International Journal of Safety and Security Engineering 
Vol. 13, No. 1, February, 2023, pp. 97-106 
Journal homepage: http://iieta.org/journals/ijsse 
Information Security in the Banking Sector: A Systematic Literature Review on Current 
Trends, Issues, and Challenges 
Alfredo Leonidas Vasquez Ubaldo1 , Vanessa Yeny Gutierrez Barreto1 , Juan Andres Berrios Albines1 , 
Laberiano Andrade-Arenas2 , Roberto Santiago Bellido-García3*  
1 Facultad de Ingeniería y Negocios, Universidad Privada Norbert Wiener, Lima 15046, Perú 
2 Facultad de Ingeniería, Universidad Tecnológica del Perú, Lima 15046, Perú 
3 Postgraduate School, Universidad San Ignacio de Loyola, Lima 15024, Perú 
Corresponding Author Email: roberto.bellido@epg.usil.pe
https://doi.org/10.18280/ijsse.130111 ABSTRACT 
Received: 31 December 2022 In recent years, information security has become a very important aspect, since it creates 
Accepted: 10 January 2023 serious trouble for organizations that do not take it into consideration. In this regard, it 
was detected that many entities in the banking sector experience multiple problems that 
Keywords: are mainly related to the way in which they protect their data, so it is necessary to pay 
banking sector, bibliometric analysis, close attention to this issue. For this reason, in this investigation it was decided to carry 
cyberattacks, information security, PRISMA, out a systematic review of the literature, obtaining 2,787 articles through searches in 
systematic literature review electronic databases. Likewise, the PRISMA method was used, which allowed the 
identification of 15 relevant articles to form the synthesis of the investigation. In the same 
way, a bibliometric analysis was carried out, which allowed knowing the gaps in 
knowledge. Finally, in the conclusions emphasis is placed on several aspects; for example, 
it is highlighted that cybercriminals constantly attack the banking sector and it is 
mentioned that all the research questions posed were successfully answered. 
1. INTRODUCTION are not easy to meet. According to the authors [9], the domain 
of information security requires a multidisciplinary knowledge 
As is well known, companies have different assets, such as of a large amount of information, experience, and skill. In 
infrastructure, machinery, cash, and means of transportation; consequence, not having this multidisciplinary knowledge 
however, the asset that sometimes goes unnoticed is makes the fight of companies against risks, vulnerabilities, and 
information [1, 2]. In this sense, information, both physical threats more difficult. 
and digital, plays a very important role in s, since, if they are Also, it should not be forgotten that, with the growing 
not managed properly, they will be vulnerable to various risks popularity of the Internet and its services, there is an increase 
that could lead to their end [3]. In consequence, s must manage in information security threats, such as social engineering, 
their information efficiently to continue struggling to achieve malware, and hacking, of which some users may not be aware 
their proposed objectives. [10]. Additionally, while many different security methods, 
Following the above, to satisfactorily protect the such as intrusion detection systems and antivirus software, are 
information, human, al and technological aspects play a used to protect IT systems from different attacks, the 
central integrating role in the security of this important asset. information security threat landscape continues to rapidly 
In other words, these aspects are critically important and evolve and attackers are putting more effort into developing 
closely related [4]. Likewise, most companies choose to invest sophisticated and advanced malware and hacking methods 
in information systems as a tool for the proper management of [11]. Therefore, it is evident that there is an urgency on the part 
their data. in order to make good strategic decisions that help of companies to take new measures to face the wide variety of 
them position themselves in the market, seek excellence in forms that cyberattacks are adopting. 
their operations, venture into new models of business, reach In another line, there is little evidence that users are aware 
more customers and suppliers, and gain a competitive of the threats and forms of protection that revolve around 
advantage over their competitors [5]. Therefore, it is evident information security, as well as that they practice mechanisms 
that there is a concern for the efficient management of to deal with this problem [12-14]. In addition, there is evidence 
information within companies since it is a challenge that they that users have difficulty understanding information security 
must overcome to move forward. threats, as well as not knowing what to use and how to react to 
But information management is not just about the correct them [15-17]. In short, it is important that users are fully 
use of data. It is also about the security of this valuable asset. prepared to face the threats that revolve around information 
In this sense, information security seeks to protect the security. 
information assets of companies from any unauthorized access, On the other hand, it is necessary to mention the banking 
disclosure, or infringement [6]. It focuses on managing the sector, which is an integral part of the economy. It plays a 
various risks that threaten data confidentiality, integrity, and fundamental role in the well-being of the economy since a 
availability, these three being its goals [7, 8]. But these goals weak banking sector not only becomes a threat to maintaining 
97
a sustainable economy in the long term but can also trigger the presentation of their reports [28]. Likewise, the PRISMA 
financial instability that can lead to economic problems [18]. method helps a lot in conducting SLR studies because it has a 
Therefore, the banking sector is crucial since it greatly set of steps that allow exhaustively collecting all possible 
influences the course of the economy of each country in the scientific production and analyzing the evidence in detail. 
world. In this sense, entities in this sector must always take Therefore, it can be proven that the PRISMA method is 
