Cyber security has never been more important than it is today in an ever more connected and pervasive digital world. However, frequently reported shortages of suitably skilled and trained information system (IS)/cyber security professionals elevate the importance of delivering effective Security Education,Training and Awareness (SETA) programmes within organisations. Therefore, the purpose of this study is...
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Information security Awareness: identifying gaps in current measurement tools
This paper describes the key role of information security awareness (ISA) in organizational attempts to comply with their information security policies and mandated frameworks and regulations. The design, implementation, and evaluation of Security Education Training, and Awareness (SETA) programs rely on the definition and measurement of ISA. Reviews of the research on SETA programs have...
Fortifying healthcare: An action research approach to developing an effective SETA program
Organizations continue to use security education training and awareness (SETA) programs to reduce the number of cybersecurity incidents related to phishing. A large healthcare organization contacted the authors to share that they continued to struggle with the efficacy of their traditional training program and to ask whether we could design a better program. Using an...
A systematic review of current cybersecurity training methods
Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with...
A taxonomy of SETA methods and linkage to delivery preferences
Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific...
Investigating cyber security awareness among preservice teachers during the COVID-19 pandemic
South African institutions of higher education suffered serious disruptions during the COVID-19 pandemic which, resulted in migrating most teaching and learning activities to various online platforms, of which many depended on the open web. This has the potential to expose lecturers and students to cyber security threats and risks. As such cyber security awareness (CSA)...
Perfecting your phish simulations — The 85% sweet spot for optimal learning
I don’t normally choose Phishing as a research topic because I think the literature is saturated with insights. However, I see that many companies struggle with a few important details when it comes to Phishing simulations: What is the optimal Phishing simulation click rate and what it entails How to achieve the optimal Phishing simulation...
From compliance to impact: Tracing the transformation of an organizational security awareness Program
There is a growing recognition of the need for a transformation from organizational security awareness programs focused on compliance − measured by training completion rates − to those resulting in behavior change. However, few prior studies have begun to unpack the organizational practices of the security awareness teams tasked with executing program transformation. We conducted...
Repeat clicking: A lack of awareness is not the problem
Although phishing is the most common social engineering tactic employed by cyber criminals, not everyone is equally susceptible. An important finding emerging across several research studies on phishing is that a subset of employees is especially susceptible to social engineering tactics and is responsible for a disproportionate number of successful phishing attempts. Sometimes referred to...
Research on the effectiveness of cyber security awareness in ICS risk assessment frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social engineering attacks. This research aimed to determine the effect of cyber security awareness on the emergency response to cyber security incidents in the ICS. Additionally, this study has adopted a variety of cyber security emergency response process measures and frameworks...
Developing metrics to assess the effectiveness of cybersecurity awareness program
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...
Online safety awareness and human factors: An application of the theory of human ecology
Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...
From awareness to influence: toward a model for improving employees’ security behaviour
This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...
A systematic review of current cybersecurity training methods
Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with...
Conceptualization of a cybersecurity awareness quiz
Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game Cyber- Security Awareness Quiz provides a quiz on recent variants to make employees aware of...
Human-centric cybersecurity research: From trapping the bad guys to helping the good ones
The issue of cybersecurity has surged in importance in recent years due to numerous high-profile incidents, hacking attempts, and data breaches that have captured headlines. The continuous rise in cyber incidents suggests the need for a reevaluation of how we perceive cybersecurity and whether a shift in mindset is warranted. In essence, cybersecurity is fundamentally...
Importance of cyber security awareness and e-learning motivation for cybersecurity in reshaping the education
The widespread adoption of information and communication technologies, accelerated by the COVID-19 pandemic, has resulted in a significant surge in cyberattacks, fraud, and security threats in cyberspace. This has exposed society to a shortage of cybersecurity professionals, limited knowledge of cyber threats, and a lack of effective cybersecurity intelligence gathering and public threat awareness. This...
Locked the car, why not the computer: A qualitative and quantitative study on data safety compliance
Information technology has become an integral part of healthcare within the United Kingdom's National Health Service (NHS). All healthcare professionals are required to possess a certain level of computer knowledge and adhere to cyber ethics standards, which are maintained through regular mandatory training. The UK government has laid out a plan to enhance cybersecurity and...
Examining factors impacting the effectiveness of anti-phishing trainings
Approximately 65% of the organizations in the United States have fallen victim to a successful phishing attack. Many organizations offer anti-phishing training to their employees to defend against phishing attacks. The purpose of this study is to examine factors impacting the effectiveness of anti-phishing training and study the relationship between personality traits and phishing susceptibility....
CyberCheck.me: A review of a small to medium enterprise cybersecurity awareness program
Small to Medium Enterprises (SMEs) constitute a significant portion of a country's business activity and make a substantial contribution to the national supply chain. Despite their importance, there is a notable lack of comprehensive studies and reports that assess the cyber security readiness of SMEs. Furthermore, very few studies directly involve surveys of SMEs themselves...