TY - JOUR
T1 - Driving behaviour change with cybersecurity awareness
AU - Chaudhary, Sunil
N1 - Funding Information:
The author would like to thank Jozef Vyskoc (VaF, Slovakia), Marco Crabu (ABI Lab, Italy), Christine Jamieson (TDL, Belgium), and David Goodman (TDL, Belgium) for reviewing the reports submitted to CyberSec4Europe. He would also acknowledge the assistance of Eleni Berki (JYU, Finland), Juri Valtanen (TAU, Finland), Vasileios Gkioulos (NTNU, Norway), and Marko Kompara (UM, Slovenia), who helped in reaching out to experts for the Delphi method. Finally, he would express his gratitude to each expert who participated in the Delphi survey.
Publisher Copyright:
© 2024 The Author(s)
PY - 2024/7/1
Y1 - 2024/7/1
N2 - Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees’ attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees’ knowledge. In cybersecurity, knowledge on its own will have no significanst value unless it is used to guide decisions and inspire actions. This study, therefore, has investigated the attributes that could influence and contribute to positive changes in employees’ cybersecurity behaviours. The study used a literature review for questionnaire design and then employed the Delphi method with 22 experts, which consequently identified seven such attributes. These attributes are as follows: i) obtain senior management support and participation in CSA activities; ii) consider CSA as a continuous process that needs to be updated and improved on a regular basis; iii) cultivate and spread ‘cybersecurity’ as a norm in the organisation; iv) encourage cybersecurity activities and behaviours through incentives; v) craft and use persuasive CSA messages; vi) employ innovative and effective approaches to disseminate CSA messages; and vii) recommend security activities that are achievable and pertinent for the audience.
AB - Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees’ attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees’ knowledge. In cybersecurity, knowledge on its own will have no significanst value unless it is used to guide decisions and inspire actions. This study, therefore, has investigated the attributes that could influence and contribute to positive changes in employees’ cybersecurity behaviours. The study used a literature review for questionnaire design and then employed the Delphi method with 22 experts, which consequently identified seven such attributes. These attributes are as follows: i) obtain senior management support and participation in CSA activities; ii) consider CSA as a continuous process that needs to be updated and improved on a regular basis; iii) cultivate and spread ‘cybersecurity’ as a norm in the organisation; iv) encourage cybersecurity activities and behaviours through incentives; v) craft and use persuasive CSA messages; vi) employ innovative and effective approaches to disseminate CSA messages; and vii) recommend security activities that are achievable and pertinent for the audience.
KW - attributes influencing security behaviour
KW - cybersecurity awareness
KW - cybersecurity behaviour change
KW - Delphi method
KW - literature review
U2 - 10.1016/j.cose.2024.103858
DO - 10.1016/j.cose.2024.103858
M3 - Article
SN - 0167-4048
VL - 142
SP - 1
EP - 15
JO - Computers and Security
JF - Computers and Security
M1 - 103858
ER -