Evaluating protection motivation based cybersecurity awareness training on Kirkpatrick's Model

Abstract

ContextCybersecurity behavioral literature has a significant number of studies on training and awareness. However, there is lack of theoretical underpinnings in developing intervention to allow for positive behavioral change and evaluating them. The evaluation of theory based cybersecurity training warrants the use of program evaluation techniques. ObjectiveThe protection motivation theory (PMT) was employed to understand the behavioral change after the implementation of cybersecurity training. The evaluation was done on three levels of Kirkpatrick's evaluation model – reaction, learning and behavior. MethodA pre-post quasi experimental design was adopted in this research. A total of 154 undergraduate students from computing and digital arts backgrounds took part in the research. ResultsThe results of the study showed that the PMT based training was effective in increasing the threat knowledge of the students along with the increase in information of countermeasure strategies. From the two components of the PMT, self-efficacy was found to be the significant predictor of the cybersecurity behavioral intention in both pre-test and post-test PMT models. The cybersecurity training increased the self-efficacy of the students significantly and contributed towards cybersecurity behavioral intention change. The findings of this study imply that in designing the cybersecurity trainings, educators should dominantly take into account the self-efficacy component of the PMT.