Human-Centric Cybersecurity Training: Examining the Effectiveness of Human-Centric Approaches to Cybersecurity Training Compared to Traditional Methods, Focusing on Behavior Change
DOI:
https://doi.org/10.70619/vol5iss12pp51-68-697Keywords:
Human-Centric Training, Cybersecurity Behavior, Employee Engagement, Knowledge Retention, Phishing Resilience, Secure Behavior AdoptionAbstract
This paper explores the effectiveness of human-centric cybersecurity training compared to traditional methods in driving meaningful behavior change among employees. Using a quasi-experimental design, participants were divided into two groups: one receiving human-centric training that incorporated gamification, simulations, and adaptive learning, and the other undergoing traditional lecture-based training. The study measured key metrics, including engagement, knowledge retention, secure behavior adoption, self-efficacy, and phishing resilience, both pre- and post-training. Results reveal that the human-centric approach significantly outperformed traditional methods, with 85% engagement (compared to 50%), 75% knowledge retention (compared to 40%), and 68% secure behavior adoption (compared to 30%). Phishing resilience improved to 88% for the human-centric group, while the traditional group stagnated at 65%. Qualitative insights from participant interviews further emphasized the higher engagement, relevance, and applicability of human-centric training. These findings underscore the critical need for organizations to move beyond conventional training models and adopt innovative, behavior-driven strategies that empower employees as active defenders against cyber threats. This study provides actionable insights into the future of cybersecurity training, advocating for approaches that combine education with engagement to promote resilient and security-conscious workplaces.
References
Alotaibi, A., Alharthi, A., & Alzahrani, S. (2023). Gamification in cybersecurity education: Enhancing awareness and engagement through interactive learning. Journal of Cybersecurity Education, 15(4), 221–243.
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003.
Anwar, M., He, W., & Ash, I. (2022). Adaptive cybersecurity training systems: A systematic review. Information & Management, 59(3), 103497.
Bada, M., & Nurse, J. R. C. (2019). The human factor in cybersecurity: Understanding the role of behavioral science. Computers & Security, 79, 101660.
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cybersecurity awareness campaigns: Why do they fail to change behavior? Computers & Security, 83, 101654.
Furnell, S., Thomson, M., & Parsons, K. (2020). The challenges of cybersecurity awareness and training. Information & Computer Security, 28(1), 2–16.
Hadlington, L., Binder, J., & Stanulewicz, N. (2022). The role of self-efficacy in cybersecurity behavior: A systematic review. Computers in Human Behavior, 136, 107372.
Ifinedo, P. (2020). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 84, 102115.
Ifinedo, P., & Vega, C. (2022). The effectiveness of gamification in cybersecurity awareness training: A meta-analysis. Journal of Information Systems Education, 33(2), 123–137.
Jenkins, J. L., Durcikova, A., & Burns, M. B. (2020). Forget the fluff: Examining how media richness and interactivity affect employee training effectiveness. Journal of Cybersecurity Education, Research and Practice, 2020(1), 1.
Jenkins, J. L., Durcikova, A., & Burns, M. B. (2021). Forget the fluff: Examining how microlearning affects cybersecurity competency. Journal of Cybersecurity Education, 2021(1), 1–15.
Ng, B. Y., Kankanhalli, A., & Xu, Y. (2021). Applying the Health Belief Model to cybersecurity behavior. Information & Management, 58(3), 103433.
Parsons, K., McCormac, A., Butavicius, M., & Pattinson, M. (2021). Phishing for the truth: A systematic review of simulation-based training. Frontiers in Psychology, 12, 634186.
Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2019). A meta-analysis of studies on protection motivation theory and information security behavior. International Journal of Information Security and Privacy, 13(1), 91–110.
Tschakert, N., & Ngamsuriyaroj, S. (2019). Effectiveness of security awareness training for non-experts: A systematic review. Computers & Security, 84, 372–389.
Tsohou, A., Katsikeas, S., & Karyda, M. (2022). Personalization in cybersecurity training: Enhancing employee engagement and retention. Computers in Human Behavior, 132, 107252.
Verizon. (2022). 2022 Data Breach Investigations Report. Verizon Enterprise. Retrieved October 20, 2023.
Vishwanath, A., Herath, T., & Rao, H. R. (2021). Cybersecurity training effectiveness: A collaborative approach. Information Systems Frontiers, 23(2), 451–469.
Vishwanath, A., Neo, L. S., Goh, P., & Lee, S. (2020). Cybersecurity hygiene: The role of perceived barriers in secure behavior adoption. Computers & Security, 92, 101847.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Osondu Kelechukwu, Jonathan Ngugi, Djuma Sumbiri
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
