Improving employees’ intellectual capacity for cybersecurity through evidence-based malware training

Abstract

Purpose An organization’s ability to successfully manage intellectual capital is determined by the actions of its employees to prevent or minimize information security incidents. To prevent more data breaches to intellectual capital, organizations must provide regular cybersecurity awareness training for all personnel. The purpose of this paper is to investigate the effect of different evidence-based cybersecurity training methods on employees’ cybersecurity risk perception and self-reported behavior. Design/methodology/approach The study participants were randomly assigned into four groups (i.e. malware report, malware videos, both malware report and malware videos and no interventions) to assess the effects of cybersecurity training on their perceptions of vulnerability, severity, self-efficacy, security intention as well as their self-reported cybersecurity behaviors. Findings The results show that evidence-based malware report is a relatively better training method in affecting employees’ intentions of engaging in recommended cybersecurity behaviors comparing with the other training methods used in this study. A closer analysis suggests whether the training method contains self-relevant information could make a difference to the training effects. Originality/value This paper reports an in-depth investigation on how different evidence-based cybersecurity training methods impact employees’ perceptions of susceptibility, severity, self-efficacy, security intention as well as on their self-reported cybersecurity behaviors.