Sulistio Sulistio

DOI: https://doi.org/10.33050/itee.v2i1.411

2023-10-30

Abstract:In an ever-evolving digital landscape, the imperative of robust cybersecurity measures to safeguard sensitive data, systems, and operations cannot be overstated. This research undertakes a comprehensive evaluation of the intricate factors that collectively contribute to cybersecurity effectiveness within organizational contexts. Employing the Partial Least Squares Structural Equation Modeling (PLS-SEM) methodology, this research dissect the complex relationships among pivotal constructs including Security Measures Effectiveness, Incident Response Capability, Vulnerability Management, User Training Impact, Security Policy Adherence, External Threat Mitigation, Data Protection Effectiveness, and System Resilience. Through data derived from surveys and meticulous assessments, our analysis utilizes PLS-SEM to quantitatively scrutinize how these constructs interconnect and impact the overarching goal of cybersecurity: the proactive prevention, swift detection, and effective mitigation of cyber threats. By elucidating the constructs with the most significant influence, our study not only enhances scholarly discourse but also empowers organizations to refine cybersecurity strategies, strengthen user training initiatives, and implement robust policies in alignment with the ever-adapting threat landscape. Ultimately, this research furnishes organizations with insights to bolster their cybersecurity defenses, fortify digital assets, and counteract the escalating sophistication of cyber threats.

Aristotle Onumo,Irfan Ullah-Awan,Andrea Cullen

DOI: https://doi.org/10.1145/3424282

2021-06-01

ACM Transactions on Management Information Systems

Abstract:The increase in cybersecurity threats and the challenges for organisations to protect their information technology assets has made adherence to organisational security control processes and procedures a critical issue that needs to be adequately addressed. Drawing insight from organisational theory literature, we develop a multi-theory model, combining the elements of the theory of planned behaviour, competing value framework, and technology—organisational and environmental theory to examine how the organisational mechanisms interact with espoused cultural values and employee cognitive belief to influence cybersecurity control procedures. Using a structured questionnaire, we deployed structural equation modelling (SEM) to analyse the survey data obtained from public sector information technology organisations in Nigeria to test the hypothesis on the relationship of socio-organisational mechanisms and techno-cultural factors with other key determinants of employee security behaviour. The results showed that knowledge of cybersecurity and employee cognitive belief significantly influence the employees’ intentions to comply with organisational cybersecurity control mechanisms. The research further noted that the influence of organisational elements such as leadership on employee security behaviour is mediated by espoused cultural values while the impact of employee cognitive belief is moderated by security technologies. For effective cybersecurity compliance, leaders and policymakers are therefore to promote organisational security initiatives that ensure incorporation of cybersecurity principles and practices into job descriptions, routines, and processes. This study contributes to behavioural security research by highlighting the critical role of leadership and cultural values in fostering organisational adherence to prescribed security control mechanisms.

Mansour Naser Alraja,Usman Javed Butt,Maysam Abbod

DOI: https://doi.org/10.1016/j.cose.2023.103208

IF: 5.105

2023-06-01

Computers & Security

Abstract:Information security threats have a severe negative impact on enterprises. Organizations rely on employee compliance with information security policies to eliminate or reduce these hazards. The Unified Model of Information Security Policies Compliance (UMISPC) is employed to identify the factors that may affect employees' intention towards compliance with information systems security policy and reactance in a global setting. The study was assessed in two phases. The model's validity and measurement reliability were evaluated in the first phase, while in the second phase, all preliminary model relationships were appraised. This was achieved utilizing structural equation modelling to establish whether the proposed constructs, i.e. neutralization, response efficacy, fear, threat, habit and role values were good predictors for intention or reactance towards compliance with information systems security policy. Participants included 348 employees from 7 nations, i.e. the USA, the UK, Oman, India, Pakistan, Malaysia, and the Philippines. SmartPLS v. 3.3.9 was used for data analysis. The models' measurement reliability and validity were affirmed. Fear and role values have a significant influence on intention toward ISPC. RE significantly predicted threat which in turn significantly predicted fear, and the latter demonstrated a significant effect on reactance as well as Neutralization predicted reactance. In contrast, habit failed to reach a significant influence on intention towards ISPC. The implications are presented, together with proposals for further studies. Our findings are helpful for ISS literature and application by supporting the crucial functions of role values in encouraging employees to behave in a compliant manner. Additionally, it is regarded as the first empirical attempt to estimate intended compliance concerning ISPs in higher education from a worldwide viewpoint.