measures to safeguard their assets. applicable to analyze this type of problem, since it allows 
The banking sector suffers many cases of cyberattacks. For organizing the literature found from start to finish by means of 
this reason, banks invest heavily in cybersecurity, with large an algorithm. 
budgets devoted to protecting their hardware and software [19]. 
Nevertheless, banking systems are susceptible to cyberattacks 2.3 Research questions 
in several ways. This issue is due to the large number of access 
channels they provide and the economic gain obtained by the As part of the process of this systematic literature review 
cybercriminal who successfully attacks [20]. But the problem study, it was decided to formulate some research questions to 
does not end here. Due to the development of digital fill the knowledge gaps. These research questions can be 
technology, this problem is also reflected in online banking, observed in Table 1. 
where the personal data of users in the banking sector have 
become more vulnerable to fraudulent attacks, so this problem Table 1. Research questions 
requires the study and active use of new tools to protect 
everyone. confidential customer information [21]. In this sense, Codes Denominations 
it is not enough for banks to invest only in ways to protect their What are the most recurring cyberattacks that threaten RQ1 
hardware and software, as information threats are acquiring information security in the banking sector? 
more entry points over time. Therefore, it is important to What are the most transcendental factors that favor RQ2 
constantly update and look for new mechanisms to safeguard information insecurity in the banking sector? 
What is the biggest negative impact generated by 
all information, with the aim of providing secure banking RQ3 
information insecurity in the banking sector? 
services to customers. 
What are the most effective and feasible strategies that 
Based on everything mentioned above, it is justified that this RQ4 counter information insecurity in the banking sector? 
study is very important since it aims to respond to the 
knowledge gaps, concerning information security in the 2.4 Eligibility criteria 
banking sector, through the research questions raised. 
Likewise, the aim of this study is to present a systematic For the development of this study, eligibility criteria 
literature review in the field of information security that (inclusion and exclusion) were applied. These eligibility 
identifies the trends, issues, and challenges that revolve around criteria can be observed in Table 2. 
the banking sector, worldwide today. 
Table 2. Eligibility criteria 
2. METHODOLOGY Criteria Codes Descriptions 
Papers related to information security in 
For this research, it was decided to carry out a systematic IC1 the banking sector. 
literature review regarding information security in the banking IC2 Papers published between 2018 and 2022. 
Inclusion 
sector. Likewise, it was decided to use the PRISMA method IC3 Papers published in the English language. 
during the process. In the same way, it was decided to carry IC4 Papers of primary studies. 
out a bibliometric analysis to complement the study by giving IC5 Papers with full-text available. 
it a quantitative approach. Papers not related to information security EC1 
in the banking sector. 
2.1 Study type Papers not published between 2018 and EC2 
2022. 
Exclusion 
Papers not published in the English 
A systematic literature review (SLR) is a tool used to assess EC3 
language. 
and interpret all available research related to a particular 
EC4 Papers of secondary and tertiary studies. 
research question, topic area, or phenomenon of interest [22]. 
EC5 Papers without full-text available. 
Likewise, SLR studies aim to identify relevant primary 
documents, extract the required data, and analyze and 2.5 Information sources 
synthesize results to obtain a broader and deeper view of the 
investigated domain [23]. Additionally, regarding the To carry out the collection of articles for this RSL, we chose 
usefulness of conducting SLR studies, there are several recent to use electronic databases that are reliable and known in the 
investigations [23-27], which show the benefits of this study academic community. These selected information sources can 
type. In consequence, the importance of carrying out this SLR be observed in Figure 1. 
study lies in the need to know in depth about the state of 
information security in the banking sector. 
2.2 Methodological approach 
PRISMA (Preferred Reporting Items for Systematic 
Reviews and Meta-Analyses) is a method created in 2009 to 
help authors of systematic reviews and meta-analyses improve 
Figure 1. Information sources 
98
2.6 Search strategy production of topics and areas of knowledge are analyzed, but 
 also of authors and journals, and with periods of years and 
As a search strategy for this systematic review of the predetermined databases. Therefore, it is notorious that 
literature, we chose to use a formula that contains the terms VOSviewer is a very convenient tool for performing 
closest to the research, together with Boolean operators. bibliometric analysis. 
• ("information security" OR "information  
insecurity" OR "computer security" OR "cyber  
security" OR "cybersecurity" OR "cyber attack" 3. RESULTS 
OR "cyberattack" OR "cyber attacks" OR  
"cyberattacks" OR "cyber threat" OR In this section, all the results of the RSL are explained. 
"cyberthreat" OR "cyber threats" OR  
"cyberthreats") AND ("banking sector" OR 3.1 About the search of studies 
"banking industry" OR "financial sector" OR  
"financial industry" OR "bank" OR "banks" OR From the searches in electronic databases, 2,787 papers 
"banking entity" OR "banking entities" OR related to the topic of this research were identified and 
"financial entity" OR "financial entities" OR analyzed. Of this number of studies collected, 1,379 were 
"banking system") found in Dimensions; 246, in PubMed; and 1,162, in Scopus. 
 In addition, it is worth mentioning that the search was 
2.7 Study selection process performed several times as the study progressed and ended on 
 December 31, 2022. These search results of studies can be 
The study selection process is divided into 4 phases: observed in Figure 2. 
  
