT) was originally developed by Rogers in 1975 to explain

how individuals protect themselves from harm based on the perceived severity of a threat, the

likelihood of that threat, and the perceived efficacy of protective actions (Rogers, 1975). In the

context of cybersecurity, PMT can be applied to understand how institutions, such as Mount

Kenya University, respond to the growing threat of cyberattacks.

11
According to PMT, the decision to implement cybersecurity measures is influenced by the

perceived severity of the security incidents, the vulnerability of the institution to these threats,

and the perceived effectiveness of the protective measures being considered (Boss et al., 2015).

For example, if the university perceives cyber threats as severe and believes that security

breaches could have significant consequences for data integrity and operations, it is more likely

to adopt robust cybersecurity measures. Conversely, if the perceived efficacy of these measures

is low or if the threats are considered manageable, the institution might not prioritize

cybersecurity investments.

This theory will help explain why certain cybersecurity measures are adopted by the university

and how these measures influence the frequency of security incidents. By applying PMT, the

research will examine how the institution’s motivations for protection influence its cybersecurity

policies and practices.

1.10.2 General Deterrence Theory (GDT)

General Deterrence Theory (GDT) is based on the idea that individuals or organizations are

deterred from engaging in harmful behavior due to the fear of punishment or consequences

(Gibbs, 1975). In the context of cybersecurity, GDT suggests that the implementation of strong

cybersecurity measures can serve as a deterrent to potential attackers. By increasing the

perceived costs or risks associated with launching an attack (e.g., detection, prosecution, or

system failure), institutions can reduce the frequency of security breaches.

For Mount Kenya University, GDT implies that the deployment of robust cybersecurity

protocols—such as firewalls, encryption, and intrusion detection systems—may discourage

attackers by increasing the effort and risk involved in breaching the university’s defenses.

Additionally, the theory extends to internal deterrents, suggesting that employee training

12
programs and the enforcement of strict cybersecurity policies can discourage negligent or risky

behaviors among staff and students that could lead to security incidents (Straub & Welke, 1998).

This theory will be used to analyze how the presence of cybersecurity measures at Mount Kenya

University influences the behavior of both external and internal threats. By applying GDT, the

research will assess whether the deterrent effect of current cybersecurity measures has a

significant impact on reducing the frequency of security incidents.

13
 CHAPTER TWO: LITERATURE REVIEW

2.0 Introduction

This chapter provides a comprehensive review of existing literature related to the impact of

cybersecurity measures on the frequency of security incidents, with a particular focus on

educational institutions like Mount Kenya University. The review will cover theoretical

perspectives, previous research findings, and the key factors that influence both the effectiveness

of cybersecurity measures and the occurrence of security breaches. This chapter also aims to

identify gaps in the current body of knowledge, offering insights that will shape the research

methodology and analysis in subsequent sections.

Globally, educational institutions face increasing threats from cybercriminals as they transition

toward more digital operations. Research has shown that robust cybersecurity measures play a

critical role in mitigating security breaches, but the extent of their effectiveness remains a topic

of investigation (Sharma et al., 2021). This chapter will explore the relationship between

cybersecurity measures and security incidents, drawing on studies from various regions,

including Africa and Kenya, to provide context for this study’s specific focus on Mount Kenya

University.

In addition, the review will assess the role of employee training, technological advancements,

and institutional policies in shaping cybersecurity outcomes. The findings from the literature

review will inform the development of the study's framework and methodology.

2.1 Review of Related Literature

This section provides a detailed review of existing research related to the two core variables of

the study: cybersecurity measures and the frequency of security incidents. Each sub-section

14
corresponds to the specific objectives of the study, exploring the relationship between these

variables in various contexts and identifying gaps in the existing literature.