computer science, information systems

Princely Ifinedo

DOI: https://doi.org/10.1080/08874417.2022.2065553

2022-04-20

Journal of Computer Information Systems

Abstract:Organizations whose employees participate in risky cybersecurity behaviors (RCySecB) could suffer disastrous consequences either directly or indirectly from actions linked to such behaviors. This study used conceptualizations facilitated by Attribution Theory to examine the effects of dispositional factors (self-control and knowledge of IS security threats/risks and their potential consequences) and situational factors (security, education, training, and awareness (SETA) programs and computer monitoring) in reducing employee participation in RCySecB. Data was collected from a survey of working professionals in India, and relevant hypotheses were formulated. The PLS technique was used for data analysis. This study investigated the direct effects of the factors on the dependent construct and analyzed the interacting effects of the constructs as well. The results indicate that all factors reduce employee participation in RCySecB. However, the joint effects of the situational factor elements and the dispositional factor of personal knowledge security threats/risks and their potential consequences were insignificant in the model.

computer science, information systems

Alex Koohang,Alojzy Nowak,Joanna Paliszkiewicz,Jeretta Horn Nord

DOI: https://doi.org/10.1080/08874417.2019.1668738

2019-12-19

Journal of Computer Information Systems

Abstract:The purpose of this study was to find out which one of the four selected predictor variables, i.e., leadership, trusting beliefs, role values, and information security policy awareness are most influential in predicting employees' intention to comply with organizational information security policy. An instrument with five constructs was administered to subjects from a higher-education university in the USA. Collected data were methodically examined through multiple regression analysis. Results indicated that all four predictor variables were influential in predicting employees' intention to comply with organizational information security policy requirements. Implications of the findings are discussed and recommendations for future research are made.

computer science, information systems

Mohammed A. Alqahtani

DOI: https://doi.org/10.3390/app12052589

2022-03-02

Applied Sciences

Abstract:One of the essential stages in increasing cyber security is implementing an effective security awareness program. This work studies the present level of security knowledge among Imam Abdulrahman Bin Faisal University college students. A module was created to assist the students in becoming more informed. The main contribution of this work is an assessment of cybersecurity awareness among the university students based on three essential aspects: password security, browser security, and social media. Numerous questions were designed and sent to them to evaluate their awareness. The current survey received as many as 450 responses with their answers. Various statistical analyses were applied to the responses, including the validity and reliability test, feasibility test of a variable, correlation test, multicollinearity test, multiple regression, and heteroskedasticity test, carried out using SPSS. Furthermore, a multiple linear regression model and coefficient of determination, a hypothesis test, ANOVA test, and a partial test using ANOVA were also carried out. The hypothesis investigated here concerns password security, browser security, and social media. The results of partial hypothesis testing using a t-test showed that the password security variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the password security variable in the multiple linear regression model was found to have a beta value of 0.147. In addition, the browser security variable significantly affects awareness, with a p-value = 0.0001. The regression coefficient of the password security variable had a beta value of 0.188. The social media activities variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the social media activities variable had a beta value of 0.241. Based on the research conducted, it is concluded that knowledge of password security, browser security, and social media activities significantly influences cybersecurity awareness in students. Overall, students have realized the importance of cybersecurity awareness.

Ahmed Alkalbani,Hepu Deng,Booi Kam

DOI: https://doi.org/10.48550/arXiv.1606.00875

2016-05-28

Computers and Society

Abstract:The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become a top priority in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees from different organizations, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance.

Sunil Chaudhary

DOI: https://doi.org/10.1016/j.cose.2024.103858

IF: 5.105

2024-04-27

Computers & Security

Abstract:Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees' attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees' knowledge. In cybersecurity, knowledge on its own will have no significant value unless it is used to guide decisions and inspire actions. This study, therefore, has investigated the attributes that could influence and contribute to positive changes in employees' cybersecurity behaviours. The study used a literature review for questionnaire design and then employed the Delphi method with 22 experts, which consequently identified seven such attributes. These attributes are as follows: i) obtain senior management support and participation in CSA activities; ii) consider CSA as a continuous process that needs to be updated and improved on a regular basis; iii) cultivate and spread 'cybersecurity' as a norm in the organisation; iv) encourage cybersecurity activities and behaviours through incentives; v) craft and use persuasive CSA messages; vi) employ innovative and effective approaches to disseminate CSA messages; and vii) recommend security activities that are achievable and pertinent for the audience.

