Motivating Cybersecurity Awareness within an Organisation : An explorative study from an awareness practitioner’s perspective

Abstract: Security awareness has been a popular topic in the last few years for both information systems researchers and organisations. News broadcasts has brought attention to the increase in cyber-attacks, with these reports noting that a significant number of these breaches have been caused by human error, linked to employee’s lack of engagement with their organisations security policies and awareness campaigns. Whilst there is existing research in human factorsand the barriers of security behaviours effect on cybersecurity awareness; in practice we know very little about how employees can be motivated to engage in cybersecurity awareness programs. This study aims to explore how information security practitioners motivate interest in cybersecurity awareness. It does this through an exploratory case study approach using qualitative data collected from in-depth interviews of four cybersecurity awareness practitioners that were conducted. From an application perspective, the findings suggest that these practitioners do use a variety of techniques to motivate employee interest in cybersecurity awareness. The study identified four factors used by practitioners to motivate cybersecurity awareness which are 1) using different engaging techniques, 2) making it personable & relatable, 3) utilising leadership commitment and 4) embracing technical controls. This paper discusses these factors and implications for practitioners.