Influence of awareness and training on cyber security

This article presents the results of a study to determine the impact of a cyber threat education and awareness intervention on changes in user security behavior. Subjects were randomly assigned to one of two introductory lectures about cyber threats due to poor password management. The low-information condition was based on very general background information on passwords and computer security, while the high-information condition included very detailed and specific information on the threats to subjects’ use of e-commerce. The pre/post-treatment design was a single, between-subjects factor (information level–low/high), repeated measures study, with password strength at Time 1 and password strength at Time 2 used to measure change in security behavior over a period of two weeks. The study found that at Time 1, participants possessed no significant differences in the strength of their passwords. Two weeks later, the password strength of the participants in the low-information condition was not statistically different than their initial levels, while subjects in the high-information condition demonstrated password ratings 36 percent stronger (t = 17.0, p = .000). It is concluded that when users were educated of the threats to e-commerce and trained about proper security practices, their behavior could be changed to enhance online security for themselves and the firms where they are employed.