2.7.1 Identification 
It is the phase in which it is determined how many studies 
were identified in total, both through the search in databases 
and through the search in other sources. 
 
2.7.2 Screening 
It is the phase in which a preliminary selection of the studies 
is carried out, since those articles that will probably serve to 
fulfill the purposes of the investigation are distinguished. 
 
2.7.3 Eligibility 
It is the phase in which those studies that meet the necessary  
 
conditions to be accepted and form part of the investigation are 
Figure 2. Search results of studies 
analyzed. 
 
 
3.2 About the selection of studies 
2.7.4 Inclusion 
 
It is the phase in which the accepted studies that will be part 
Of the 2,787 studies obtained, 129 duplicate articles were 
of the research synthesis (both qualitative and quantitative) are 
eliminated, leaving 2,658. Subsequently, 1,981 studies were 
obtained. 
excluded and 677 remained. Finally, after an exhaustive 
 
review with particular criteria, 662 articles were eliminated 
2.8 Bibliometric analysis 
 and only 15 remained, which were selected to form part of the 
Bibliometrics is the mathematical and statistical analysis of qualitative synthesis of this study. Likewise, the 2,787 studies 
bibliographic records [29]. It is used to make intellectual links obtained at the beginning will form part of the quantitative 
between articles and keywords, in order to get an overview of synthesis. This selection process can be observed in Figure 3. 
emerging trends and potential research opportunities [30, 31].  
In this sense, it is very important to add bibliometrics to  
research because it helps to identify gaps in knowledge. 3.3 About the designation of studies 
The bibliometric analysis focuses on analyzing statistical  
data related to each other [32]. It is an approach to measuring, Based on the articles selected to be part of this SLR study, 
tracking, and analyzing academic literature through a set of it was decided to designate which ones would help answer 
quantitative methods [33]. each research question. This relevance of studies to research 
On the other hand, it was decided to use VOSviewer, which questions can be observed in Table 3. 
is a program that is freely available. It is a software that allows  
to build and visualize bibliometric maps. In the same way, it Table 3. Designation of studies 
allows to visualize each map made in several different ways,  
changing its appearance. In addition, it has a viewer and zoom, Questions Numbers of studies Designated studies 
RQ1 7 [43-49] 
scroll, and search functions that facilitate the detailed 
RQ2 5 [20, 46, 50-52] 
visualization of the maps [34]. Additionally, regarding the use 
RQ3 2 [43, 53] 
of this computer program, there are several recent 
RQ4 5 [20, 21, 50, 54, 55] 
investigations [35-42], where not only the scientific 
 
 
99
 
 
Figure 3. Search results of studies 
 
 
 
Figure 4. Network visualization 
 
3.4 About the bibliometric analysis larger the term, the larger the circle. This network visualization 
 can be observed in Figure 4. 
Based on the 2,787 studies found, the bibliometric analysis Referring to Figure 4, the node groups made up of green, 
was carried out with the help of the VOSviewer software. blue and red clusters stand out more. The respective 
 interpretations of these groups of nodes are described below: 
3.4.1 Network visualization • Green Cluster Nodegroup: Has its biggest point in 
This graph shows the weight of the themes, being that the security of data. It is closely related to other topics, 
 
100
such as risk assessment, information security topics, such as confidentiality, privacy, humans, 
awareness, security breaches, regulatory algorithm, standards, and data management. 
compliance, human resource management, and  
computer networks. 3.4.2 Overlay visualization 
• Blue Cluster Nodegroup: Has its biggest point in This graph shows the evolution of terms over time. This 
network security. It is closely related to other overlay visualization can be observed in Figure 5. 
topics, such as personal computing, machine Referring to Figure 5, it can be observed that the colors of 
learning, intrusion detection, detection systems, the clusters vary in relation to the evolution of their terms over 
credit card fraud, and data mining. time. It is visualized that the yellow clusters are the ones that 
• Red Cluster Nodegroup: Has its biggest spike in have had the greatest evolution in recent years, due to the fact 
computer security. It is closely related to other that they have had a greater number of scientific productions. 
 
