Driving behaviour change with cybersecurity awareness

Sunil Chaudhary*

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees’ attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees’ knowledge. In cybersecurity, knowledge on its own will have no significanst value unless it is used to guide decisions and inspire actions. This study, therefore, has investigated the attributes that could influence and contribute to positive changes in employees’ cybersecurity behaviours. The study used a literature review for questionnaire design and then employed the Delphi method with 22 experts, which consequently identified seven such attributes. These attributes are as follows: i) obtain senior management support and participation in CSA activities; ii) consider CSA as a continuous process that needs to be updated and improved on a regular basis; iii) cultivate and spread ‘cybersecurity’ as a norm in the organisation; iv) encourage cybersecurity activities and behaviours through incentives; v) craft and use persuasive CSA messages; vi) employ innovative and effective approaches to disseminate CSA messages; and vii) recommend security activities that are achievable and pertinent for the audience.
Original languageEnglish
Article number103858
Pages (from-to)1-15
JournalComputers and Security
Volume142
DOIs
Publication statusPublished - 1 Jul 2024

Keywords

  • attributes influencing security behaviour
  • cybersecurity awareness
  • cybersecurity behaviour change
  • Delphi method
  • literature review

Fingerprint

Dive into the research topics of 'Driving behaviour change with cybersecurity awareness'. Together they form a unique fingerprint.

Cite this