2.1.1 The Relationship Between Cybersecurity Measures and the Frequency of Security

Incidents

The first objective of the study is to establish the relationship between cybersecurity measures

and the frequency of security incidents. Previous research indicates a strong connection between

the two. Institutions that adopt more comprehensive cybersecurity measures, such as encryption,

multi-factor authentication, and regular software updates, typically experience fewer security

breaches (Graham et al., 2019). According to Sharma et al. (2021), cybersecurity measures like

firewalls and intrusion detection systems have been effective in reducing the overall occurrence

of cyberattacks, especially in institutions that continuously update these technologies. This

section reviews various studies that have established this relationship globally, regionally, and

locally.

2.1.2 Impact of the Frequency of Security Incidents on the Effectiveness of Cybersecurity

Measures

The second objective investigates how the frequency of security incidents affects the

effectiveness of cybersecurity measures. Research by Anderson et al. (2021) indicates that

institutions experiencing frequent security incidents are often compelled to strengthen their

cybersecurity protocols, but when incidents occur at high frequencies, these measures can

become overwhelmed, reducing their overall effectiveness. As the frequency of incidents

increases, some institutions struggle to keep up with the resources needed to maintain effective

security measures (Wamuyu et al., 2021). This section explores how institutions react to

increased security incidents and how it affects the strength of their cybersecurity frameworks.

15
2.1.3 Causes of the Frequency of Security Incidents

Understanding the causes behind the frequency of security incidents is the third objective of this

study. External factors, such as increased sophistication in malware and hacker activity, along

with internal factors like human error and lack of proper security training, contribute to the

frequency of security breaches. Kshetri (2020) argues that inadequate cybersecurity

infrastructure and underdeveloped policies in some regions leave institutions vulnerable. Muema

et al. (2021) identified internal vulnerabilities, such as inadequate staff training, as significant

contributors to breaches in Kenyan universities. This section provides a comprehensive review of

these causes.

2.1.4 Effectiveness of Current Cybersecurity Measures in Mitigating Security Incidents

The fourth objective of this study is to evaluate how well current cybersecurity measures reduce

the frequency of security incidents. Graham et al. (2019) found that cybersecurity measures such

as encryption and intrusion detection systems significantly reduce the likelihood of breaches, but

these systems must be properly maintained and updated to remain effective. Anderson et al.

(2021) highlighted that institutions with proactive cybersecurity strategies experience fewer

breaches compared to those with reactive strategies. This section reviews various studies

evaluating the effectiveness of these measures in educational institutions.

2.1.5 The Role of Employee Training in Cybersecurity Effectiveness

Employee training is a critical component of cybersecurity effectiveness, which is the fifth

objective of this study. According to Njuguna et al. (2021), educational institutions that provide

regular cybersecurity training to employees experience fewer security incidents. Training helps

staff recognize and respond to potential threats, such as phishing emails and suspicious activity.

16
This section explores how employee training and awareness programs reduce the frequency of

security breaches in educational environments.

2.1.6 Impact of Technological Advancements on the Frequency of Security Incidents

Technological advancements can both enhance cybersecurity measures and introduce new

vulnerabilities. The sixth objective of the study is to explore how emerging technologies affect

the frequency of security incidents. While artificial intelligence (AI) and machine learning (ML)

have been utilized to detect and prevent cyberattacks, their improper implementation can create

additional security risks (Sharma et al., 2021). This section reviews the literature on the impact

of technology on cybersecurity and examines how emerging technologies influence the

frequency of incidents.

2.1.7 The Relationship Between Cybersecurity Policies and the Frequency of Security

Incidents

A critical factor in preventing security incidents is the implementation and enforcement of

comprehensive cybersecurity policies. The seventh objective of the study is to assess how

institutional policies affect the frequency of security breaches. Wamuyu et al. (2021) highlighted

that institutions with well-enforced cybersecurity policies are less likely to experience frequent

breaches, as these policies establish clear guidelines on data protection and threat response. This

section reviews the role of institutional policies in mitigating cyber threats.

2.1.8 Role of External Threats in the Frequency of Security Incidents

External threats, such as hackers, malware, and ransomware attacks, are key contributors to the

frequency of security incidents. According to Kshetri (2020), educational institutions are

increasingly vulnerable to these external threats due to the sensitive data they store, such as

17
personal information, research data, and financial records. The lack of strong cybersecurity

measures and policies in many institutions makes them easy targets for cybercriminals.