 
 
Figure 5. Overlay visualization 
 
 
 
Figure 6. Density visualization 
 
101
3.4.3 Density visualization distributed denial-of-service (DDoS) is another cyberattack 
This graph shows the item density visualization, next to the that commonly threatens information security in banks. 
group density visualization. This density visualization can be From another approach, the study [45] indicates that 
observed in Figure 6. malware is a highly preferred way for cybercriminals to attack 
Referring to Figure 6, the density of the keywords obtained banks and other financial institutions. In addition, this study 
from the bibliometric analysis can be observed. It is visualized mentions that malware is a cyberattack that has evolved to 
that the yellow areas represent the importance and concurrence great levels, acquiring new forms, such as the use of encrypted 
of investigations related to information security in the banking payloads and obfuscation techniques, making it difficult to 
sector. Meanwhile, in the other areas of lower density, the detect. 
terms referring to the main themes are located. In this sense, In another line, the study [46], which was strictly based on 
the words "security of data" is the most predominant of all. the Hungarian financial sector, found that phishing and denial-
Likewise, "humans", "network security", "cyber security" and of-service (DoS) are the most common cyberattacks in that 
"computer security" also stand out, observing a relationship country. In addition, it can be verified that phishing is indeed 
between information security and the human part. a very common term in relation to this subject, due to the 
 bibliometric analysis carried out, which can be observed in 
3.5 Proposed model Figure 4, Figure 5, and Figure 6. 
 Seen in another way, the study [47] also mentions phishing; 
Apart from everything previously presented, for this however, cyberstalking, hacking, cross-site scripting (XSS) 
investigation it was decided to develop a model that helps and denial-of-service (DoS) are other very popular 
companies belonging to the banking sector in the face of the cyberattacks in the banking sector. 
increase in threats to information security. This proposed Similarly, the study [48] is yet another piece of research that 
model can be observed in Figure 7. mentions phishing. In this regard, this study indicates that 
 phishing has become one of the most common methods to 
commit fraudulent acts since it allows the theft of passwords 
and other confidential data by deceiving the victims. 
Lastly, the study [49] warns that cybercriminals use 
malware-based tools or tactics, as well as distributed denial-
of-service (DDoS), phishing, and trojans to breach the security 
 of banking systems and commit illegal acts. 
 Based on the studies presented above, it is evident that 
Figure 7. Proposed model: APVA cycle phishing is one of the main cyberattacks that threaten the  
 security of information in the banking sector. Therefore, in 
The proposed model was applied in an industrial company. this research, banking entities are urged to take preventive 
In this regard, before and after the application was compared, measures in this regard, in order to avoid negative impacts in 
considering the update, protection, surveillance and action, the future. 
which are part of the cycle of the proposed model. Likewise, a  
survey was carried out among the managers involved in the 4.1.2 RQ2: What are the most transcendental factors that favor 
company in question, obtaining a significant improvement (in information insecurity in the banking sector? 
percentages) among the results. This improvement can be The study [20] indicates that banking security systems must 
observed in Table 4. be designed very carefully, considering many different factors 
 in the process, not only internal to the banking infrastructure 
Table 4. Applicability of the proposed model but also external systems (such as the procedures of the 
 telecom operator). 
Cycles Start Final On the other side, the study [46] identified inadequate 
Actualization 40% 75% physical security, which refers to the protection of ICT 
Protection 28% 63% systems. In addition, it mentions that physical access to the 
Vigilance 37% 71% 
ICT infrastructure by third parties generates risks of 
Action 39% 81% 
destruction or theft of its elements, risks of attacks on 
 
communication connections and conversations, and even the 
 
takeover of ICT systems. Likewise, it indicates that the risk of 
4. DISCUSSIONS 
the supply chain must be taken into account, referring to 
 
criminals who try to insert malware into ICT systems through 
In this section, it is intended to answer the research 
the access supply chain. 
questions posed, as well as address other equally important 
From another perspective, the study [50] exposes that the 
aspects. 
technological measures of the banks have been insufficient to 
 
handle the attacks on cybersecurity. Likewise, this study 
4.1 About the research questions 
mentions that the fact that banks have unethical or unethical 
 