computer science, information systems

Wenqin Li,Rongmin Liu,Linhui Sun,Zigu Guo,Jie Gao

DOI: https://doi.org/10.3390/ijerph192316038

IF: 4.614

2022-12-01

International Journal of Environmental Research and Public Health

Abstract:Employee security compliance behavior has become an important safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees' compliance with information security systems through effective methods. Based on protection motivation theory (PMT), a model of employees' intention to comply with the information security system was constructed. A questionnaire survey was adopted to obtain 224 valid data points, and SPSS 26.0 was applied to verify the hypotheses underlying the research model. Then, based on the results of a regression analysis, fuzzy set qualitative comparative analysis (fsQCA) was used to explore the conditional configurations that affect employees' intention to comply with the information security system from a holistic perspective. The empirical results demonstrated that perceived severity, perceived vulnerability, response efficacy, and self-efficacy all positively influenced the employees' intention to comply with the information security system; while rewards and response costs had a negative effect. Threat appraisal had a greater effect on employees' intention to comply with the information security system compared to response appraisal. The fsQCA results showed that individual antecedent conditions are not necessary to influence employees' intention to comply with an information security system. Seven pathways exist that influence an employees' intention to comply with an information security system, with reward, self-efficacy, and response cost being the core conditions having the highest probability of occurring in each configuration of pathways, and with perceived severity and self-efficacy appearing in the core conditions of configurations with an original coverage greater than 40%. Theoretically, this study discusses the influence of the elements of PMT on employees' intention to comply with an information security system, reveals the mechanism of influence of the combination of the influencing factors on the outcome variables, and identifies the core factors and auxiliary factors in the condition configurations, providing a new broader perspective for the study of information security compliance behavior and providing some theoretical support for strengthening enterprise security management. Practically, targeted suggestions are proposed based on the research results, to increase the intention of enterprise employees to comply with information security systems, thereby improving the effectiveness of enterprise information security management and the degree of information security in enterprises.

public, environmental & occupational health,environmental sciences

Akhyari Nasir,Ruzaini Abdullah Arshah,Mohd Rashid Ab Hamid,Syahrul Fahmy,,,,

DOI: https://doi.org/10.30880/ijie.2022.14.03.017

2022-06-20

International Journal of Integrated Engineering

Abstract:This paper examines the factors determining a positive Information Security Culture (ISC) concept and the influence of ISC towards ISP compliance intention (INT) between IT and non-IT professionals in Malaysian public universities. Partial least square structural equation modelling, using PLS MGA, is used to assess the measurement and structural models, and to compare the results between the two groups. Results indicate all factors have significant contribution towards ISC in both groups, with two out of seven ISC factors have significant differences. This study has revealed that although both groups have the same ISC factors, IT and non-IT professionals have significant difference in terms of believe that Top Management Commitment and Information Security Knowledge are required for implementing apositive ISC. In addition, there is a significant difference between these two groups in terms of the influence of ISC towards ISP compliance intention. ISC has less influence towards INT for Non-IT professionals compared to IT professionals within the same ISC. These empirical findings would benefit in formulating better security strategies by providing appropriate efforts for different groups of employees in the organizations. This study also provides a total cyber security solution for improving information security culture and employees’ compliance towards Information Security Policy.

Xue Yang,Wei T. Yue,Choon Lin Sia

DOI: https://doi.org/10.1007/978-3-642-29873-8_17

2012-01-01

Abstract:IS security policy is one of the essential tools to ensure the secure use of information systems and technological assets. To enhance the effectiveness of policy implementation, organizations rely on security training, education and awareness (STEA) programs to help employees understand the IS security issues of the organization. However, different levels of STEA informativeness may have conflicting effects on employees' compliance decisions. In addition, the urgency of a task may also lead employees to abandon the compliance decision occasionally. The existing corporate information security policy (ISP) could also serve as a deterrence message that would influence compliance decisions. An experimental survey was conducted to examine this phenomenon and test the related hypotheses. The results of this study can be used to inform and guide researchers and practitioners as to how to better enforce an IS security policy through better implementation of STEA programs and improved design of ISP in different task scenarios.

