Cybersecurity Awareness Enhancement: A Study of the Effects of Age and Gender of Thai Employees Associated with Phishing Attacks.

Abstract

Cybersecurity is crucial at present because cyber threats (e.g., phishing) have become a very common occurrence in everyday life. A literature review showed that there are no studies based on cybersecurity awareness which involved a large number of Thai users. Thus, this research focused on the cybersecurity awareness of approximately 20,000 nationwide employees in a large financial institution in Thailand. The study consisted of three phases, a first phishing attack, knowledge transfer through a mixed-approach and a second phishing attack with different content. After data validation and analysis of the results, it was found that the level of cybersecurity awareness of employees improved significantly. The number of employees who opened the phishing email decreased by 71.5%. Therefore, this approach could be applied to cybersecurity enhancement in other organizations and other sectors/industries. Also, it was found that gender played a significant role in cybersecurity awareness within the Thai cybersecurity ecosystem since Thai female employees were found to have a higher level of cybersecurity awareness than male employees. Furthermore, it was found that the different generations of Thai employees (Generations Y and X and Baby Boomers) did not affect cybersecurity awareness.