employees makes it more likely that the number of attacks 
4.1.1 RQ1: What are the most recurring cyberattacks that 
within them will increase. 
threaten information security in the banking sector? 
From another approach, the study [51] identified 27 
The study [43] mentions that data breaches and fraud have 
associated factors, of which 5 stand out as the most critical to 
increased, especially in the banking, healthcare, and 
consider. The first is the lack of a backup electric generator, of 
government sectors. In this sense, it is stated that phishing is a 
which it is indicated that not having at least one creates 
threat that has gained great relevance. 
vulnerability in the digital infrastructure. This is followed by 
From another perspective, the study [44] exposes that 
102
failures in firewall protection, lack of information security various attacks. Likewise, this study recommends that banks 
audits, lack of encryption control management, and lack of hire people willing to accept innovation and change, especially 
protection of the true identity of users, in that order. when implementing strategic technology and cybersecurity 
Lastly, the study [52] mentions that there is a lack of plans. 
awareness about information security on the part of the In another instance, the study [54] argues that paperless 
employees of the entities belonging to the banking sector. office technology is a strategy that not only makes it possible 
Based on the studies presented above, it is evident that there to secure information and financial transactions, but also to 
are many factors related to both physical and digital security. optimize labor costs, minimize operational risks, and many 
In this regard, it is necessary for banking entities to consider other benefits. In addition, it mentions other strategies that also 
both aspects when taking preventive measures, in order to help in information security and provide more benefits. These 
avoid a host of negative impacts that may appear. strategies are social engineering, which helps prevent 
 embezzlement of funds from customer accounts; biometric 
4.1.3 RQ3: What is the biggest negative impact generated by identification, which helps prevent and block threats; 
information insecurity in the banking sector? information security psychology, which allows testing the 
The insecurity of information has negative consequences of processes of identification and timely response to suspicious 
different kinds. For example, the study [43] mentions that files, calls, and messages; and RegTech and SupTech, which 
cyberattacks allow cybercriminals to steal financial data are regulatory and supervisory technologies that enable banks 
through access to machines and networks. However, none of to comply with state regulatory requirements faster, more 
these consequences would be the biggest negative impact that efficiently, and with minimal risk and cost. 
a company can have due to the insecurity of information. In Seen in another way, the study [55] indicates that proactive 
this regard, the study [53] maintains that the breach in behavior and collaboration among all the actors directly 
information security is quite reflected in the economy of the involved in the financial industry is of the utmost importance 
company because cyberattacks cause problems mainly in to discover new emerging risks and the measures and 
operations. Therefore, this is reflected in the company's loss of regulations to be adopted to mitigate them. It also mentions 
money, often in excess of millions of dollars. other measures that entities in the banking sector must apply, 
Based on the studies presented above, it is evident that the such as constantly updating themselves on technological 
most common negative impact caused by cyberattacks in the advances and continuing to invest in cybersecurity. 
banking sector is reflected in the economy of the company. Based on the studies presented above, it is evident that 
However, none of the studies mention points about the prestige security methods are important since they allow the protection 
of entities in the banking sector, as well as other negative of banking systems from various threats. However, none of the 
impacts. investigations found mention other strategies, such as the use 
 of antivirus and constant password changes. For this reason, it 
4.1.4 RQ4: What are the most effective strategies to protect is essential that banking entities be at the forefront with respect 
information security in the banking sector? to new strategies to safeguard information. 
The study [20] indicates that banking security systems need  
to be designed very carefully, considering many different 4.2 About the proposed model 
factors in the process, not only within the banking  
infrastructure but also outside of it. In addition, this study The proposed model presented in Figure 7 was called 
mentions more aspects related to how to improve banking "APVA Cycle (Actualization-Protection-Vigilance-Action)" 
security, among them that biometrics could be very useful to and consists of 4 stages. Regarding this proposed model, it is 
reconcile security and ergonomics; It also exposes other explained below: 
strategies that could help to significantly increase the level of  
security, such as introducing software and hardware tokens 4.2.1 Actualization 
and using biometric channels. It is the phase where the entities of the banking sector must 
In another line, the study [21], in which both the be constantly updated on the new modalities of cyberattacks 
international and Russian contexts were examined, maintains and new solution alternatives so that they are prepared for 
that biometrics is a very helpful tool in the security of threats. 
information in the banking sector. However, this study  
mentions that the introduction of biometric identification 4.2.2 Protection 
systems also entails aspects and risks of use to consider. It is the phase in which entities in the banking sector must 
Furthermore, this study raises the importance of increasing the take preventive measures in terms of hardware and software 
transparency of the data provided by banking entities and since this would prevent many latent threats. 
indicates that measures must be taken to minimize the risk of  
unauthorized transactions, such as improving the financial 4.2.3 Vigilance 
situation of people, for example. It is the phase in which employees of banking sector entities 
From another perspective, the study [50] exposes that the must carefully observe if there are signs of attacks on 
fact that banks have employees with temperance traits helps information security in order to take appropriate measures. 
prevent cybersecurity breaches within them since temperance  
promotes ethical behavior. Likewise, it indicates that this 4.2.4 Action 
ethical behavior can be identified through a personnel It is the phase in which entities in the banking sector must 
selection process or a background investigation that interprets take timely measures as soon as vulnerabilities to information 
its approach to ethical challenges; therefore, examining the security are detected, in order to avoid negative impacts. 
ethical behaviors of employees helps to understand how to  
improve cybersecurity and can make banks more resilient to  
 