Noor Suhani Sulaiman,Muhammad Ashraf Fauzi,Walton Wider,Jegatheesan Rajadurai,Suhaidah Hussain,Siti Aminah Harun

DOI: https://doi.org/10.3390/socsci11090386

2022-08-30

Social Sciences

Abstract:Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

English Else

Inho Hwang,Robin Wakefield,Sanghyun Kim,Taeha Kim

DOI: https://doi.org/10.1080/08874417.2019.1650676

2019-08-13

Journal of Computer Information Systems

Abstract:In this study, we use the attentional phase of social learning theory to link workplace security-related experiences and observations to employees' security awareness. The responses of 398 organizational employees serve to test our research model using structural equational modeling with AMOS 22.0. The results show security awareness arises from both explicit and subjective security experiences in the workplace. Our respondents indicate knowledge of a physical system has little, if any, effect on security awareness. However, security education, policy, visibility and managerial security participation are important for producing security awareness. Furthermore, managerial participation strengthens the links between organizational security efforts and security awareness. We discuss the implications of our study for future security compliance research and practice.

computer science, information systems

Hyungjin Lukas Kim,HanByeol Stella Choi,Jinyoung Han

DOI: https://doi.org/10.1057/s41284-019-00168-8

2019-01-22

Security Journal

Abstract:Dependence on mobile and outside networks exposes businesses to information leakages by insiders, increasing the importance of information security. Consequently, companies need to implement security education training and awareness (SETA) programs, to ensure employees comply with information security policies (ISPs). The influence of supervisor leadership on the effectiveness of such programs has received little empirical attention. This study empirically analyzes the moderating role of leader power bases effect in the relationship between SETA programs and employees’ ISP compliance intention using WarpPLS 5.0. The moderating effects differ by leader power base type, and expertise, reward, and legitimate power have a positive impact on the relationship. The findings have theoretical and practical implications for the execution of SETA programs and creation of organizational environments in the context of information security.

criminology & penology

Ashraf Mady,Saurabh Gupta,Merrill Warkentin

DOI: https://doi.org/10.1111/isj.12424

IF: 7.767

2023-01-11

Information Systems Journal

Abstract:Organisations implement a variety of knowledge mechanisms such as information security education, training and awareness (SETA) programs and information security policies, to influence employees' secure behaviour. Despite increased efforts to provide information systems (IS) security knowledge to employees, data breaches and other security incidents resulting from insider behaviour continue. Recent IS security research, primarily grounded on assumptions of employees' rational assessment of numerous factors, has yielded inconsistent results. Challenging this paradigm, we model secure behaviour on security knowledge mechanisms, which focuses on the multidimensional nature of security knowledge breadth, depth and finesse to represent the full array of managerial levers. We further draw on construal level theory to conceptualise users' perceptual judgements of security messages. Two studies support our model, with the second building on the first. Study 1, an experiment with 312 participants, focused on validating the treatments. Study 2, a survey with 219 participants, validated the entire model. Results showed that our model has significantly more explanatory and predictive power than the orthodox paradigm. Our results have practical implications for optimising the organisation of knowledge mechanisms by emphasising the personal relevance of threats and defining the factors that lead to secure behaviour. We also contribute to the discourse on information security research and provide a template for integrating theories, thus opening new avenues for future research.

information science & library science

Joshua Nterful,Ibrahim Osman Adam,Muftawu Dzang Alhassan,Abdallah Abdul-Salam,Abubakar Gbambegu Umar

DOI: https://doi.org/10.1108/ics-11-2022-0174

2024-03-01

Information and Computer Security

Abstract:Purpose This paper aims to identify the critical success factors in improving information security in Ghanaian firms. Design/methodology/approach Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM). Findings The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization's internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization's information assets. Research limitations/implications The authors discussed the implications of the authors' findings for research, practice and policy. Social implications The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them. Originality/value This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

Jiaqing Zhao,Yuxiang Hong,Wenqing Chen,Chouyong Chen

DOI: https://doi.org/10.1080/08874417.2024.2403571

2024-09-19

Journal of Computer Information Systems

Abstract:Combining cognitive and affective influences, as well as considering role-breadth constructs is critical to the study of employees' information security policy (ISP) compliance. This paper presents an improved model by integrating psychological capital (PsyCap), psychological ownership (PsyOwn), and the theory of planned behavior (TPB) based on the Conservation of Resources (COR) theory. A valid sample of 382 Chinese employees was used for model testing. The results imply that PsyCap is an important motivational antecedent to the cognitive decision-making processes theorized by the TPB. Also, PsyOwn moderates the effect of PsyCap on subjective norms, along with ISP compliance attitudes and behavioral intentions. Finally, theoretical contributions and managerial implications are addressed.

