Effects on employees’ information security abilities by e-learning

The purpose of this paper is to measure and discuss the effects of an e-learning tool aiming at improving the information security knowledge, awareness, and behaviour of employees. Design/methodology/approach – The intervention study has a pre- and post-assessment of knowledge and attitudes among employees. In total, 1,897 employees responded to a survey before and after the intervention. The population is divided into an intervention group and a control group, where the only thing that separates the groups is participation in the intervention (i.e. the e-learning tool). Findings – The study documents significant short-time improvements in security knowledge, awareness, and behavior of members of the intervention group. Research limitations/implications – The study looks at short-time effects of the intervention. The paper has done a follow-up study of the long-term effects, which is also submitted to Information Management & Computer Security. Practical implications – The study can document that software that support Information Security Awareness programs have a short-time effect on employees’ knowledge, behaviour, and awareness; more interventions studies, following the same principles as presented in this paper, of other user-directed measures are needed, to test and document the effects of different measures. Originality/value – The paper is innovative in the area of information security research as it shows how the effects of an information security intervention can be measured.