103
5. CONCLUSIONS https://doi.org/10.2307/j.ctvndv9kx 
 [6] Ghazvini, A., Shukur, Z., Hood, Z. (2018). Review of 
In this paper, a systematic literature review on current trends, information security policy based on content coverage 
issues, and challenges that revolve around information and online presentation in higher education. International 
security in the banking sector was presented. In this regard, Journal of Advanced Computer Science and Applications, 
after systematically recognizing and reviewing 15 primary 9(8): 410-423 
studies of many relevant papers in this domain, great results https://doi.org/10.14569/IJACSA.2018.090853 
were obtained. According to the findings obtained in this [7] Tripton, H.F., Krause, M. (2007). Information Security 
research, it is concluded that the banking sector presents great Management Handbook, sixth edition (6th ed.). CRC 
vulnerabilities in the protection of its information. It was Press. 
evidenced that cybercrime is increasing since cybercriminals [8] Merkow, M.S., Breithaupt, J. (2014). Information 
constantly devise new practices to illegally access information security: Principles and practices, second edition (2nd 
from entities belonging to the banking sector. ed.). Pearson Education. 
Based on the research questions answered, it is concluded [9] Whitman, M.E., Mattord, H.J. (2012). Principles of 
that phishing is a very popular type of cyberattack in the Information Security, fourth edition (4th ed.). Cengage 
banking sector. In addition, it was identified that there are Learning. 
physical and digital factors that predominate; in this sense, [10] Bawazir, M.A., Mahmud, M., Molok, N.N.A., Ibrahim, 
banks must protect both hardware and software for the sake of J. (2016). Persuasive technology for improving 
their future. Also, it is observed that the most negative impact information security awareness and behavior: Literature 
caused by cyberattacks is reflected in the economic aspect, due review. In 2016 6th International Conference on 
to the multiple problems that prevent the proper functioning of Information and Communication Technology for The 
the processes of banking entities. In the same way, it is evident Muslim World (ICT4M), Jakarta, Indonesia, pp. 228-233. 
that attacks on the information of banking entities skimp on https://doi.org/10.1109/ICT4M.2016.054 
borders, since there are cybercriminals all over the world ready [11] Alohali, M., Clarke, N., Furnell, S. (2018). The design 
to enter the system of any bank. and evaluation of a user-centric information security risk 
On the other hand, regarding the methodology used, it can assessment and response framework. International 
be observed that carrying out a systematic literature review Journal of Advanced Computer Science and Applications, 
was an ideal decision since there were too many articles in the 9(10): 148-163. 
databases. Likewise, the use of the PRISMA method helped to https://doi.org/10.14569/IJACSA.2018.091018 
systematize the studies found and the bibliometric analysis [12] Talib, S., Clarke, N.L., Furnell, S.M. (2010). An analysis 
allowed to analyze all this information in depth. of information security awareness within home and work 
In another line, the APVA model was proposed based on the environments. In 2010 International Conference on 
findings obtained, in which it is recommended how the cycle Availability, Reliability and Security, Krakow, Poland, 
of confrontation with cyberthreats by entities in the banking pp. 196-203. https://doi.org/10.1109/ARES.2010.27 
sector should be. [13] Xavier, U.H.R., Pati, B.P. (2012). Study of internet 
Finally, it is recommended that further research be carried security threats among home users. In 2012 Fourth 
out on the subject, considering emerging technologies and International Conference on Computational Aspects of 
applying the model proposed in this study. Social Networks (CASoN), Sao Carlos, Brazil, pp. 217-
 221. https://doi.org/10.1109/CASoN.2012.6412405 
 [14] Kritzinger, E., Von Solms, S.H. (2013). Home user 
REFERENCES  security-from thick security-oriented home users to thin 
 security-oriented home users. In 2013 Science and 
[1] Zhao, Q., Chen, S., Liu, Z., Baker, T., Zhang, Y. (2020). Information Conference, London, UK, pp. 340-345. 
Blockchain-based privacy-preserving remote data [15] Zaaba, Z.F., Furnell, S., Dowland, P. (2011). End-user 
integrity checking scheme for IoT information systems. perception and usability of information security. In 
Information Processing & Management, 57(6): 102355. HAISA, pp. 97-107. 
https://doi.org/10.1016/j.ipm.2020.102355 [16] Mensch, S., Wilkie, L. (2011). Information security 
[2] Zhang, X. (2021). Corporate accounting information activities of college students: An exploratory study. 
disclosure based on FPGA and neural network. Academy of Information and Management Sciences 
Microprocessors and Microsystems, 83: 103973. Journal, 14(2): 91-116. 
https://doi.org/10.1016/j.micpro.2021.103973 [17] Komatsu, A., Takagi, D., Takemura, T. (2013). Human 
[3] Meneses, F.E.G., Segura, D.F.C. (2010). Relación de la aspects of information security: An empirical study of 
presentación de información de negocios on-line con las intentional versus actual behavior. Information 
variables financieras en las empresas colombianas. Management & Computer Security, 21(1): 5-15. 
Revista de la Facultad de Ciencias Económicas: https://doi.org/10.1108/09685221311314383 
Investigación y Reflexión, 18(1): 205-224. [18] Mhadhbi, K., Terzi, C., Bouchrika, A. (2020). Banking 
https://doi.org/10.18359/rfce.2289 sector development and economic growth in developing 
[4] Safa, N.S., Von Solms, R., Futcher, L. (2016). Human countries: a bootstrap panel Granger causality analysis. 
aspects of information security in organisations. Empirical Economics, 58(6): 2817-2836. 
Computer Fraud & Security, 2016(2): 15-18. https://doi.org/10.1007/s00181-019-01670-z 
https://doi.org/10.1016/S1361-3723(16)30017-3 [19] Hammour, R.A., Gharaibeh, Y.A., Qasaimeh, M., Al-
[5] Calder, A., Watkins, S.G. (2010). Information Security Qassas, R.S. (2019). The status of information security 
Risk Management for ISO 27001/ISO 27002, third systems in banking sector from social engineering 
edition (3rd ed.). IT Governance Publishing. perspective. In Proceedings of the Second International 
 