computer science, information systems

Maurizio Cavallari

DOI: https://doi.org/10.36941/ajis-2023-0151

2023-11-05

Academic Journal of Interdisciplinary Studies

Abstract:In the advanced field of Information and Communication Technology (ICT) within modern corporate frameworks, the pressing issue of non-compliance becomes increasingly crucial. Achieving the ideal balance—where one fosters consistent employee commitment without resorting to overly harsh penalties for possible violations—presents a complex problem. Such a nuanced relationship calls for a synchronized coordination among the company’s underlying factors, the principles of the Information Security Plan (ISP), and overarching compliance mandates. As companies step into a period where digital environments are in constant flux, the importance of securing information systems rises to a critical level. Against this backdrop, compliance stands out as a vital component, functioning as a stringent safeguard in the ongoing mission to protect precious digital assets—a mission comprehensively detailed within the ISP. This in-depth academic study sets out to rigorously explore and scrutinize the diverse opinions and beliefs of committed employees and insightful management concerning unwavering company alignment with the ISP. This is accomplished by defining a construct that centers on key dimensions: Organizational Culture, Personal Attitudes, Actors, Behavioral Intentions, and Motivational Dynamics. Eleven Hypotheses are outlined and represent the materialisation of the model. This model form a starting point from which future empirical exploration will be able to take place, propelling us towards a deeper understanding of the phenomena under scrutiny. Received: 15 September 2023 / Accepted: 23 October 2023 / Published: 5 November 2023

Ahmed M. Asfahani

DOI: https://doi.org/10.1007/s10207-024-00859-3

2024-04-28

International Journal of Information Security

Abstract:The study aims to explore the crucial interaction between organizational responsibility and employee behavior in cybersecurity, particularly in the distinct setting of Saudi Arabia. It investigates how organizational responsibility perceptions impact employee attitudes and practices towards cybersecurity. The research utilizes a mixed theoretical framework, incorporating stewardship theory, protection motivation theory, and the theory of planned behavior. It examines the intricate link between organizational leadership, policies, and individual responses to cybersecurity threats through a comprehensive survey conducted among Saudi employees. The study discovers that employees' perceptions of organizational responsibility greatly influence their cybersecurity behavior. It also finds that employee attitudes towards cybersecurity act as a mediator in this relationship. Contrary to expectations, personal experiences with cybersecurity incidents do not significantly moderate these relationships. This underlines the complex and culture-specific nature of cybersecurity compliance in organizational contexts. This research uniquely contributes to the understanding of cybersecurity behavior within organizations, particularly highlighting the need for policies that align with both organizational objectives and individual behaviors in culturally specific environments like Saudi Arabia. It offers novel insights into the less pronounced impact of personal cybersecurity experiences on organizational-employee dynamics in cybersecurity compliance.

computer science, information systems, theory & methods, software engineering

Temitayo Oluwaseun Abrahams,Oluwatoyin Ajoke Farayola,Simon Kaggwa,Prisca Ugomma Uwaoma,Azeez Olanipekun Hassan,Samuel Onimisi Dawodu

DOI: https://doi.org/10.51594/csitrj.v5i1.708

2024-01-11

Computer Science & IT Research Journal

Abstract:As organizations continue to grapple with the escalating threat landscape of cyber-attacks, the imperative to fortify their cybersecurity defenses becomes increasingly paramount. This review delves into the critical realm of cybersecurity awareness and education programs, focusing on the pivotal factors of employee engagement and accountability. The effectiveness of these programs in cultivating a cyber-resilient workforce is scrutinized through an extensive examination of existing literature, empirical studies, and industry practices. The review begins by exploring the foundational elements of cybersecurity awareness programs, elucidating the significance of imparting knowledge and instilling a culture of vigilance among employees. It examines the diverse methodologies employed in these programs, ranging from interactive workshops and simulated phishing exercises to online modules and gamified learning platforms. A comparative analysis of these approaches sheds light on their respective strengths and limitations. A central theme of this review revolves around the nexus between employee engagement and cybersecurity resilience. It delves into the psychological and behavioral aspects of engagement, assessing how motivational factors and tailored learning experiences contribute to heightened cybersecurity awareness. The impact of organizational culture and leadership support on fostering a sense of responsibility among employees is also explored, emphasizing the need for a holistic approach that transcends mere compliance. Furthermore, the review investigates the role of accountability in sustaining the efficacy of cybersecurity initiatives. It examines the mechanisms employed by organizations to enforce adherence to security policies and protocols, emphasizing the role of robust monitoring systems, clear communication channels, and consequence management. Case studies and real-world examples are integrated to illustrate instances of successful accountability frameworks and their influence on overall cybersecurity posture. This review synthesizes key findings and identifies emerging trends in cybersecurity awareness and education programs, with a particular focus on optimizing employee engagement and fostering a culture of accountability. The insights gleaned from this analysis provide a roadmap for organizations seeking to fortify their defenses against evolving cyber threats by cultivating a vigilant and proactive workforce. Keywords: Cybersecurity, Education, Cyber threat, Employee engagement, Accountability.