Abstract
Organisations implementing cybersecurity awareness (CSA) should strive to positively change employees’ attitudes and behaviours. In practice, though, most of such initiatives only manage to increase employees’ knowledge. In cybersecurity, knowledge on its own will have no significanst value unless it is used to guide decisions and inspire actions.This study, therefore, has investigated the attributes that could influence and contribute to positive changes in employees’ cybersecurity behaviours. The study used a literature review for questionnaire design and then employed the Delphi method with 22 experts, which consequently identified seven such attributes. These attributes are as follows: i) obtain senior management support and participation in CSA activities; ii) consider CSA as a continuous process that needs to be updated and improved on a regular basis; iii) cultivate and spread ‘cybersecurity’ as a norm in the organisation; iv) encourage cybersecurity activities and behaviours through incentives; v) craft and use persuasive CSA messages; vi) employ innovative and effective approaches to disseminate CSA messages; and vii) recommend security activities that are achievable and pertinent for the audience.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
