Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change.

To see the latest studies from pioneering academics, scroll down.

Do one more thing right today. Subscribe to the Behave Newsletter

Filter results by

Clear all filters

Selected filters

Investigating cyber security awareness among preservice teachers during the COVID-19 pandemic

South African institutions of higher education suffered serious disruptions during the COVID-19 pandemic which, resulted in migrating most teaching and learning activities to various online platforms, of which many depended on the open web. This has the potential to expose lecturers and students to cyber security threats and risks. As such cyber security awareness (CSA)...

Perfecting your phish simulations — The 85% sweet spot for optimal learning

I don’t normally choose Phishing as a research topic because I think the literature is saturated with insights. However, I see that many companies struggle with a few important details when it comes to Phishing simulations: What is the optimal Phishing simulation click rate and what it entails How to achieve the optimal Phishing simulation...

From compliance to impact: Tracing the transformation of an organizational security awareness Program

There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance − measured by training completion rates − to those resulting in behavior change. However, few prior studies have begun to unpack the organizational practices of the security awareness teams tasked with executing program transformation. We conducted...

Repeat clicking: A lack of awareness is not the problem

Although phishing is the most common social engineering tactic employed by cyber criminals, not everyone is equally susceptible. An important finding emerging across several research studies on phishing is that a subset of employees is especially susceptible to social engineering tactics and is responsible for a disproportionate number of successful phishing attempts. Sometimes referred to...

Research on the effectiveness of cyber security awareness in ICS risk assessment frameworks

Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the ICS. Additionally, this study has adopted a variety of cyber security emergency response process measures and frameworks...

Developing metrics to assess the effectiveness of cybersecurity awareness program

Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...

Online safety awareness and human factors: An application of the theory of human ecology

Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...

From awareness to influence: toward a model for improving employees’ security behaviour

This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...

A systematic review of current cybersecurity training methods

Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with...

Conceptualization of a cybersecurity awareness quiz

Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game Cyber- Security Awareness Quiz provides a quiz on recent variants to make employees aware of...

Human-centric cybersecurity research: From trapping the bad guys to helping the good ones

The issue of cybersecurity has surged in importance in recent years due to numerous high-profile incidents, hacking attempts, and data breaches that have captured headlines. The continuous rise in cyber incidents suggests the need for a reevaluation of how we perceive cybersecurity and whether a shift in mindset is warranted. In essence, cybersecurity is fundamentally...

Importance of cyber security awareness and e-learning motivation for cybersecurity in reshaping the education

The widespread adoption of information and communication technologies, accelerated by the COVID-19 pandemic, has resulted in a significant surge in cyberattacks, fraud, and security threats in cyberspace. This has exposed society to a shortage of cybersecurity professionals, limited knowledge of cyber threats, and a lack of effective cybersecurity intelligence gathering and public threat awareness. This...

Locked the car, why not the computer: A qualitative and quantitative study on data safety compliance

Information technology has become an integral part of healthcare within the United Kingdom's National Health Service (NHS). All healthcare professionals are required to possess a certain level of computer knowledge and adhere to cyber ethics standards, which are maintained through regular mandatory training. The UK government has laid out a plan to enhance cybersecurity and...

CyberCheck.me: A review of a small to medium enterprise cybersecurity awareness program

Small to Medium Enterprises (SMEs) constitute a significant portion of a country's business activity and make a substantial contribution to the national supply chain. Despite their importance, there is a notable lack of comprehensive studies and reports that assess the cyber security readiness of SMEs. Furthermore, very few studies directly involve surveys of SMEs themselves...

Implementation of machine learning and data mining to improve cyber security and limit vulnerabilities to cyber attacks

One of the significant challenges in the realm of cyber attack detection is the scarcity of training data, which remains a formidable obstacle. Despite the utilization of established network monitoring tools like Wireshark, a vast number of individuals are still at risk due to the absence of information regarding website behaviors and features that can...

Awareness is only the first step

Improving cyber security awareness is often assumed to improve cyber security, however this paper suggests it's necessary for people to be engaged in cyber security in order to make people a robust cyber defence. The paper builds a model for engaging people in cyber secuirty, which includes awareness profiling, awareness planning, transformation and optimisation.  

Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)

This paper delves into the realm of Cyber Security Awareness Campaigns, with a specific focus on identifying critical factors that may hinder their effectiveness in driving behavioral change. Despite past and ongoing efforts to enhance information security practices and foster a secure society, the desired impact has often remained elusive. Therefore, it is essential to...