Abstract:
This study developed a model to determine the Cyber Security Human Vulnerability Exposure Index (CSHVEI) for Microfinance Institutions (MFIs) in Nairobi County, Kenya. While people are a critical component of organizational security, they often represent the most significant vulnerability. An integrative literature review identified key human factor vulnerabilities, which were consolidated into three core variables: human error, negligence, and ignorance. A survey was administered to 132 respondents from 52 MFIs, achieving an 85% response rate (n=112). The collected data was analyzed using Spearman's rank correlation and multiple linear regression. The regression analysis produced a highly significant model (F(3,108) = 341.184, p < .05) that explained 90.2% of the variance in the CSHVEI (Adjusted R² = .902).The resulting formula, CSHVEI = -0.062 + (0.167 × Human Error) + (0.539 × Negligence) +(0.324 × Ignorance), was implemented and validated via a web-based prototype. The study concludes that negligence is the most weighted factor influencing human vulnerability. The model provides MFIs with a tool to quantify their human factor exposure, enabling targeted interventions to strengthen their overall cybersecurity posture.