104
Conference on Data Science, E-Learning and A 21st century librarian's guide to bibliometrics, 
Information Systems, pp. 1-7. altmetrics, and research impact. Amer Library Assn. 
https://doi.org/10.1145/3368691.3368705 https://doi.org/10.7710/2162-3309.2290 
[20] Wodo, W., Stygar, D., Blaskiewicz, P. (2021). Security [34] Van Eck, N., Waltman, L. (2010). Software survey: 
issues of electronic and mobile banking. In SECRYPT, VOSviewer, a computer program for bibliometric 
pp. 631-638. mapping. Scientometrics, 84(2): 523-538. 
[21] Bakunova, T.V., Trofimova, E.A., Lapteva, E.V. (2019). https://doi.org/10.1007/s11192-009-0146-3 
Biometrics as a method of information security in the [35] Garcés-Gómez, Y.A., Henao-Céspedes, V. (2022). 
banking sector digitalization. In International Scientific International Journal of Electrical and Computer 
and Practical Conference on Digital Economy (ISCDE Engineering: A bibliometric analysis. International 
2019). Atlantis Press. pp. 929-934. Journal of Electrical & Computer Engineering, 12(6): 
https://doi.org/10.2991/iscde-19.2019.50 5667-5673. http://doi.org/10.11591/ijece.v12i6.pp5667-
[22] Kitchenham, B., Charters, S. (2007). Guidelines for 5673 
performing systematic literature reviews in software [36] Krauskopf, E. (2018). A bibiliometric analysis of the 
engineering. Journal of Infection and Public Health: 2008–2016. 
[23] Falade, A., Azeta, A., Oni, A., Odun-ayo, I. (2019). Journal of Infection and Public Health, 11(2): 224-229. 
Systematic literature review of crime prediction and data https://doi.org/10.1016/j.jiph.2017.12.011 
mining. Review of Computer Engineering Studies, 6(3): [37] Koo, M. (2017). A bibliometric analysis of two decades 
56-63. https://doi.org/10.18280/rces.060302 of aromatherapy research. BMC Research Notes, 10(1): 
[24] Van Dinter, R., Tekinerdogan, B., Catal, C. (2021). 1-9. https://doi.org/10.1186/s13104-016-2371-1 
Automation of systematic literature reviews: A [38] Zyoud, S.E.H., Waring, W.S., Al-Jabi, S.W., Sweileh, 
systematic literature review. Information and Software W.M. (2017). Global cocaine intoxication research 
Technology, 136: 106589. trends during 1975–2015: A bibliometric analysis of 
https://doi.org/10.1016/j.infsof.2021.106589 Web of Science publications. Substance Abuse 
[25] Siddiqui, S.A., Parahoo, S., Sadi, M.A.N., Afzal, M.N.I. Treatment, Prevention, and Policy, 12: 6. 
(2021). Rural tourism as a transformative service of https://doi.org/10.1186/s13011-017-0090-9 
community well-being: A systematic literature review. [39] Merigó, J.M., Gil-Lafuente, A.M., Kacprzyk, J. (2017). 
International Journal of Sustainable Development and A bibliometric analysis of the publications of Ronald R. 
Planning, 16(6): 1081-1090. Yager. In Granular, Soft and Fuzzy Approaches for 
https://doi.org/10.18280/ijsdp.160609 Intelligent Systems (pp. 233-248). Springer, Cham. 
[26] Weber, B., Fischer, T., Riedl, R. (2021). Brain and https://doi.org/10.1007/978-3-319-40314-4_12 
autonomic nervous system activity measurement in [40] Sweileh, W.M., Zyoud, S.E.H., Al-Jabi, S.W., Sawalha, 
software engineering: A systematic literature review. A.F., Shraim, N.Y. (2016). Drinking and recreational 
Journal of Systems and Software, 178: 110946. water-related diseases: A bibliometric analysis (1980–
https://doi.org/10.1016/j.jss.2021.110946 2015). Annals of Occupational and Environmental 
[27] Aini, N., Modjo, R., Lestari, F. (2022). Hospital Medicine, 28: 40. https://doi.org/10.1186/s40557-016-
preparedness in facing COVID-19 pandemic: A 0128-x 
systematic literature review. International Journal of [41] Mesdaghinia, A., Mahvi, A.H., Nasseri, S., Nodehi, R.N., 
Design & Nature and Ecodynamics, 17(2): 311-317. Hadi, M. (2015). A bibliometric analysis on the solid 
https://doi.org/10.18280/ijdne.170219 waste-related research from 1982 to 2013 in Iran. 
[28] Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G., International Journal of Recycling of Organic Waste in 
PRISMA Group*. (2009). Preferred reporting items for Agriculture, 4(3): 185-195. 
systematic reviews and meta-analyses: The PRISMA https://doi.org/10.1007/s40093-015-0098-y 
statement. Annals of Internal Medicine, 151(4): 264-269. [42] Zhu, Q., Kong, X., Hong, S., Li, J., He, Z. (2015). Global 
https://doi.org/10.7326/0003-4819-151-4-200908180- ontology research progress: A bibliometric analysis. 
00135 Aslib Journal of Information Management, 67(1): 27-54. 
[29] Pritchard, A. (1969). Statistical bibliography or https://doi.org/10.1108/AJIM-05-2014-0061 
bibliometrics. Journal of Documentation, 25: 348. [43] Quadir Md, A., Jaiswal, D., Daftari, J., Haneef, S., 
[30] Boyack, K.W., Klavans, R. (2010). Co-citation analysis, Iwendi, C., Jain, S.K. (2022). Efficient dynamic phishing 
bibliographic coupling, and direct citation: Which safeguard system using neural boost phishing protection. 
citation approach represents the research front most Electronics, 11(19): 3133. 
accurately? Journal of the American Society for https://doi.org/10.3390/electronics11193133 
Information Science and Technology, 61(12): 2389-2404. [44] Islam, U., Muhammad, A., Mansoor, R., Hossain Md, S., 
https://doi.org/10.1002/asi.21419 Ahmad, I., Eldin, E.T., Khan, J.A., Rehman, A.U., Shafiq, 
[31] Marchiori, D., Franco, M. (2020). Knowledge transfer in M. (2022). Detection of distributed denial of service 
the context of inter-organizational networks: (DDoS) attacks in IOT based monitoring system of 
Foundations and intellectual structures. Journal of banking sector using machine learning models. 
Innovation & Knowledge, 5(2): 130-139. Sustainability, 14(14): 8374. 
https://doi.org/10.1016/j.jik.2019.02.001 https://doi.org/10.3390/su14148374 
[32] Ellegaard, O., Wallin, J.A. (2015). The bibliometric [45] Zimba, A. (2022). A Bayesian attack-network modeling 
analysis of scholarly production: How great is the approach to mitigating malware-based banking 
impact? Scientometrics, 105(3): 1809-1831. cyberattacks. International Journal of Computer Network 
https://doi.org/10.1007/s11192-015-1645-z & Information Security, 14(1): 25-39. 
[33] Roemer, R.C., Borchardt, R. (2015). Meaningful metrics: https://doi.org/10.5815/ijcnis.2022.01.03 
 