Wamuyu et al. (2021) noted that institutions in developing regions, such as those in Africa, face

a higher risk of external attacks due to their relatively weak infrastructure. This section reviews

how external threats like hackers, malware, and phishing attacks impact the frequency of security

incidents in educational institutions and how these threats can be mitigated through proactive

measures.

2.1.9 Best Practices in Cybersecurity and Their Correlation with the Frequency of Security

Incidents

Best practices in cybersecurity, such as regular software updates, multi-factor authentication, and

the use of encryption, have been widely recognized as effective methods of reducing the

frequency of security incidents. Graham et al. (2019) highlighted that institutions that follow

these best practices tend to experience fewer security breaches. Regular updates ensure that

systems are protected against the latest threats, while multi-factor authentication adds an

additional layer of security. This section explores the correlation between best practices in

cybersecurity and the reduction in security incidents at educational institutions. It will also

examine how institutions that adhere to these practices are able to minimize vulnerabilities and

reduce the overall occurrence of cyberattacks.

2.1.10 Cost Implications of Cybersecurity Measures on the Frequency and Severity of

Security Incidents

The final objective of this study is to explore the cost implications of cybersecurity measures on

the frequency and severity of security incidents. While robust cybersecurity measures, such as

advanced firewalls and encryption technologies, can be costly to implement, research shows that

18
the financial impact of data breaches is often far more significant (Wamuyu et al., 2021).

Institutions that fail to invest adequately in cybersecurity measures are likely to face higher

financial costs in the long term due to the consequences of security incidents, including data

breaches and system downtime (Anderson et al., 2021). This section reviews the cost-benefit

analysis of cybersecurity measures and how investments in these systems can ultimately reduce

the financial and operational burden caused by security breaches.

19
 CHAPTER THREE: RESEARCH METHODOLOGY

3.0 Introduction

This chapter outlines the research methodology that will be employed in investigating the impact

of cybersecurity measures on the frequency of security incidents at Mount Kenya University.

The methodology provides a detailed explanation of the research design, target population,

sampling techniques, data collection methods, and data analysis procedures used in the study.

The aim of this chapter is to ensure that the research process is systematic, reliable, and

replicable. The methodology also addresses ethical considerations to guarantee that the research

adheres to academic standards and respects the rights of the participants.

The study adopts a mixed-method approach, combining both quantitative and qualitative data to

provide a comprehensive understanding of the research problem. Quantitative data will be

gathered through structured questionnaires, while qualitative insights will be collected through

interviews with key stakeholders, such as IT personnel and administrative staff. This mixed-

method approach ensures that the research captures both numerical data and in-depth

perspectives on the effectiveness of cybersecurity measures in reducing security incidents at the

university. The chapter will also describe the tools and techniques used to analyze the collected

data, ensuring that the results align with the study's objectives.

3.1 Research Design

This study will adopt a descriptive research design to investigate the impact of cybersecurity

measures on the frequency of security incidents at Mount Kenya University. A descriptive design

is appropriate for this research because it allows for the detailed exploration of current practices,

challenges, and effectiveness of cybersecurity measures in a real-world setting. According to

20
Creswell and Creswell (2018), descriptive research is useful for obtaining information about the

current status of a phenomenon and identifying relationships between variables.

The research design will involve both quantitative and qualitative approaches. The quantitative

aspect will focus on gathering numerical data through structured questionnaires to evaluate the

effectiveness of cybersecurity measures and their relationship with the frequency of security

incidents. The qualitative approach will include interviews with IT personnel and security staff to

gain insights into the perceived challenges and successes of cybersecurity implementation at the

institution.

The steps in this research design will include: defining the research problem, identifying the

population, selecting the sample, gathering data using questionnaires and interviews, and

analyzing the data. This mixed-methods approach ensures a comprehensive understanding of

how cybersecurity measures influence security incidents at the university.

3.2 Population of the Study

The population of this study will consist of key stakeholders at Mount Kenya University who are

directly or indirectly involved in the management and implementation of cybersecurity measures.

This includes IT personnel, administrative staff, security officers, and other relevant individuals

within the university's digital infrastructure. The total population for this study is estimated to be

around 150 individuals across various departments.

The primary focus will be on those who are responsible for implementing and monitoring

cybersecurity protocols, as they are likely to have the most insight into the effectiveness of the

measures and the frequency of security incidents. Additionally, administrative staff who handle

sensitive data and those involved in policy formulation related to cybersecurity will also be

21
included, as they are crucial to understanding the broader impact of security incidents on the

institution.

The study will aim to gather data from a diverse group within the university to ensure a

comprehensive understanding of how cybersecurity measures are applied and the challenges

faced in minimizing security incidents. This varied population will provide a holistic view of the

current cybersecurity landscape at the university.

Table 3. 1 : Distribution of the Total Population by Gender, Age and Department

Gender Age group Department Number of people

Male 20-30 IT 30

Female 31-40 Administration 45

Male 41-50 Security 35

Female 20-30 Administration 40

Total 150

3.3 Sample Size

The sample size for this study will consist of 50 respondents selected from the total population of

150 individuals at Mount Kenya University. This sample size is within the recommended range

of 35 to 100 respondents, which ensures a balance between gathering sufficient data for

meaningful analysis and maintaining manageability in data collection.

The 50 respondents will include a combination of IT personnel, administrative staff, and security

officers, who are directly involved in the implementation and management of cybersecurity

measures. This sample size is chosen to ensure a diverse representation of key stakeholders while

being small enough to facilitate in-depth analysis.

22
To maintain reliability and validity, the sampling method will be stratified random sampling.

This method ensures that each category of the population—IT staff, security personnel, and

administrative staff—is adequately represented in the study, providing comprehensive insights

into the cybersecurity landscape at the university.

Table 3. 2 : Sample Size and Distribution of Respondents

Department Total Population Sample Size

IT 45 15

Administration 65 20

Security 40 15

Total 150 50

3.4 Sampling Techniques

For this study, a combination of stratified random sampling and purposive sampling techniques

will be employed to select the respondents from the target population.

Table 3. 3 : Sampling Techniques Used in the Study

Sampling Techniques Description

Stratified random sampling Ensure each subgroup (IT. Admin, Security)

is represented in proportion to the size

Purposive sampling Selects specific individuals based on

expertise in cybersecurity

23
1. Stratified Random Sampling

Stratified random sampling will be used to ensure that the key groups involved in cybersecurity

management—such as IT personnel, administrative staff, and security officers—are

proportionately represented in the study. The population will be divided into these distinct strata,

and a random sample will be taken from each group. This method ensures that each subgroup is

adequately represented, providing a comprehensive view of cybersecurity measures across the

university (Saunders et al., 2019). This approach is particularly useful because cybersecurity

practices may differ between these groups, and stratified sampling will help capture these

differences.

2. Purposive Sampling

Purposive sampling will be applied to select specific respondents, such as senior IT personnel or

administrative leaders, who have specialized knowledge about the university's cybersecurity

policies and practices. These individuals are critical for understanding the institutional strategies

for mitigating cyber threats. Purposive sampling is appropriate for this part of the study because

it allows the researcher to select individuals who are most likely to provide relevant and detailed

information about cybersecurity measures and their impact on the frequency of security incidents

(Creswell & Poth, 2018).

The combination of these two techniques will ensure that the study gathers both general and

expert perspectives, leading to a more thorough understanding of cybersecurity practices at

Mount Kenya University.

3.5 Data Collection Procedures

For this study, questionnaires will be utilized as the primary method of data collection.

Questionnaires are an efficient tool for collecting large amounts of data from a diverse group of

24
respondents in a structured manner. They allow for standardized responses, making it easier to

analyze the data quantitatively.