105
[46] Somogyi, T., Nagy, R. (2022). Cyber threats and security application: FMEA and FTOPSIS analysis. PeerJ 
challenges in the Hungarian financial sector. Sodobni Computer Science, 7: e658. 
Vojaški Izzivi, 24(3): 15-30. https://doi.org/10.7717/peerj-cs.658 
https://doi.org/10.33179/BSV.99.SVI.11.CMC.24.3.1 [52] Woretaw, A., Lessa, L., Negash, S. (2019). Factors
[47] Hasan, M.F., Al-Ramadan, N.S. (2021). Cyber-attacks hindering full-fledged information security in banking
and cyber security readiness: iraqi private banks case. sector in Ethiopia: Emphasis on information security
Social Science and Humanities Journal, 5(8): 2312-2323. culture. In 25th Americas Conference on Information
[48] Revenkov, P.V., Oshmankevich, K.R., Berdyugin, A.A. Systems, AMCIS 2019, Cancún, Mexico, August 15-17,
(2021). Phishing schemes in the banking sector: 2019, pp. 1-10.
Recommendations to internet users on protection and [53] Stanikzai, A.Q., Shah, M.A. (2021). Evaluation of cyber
development of regulatory tasks. Finance: Theory and security threats in banking systems. In 2021 IEEE
Practice, 25(6): 212-226. https://doi.org/10.26794/2587- Symposium Series on Computational Intelligence (SSCI),
5671-2021-25-6-212-226 rlando, FL, USA, pp. 1-4.
[49] Tariq, N. (2018). Impact of cyberattacks on financial https://doi.org/10.1109/SSCI50451.2021.9659862
institutions. Journal of Internet Banking and Commerce, [54] Kondratyeva, M.N., Svirina, D.D., Tsvetkov, A.I. (2021).
23(2): 317. The role of information technologies in ensuring banking
[50] Ruth, N., Kituyi, M., Kaggwa, F. (2022). Establishing the security. In IOP Conference Series: Materials Science
influences of cardinal virtues on employees’ cyber and Engineering, 1047(1): 012069.
security ethical behavior in the banking sector in Uganda. https://dx.doi.org/10.1088/1757-899X/1047/1/012069
European Journal of Technology, 26(1): 1-13. [55] Boitan, I.A. (2019). Cyber security challenges through
https://doi.org/10.47672/ejt.896 the lens of financial industry. International Journal of
[51] Edu, A.S., Agoyi, M., Agozie, D. (2021). Digital security Applied Research in Management and Economics, 2(4):
vulnerabilities and threats implications for financial 33-38. https://doi.org/10.33422/ijarme.v2i4.275
institutions deploying digital technology platforms and
106