Design of the Questionnaire

The questionnaire will be divided into three main sections:

Demographic Information: This section will collect basic information about the respondents,

such as their role in the institution (e.g., IT personnel, administrative staff, security officers),

years of experience, and involvement in cybersecurity activities.

Cybersecurity Measures: This section will focus on the respondents' perceptions and experiences

regarding the cybersecurity measures currently in place at Mount Kenya University. Respondents

will be asked to evaluate the effectiveness of various security protocols, such as firewalls,

encryption, and employee training programs. A Likert scale will be used to gauge their level of

agreement with statements regarding the effectiveness of these measures (e.g., "The current

cybersecurity measures at the university are effective in reducing security incidents").

Frequency of Security Incidents: This section will inquire about the frequency of security

breaches, such as hacking attempts, data theft, or system failures, that respondents have observed

or experienced. It will include both multiple-choice and open-ended questions to allow

respondents to provide detailed descriptions of specific incidents.

25
Table 3. 4 : Structure of the Questionnaire

Section Number of questions

Demographic 5

Cybersecurity 10

Frequency of security incidents 7

Gender observation 3

Total 25

Administration of the Questionnaire

The questionnaires will be distributed to the selected sample of 50 respondents via email, making

it convenient for participants to complete at their own pace. A follow-up reminder will be sent

one week after the initial distribution to encourage prompt responses. The questionnaires will be

designed using a digital platform such as Google Forms or SurveyMonkey, enabling efficient

data collection and analysis.

Advantages of Using Questionnaires

Efficiency: Questionnaires allow for data collection from a large group of respondents in a

relatively short amount of time.

Standardization: Since all respondents answer the same questions, it ensures consistency and

facilitates easier comparison of responses.

Anonymity: Respondents may feel more comfortable providing honest answers due to the

anonymity that questionnaires offer.

26
Overall, the use of questionnaires will ensure that a broad range of perspectives is gathered from

key stakeholders, providing both quantitative data and valuable insights into the effectiveness of

cybersecurity measures at Mount Kenya University.

3.6 Data Analysis Procedures

This study will employ a quantitative data analysis approach to analyze the data collected

through the questionnaires. Since the study primarily seeks to understand the relationship

between cybersecurity measures and the frequency of security incidents, quantitative analysis is

the most appropriate method for handling the numerical data derived from the structured

responses in the questionnaires.

Justification for Quantitative Analysis

Quantitative analysis is suitable for this study because:

Standardization: The structured format of the questionnaire allows for the collection of

standardized responses that can be quantified, making it easier to identify trends, relationships,

and patterns in the data.

Objective Analysis: Quantitative data provides an objective way to assess the effectiveness of

cybersecurity measures and their impact on the frequency of security incidents by using

statistical tools to analyze the responses.

Statistical Techniques: The data will be analyzed using descriptive statistics such as mean,

frequency, and percentages to summarize the respondents' perceptions of cybersecurity

effectiveness. Additionally, inferential statistical methods, such as correlation analysis, will be

employed to examine the relationship between cybersecurity measures and the frequency of

security incidents.

27
Process of Data Analysis

Data Cleaning: Before analysis, the data collected through the questionnaires will be reviewed to

ensure there are no missing or inconsistent responses. Any incomplete data will be handled by

either excluding it from the analysis or using statistical methods to estimate missing values.

Descriptive Statistics: This will include calculating the frequencies, percentages, and means to

summarize the demographic characteristics of the respondents, as well as their responses

regarding the effectiveness of cybersecurity measures and the frequency of security incidents.

Correlation Analysis: This technique will be used to explore the strength and direction of the

relationship between the implementation of cybersecurity measures and the frequency of security

incidents. A Pearson correlation coefficient will be calculated to determine whether a significant

relationship exists between these two variables.

The results of the quantitative analysis will provide clear, objective data that can be used to

assess the effectiveness of current cybersecurity measures and identify any gaps that may exist.

By using quantitative analysis, the study will generate reliable data that can support

recommendations for improving cybersecurity practices at Mount Kenya University.

3.7 Ethical Considerations

This study will uphold the highest ethical standards to ensure the protection of the rights and

well-being of all participants involved. Ethical considerations are critical in ensuring that the

research is conducted with integrity and that the findings are credible, reliable, and respectful of

the participants' privacy and confidentiality.

Confidentiality and Anonymity

All information provided by the respondents will be treated with strict confidentiality. The

identities of the participants will not be disclosed, and their responses will remain anonymous

28
throughout the research process. Personal information will be coded and securely stored to

ensure that it cannot be traced back to the individuals who provided the data. Access to the data

will be restricted to the researcher and, if necessary, the supervisor overseeing the study.

Voluntary Participation

Participation in this study is entirely voluntary. Respondents will be informed about the purpose

of the research, the data collection methods, and the type of information being requested from

them. They will also be informed that they have the right to withdraw from the study at any point

without facing any negative consequences. By ensuring voluntary participation, the research

adheres to the ethical principle of autonomy, respecting the respondents' right to make an

informed decision about their involvement.

Right to Quality Research

The research will be conducted professionally, with careful attention to the validity and

reliability of the data. All participants have the right to expect that the research will be of high

quality, with a clear methodology, accurate data collection, and a thorough analysis of the

results. The findings will contribute meaningfully to the field of cybersecurity, specifically in

understanding how security measures influence the frequency of security incidents at Mount

Kenya University.

Avoiding Bias

The research will be designed and conducted to avoid any form of bias. The questions in the

questionnaire will be neutrally phrased to ensure that respondents provide honest, unbiased

answers. The researcher will avoid leading questions or any form of influence that could affect

the responses. Additionally, the data analysis will be conducted objectively, ensuring that the

29
findings reflect the actual data collected rather than the researcher's personal opinions or

expectations.

Safety and Benefits

This research is expected to benefit several groups:

Mount Kenya University will benefit from the findings, as the study will provide actionable

insights into the effectiveness of their current cybersecurity measures and identify areas for

improvement.

Educational Institutions in general may benefit from the recommendations derived from the

study, which could guide other universities in enhancing their cybersecurity practices.

Policy Makers may also use the findings to inform decisions about creating or updating

cybersecurity policies to safeguard institutional data.

In terms of safety, no physical harm or discomfort will come to the participants during the study,

as the data collection involves only questionnaires. Psychological safety is also considered, with

participants assured that their responses will remain confidential and that they will not face any

repercussions for their opinions or feedback.

By adhering to these ethical guidelines, this study ensures that it is conducted responsibly,

respects participants' rights, and provides credible, useful outcomes for Mount Kenya University

and the broader academic community.

30
 REFERENCES

Anderson et al., 2021; Graham et al., 2019; Kshetri, 2020; Muema et al., 2021; Njuguna et al.,

2021; Sharma et al., 2021; Wamuyu et al., 2021)

Anderson, 2022; Graham & David, 2019; Kshetri, 2018; Sharma, 2021; Thompson & Davies,

2020)

Anderson, C. (2022). Cybersecurity in educational institutions: Evolving threats and solutions.

Journal of Information Security, 15(2), 45-60.

Anderson, C.. Cybersecurity in educational institutions: Evolving threats and solutions. Journal

of Information Security, 15, 45-60.

Asamoah, J.. Cybersecurity challenges in Africa: The state of the digital economy. Journal of

African Studies, 9, 78-95.

Boss et al., 2015; Gibbs, 1975; Rogers, 1975; Straub & Welke, 1998)

Communications Authority of Kenya.. Kenya cybersecurity report. Government Press.

Creswell, J. W., & Creswell, J. D. (2018). Research design: Qualitative, quantitative, and mixed

methods approaches (5th ed.). Sage Publications.

Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design: Choosing among

five approaches (4th ed.). Sage Publications.

Graham & David, 2019; Sharma et al., 2021; Wamuyu et al., 2021)

Graham, M., & David, S. (2019). Protecting data in corporate environments: The role of

cybersecurity measures. International Journal of Cybersecurity, 8(3), 102-115.

Graham, M., & David, S.. Protecting data in corporate environments: The role of cybersecurity

measures. International Journal of Cybersecurity, 8, 102-115.

31
Kshetri, N.. Cybersecurity and digital development in Africa. International Journal of

Technology, 7, 45-59.

Muema, A.. The role of cybersecurity in Kenya’s education sector. Cybersecurity Review, 10,

34-50.

Njuguna, R.. Digital education and cybersecurity risks: A study of Thika's institutions. Journal of

Educational Technology, 12, 25-42.

Saunders, M., Lewis, P., & Thornhill, A. (2019). Research methods for business students (8th

ed.). Pearson.

Sharma, R. (2021). Educational institutions and cyber-attacks: Assessing the risk and

strengthening defenses. Journal of Cybersecurity and Data Protection, 10(1), 29-40.

Sharma, R., et al. (2021). Educational institutions and cyber-attacks: Assessing the risk and

strengthening defenses. Journal of Cybersecurity and Data Protection, 10(1), 29-40.

Sharma, R.. Educational institutions and cyber-attacks: Assessing the risk and strengthening

defenses. Journal of Cybersecurity and Data Protection, 10, 29-40.

Wachira, M.. Challenges of cybersecurity in Kenya’s digital education system: The case of

Mount Kenya University. Journal of Information Systems, 14, 52-66.

Wamuyu, P.. Kenya’s cybersecurity framework: Progress, challenges, and the way forward.

African Journal of Technology and Innovation, 8, 66-80.

32
 APPENDICES

Appendix 1: Sample Questionnaire

Section A: Demographic Information

What is your gender?

☐ Male

☐ Female

☐ Prefer not to say

What is your age group?

☐ 20-30

☐ 31-40

☐ 41-50

☐ 51 and above

Which department are you part of?

☐ IT Department

☐ Administration

☐ Security Department

☐ Other (please specify): ________

How many years of experience do you have in this field?

☐ 1-3 years

☐ 4-6 years

33
☐ 7-10 years

☐ Over 10 years

Section B: Cybersecurity Measures

Which cybersecurity measures are currently implemented at Mount Kenya University? (Select

all that apply)

☐ Firewalls

☐ Data Encryption

☐ Multi-Factor Authentication (MFA)

☐ Antivirus/Anti-malware Software

☐ Regular Security Audits

☐ Employee Training Programs

☐ Other (please specify):

How effective do you find these cybersecurity measures?

☐ Very Effective

☐ Effective

☐ Neutral

☐ Ineffective

☐ Very Ineffective

How often are cybersecurity protocols updated or reviewed at the university?

☐ Weekly

34
☐ Monthly

☐ Quarterly

☐ Annually

☐ Don’t Know

Have you received cybersecurity training as part of your role?

☐ Yes

☐ No

If yes, how effective was the training in enhancing your understanding of cybersecurity risks?

☐ Very Effective

☐ Effective

☐ Neutral

☐ Ineffective

☐ Very Ineffective

35
Section C: Frequency of Security Incidents

Have you experienced or been aware of any security incidents (e.g., phishing attacks, malware

infections) in the past year?

☐ Yes

☐ No

If yes, which type of incidents have occurred? (Select all that apply)

☐ Phishing Attacks

☐ Malware Infections

☐ Data Breaches

☐ Ransomware Attacks

☐ Unauthorized Access

☐ Distributed Denial of Service (DDoS) Attacks

☐ Other (please specify): ________

How frequently do security incidents occur at the university?

☐ Once a week

☐ Once a month

☐ Once every three months

☐ Once a year

☐ Rarely/Never

What do you believe is the primary cause of these security incidents?

36
☐ External Threats (e.g., hackers, malware)

☐ Internal Vulnerabilities (e.g., poor cybersecurity practices)

☐ Lack of Employee Training

☐ Inadequate Cybersecurity Measures

☐ Other (please specify):

37