Abstract
Despite the efforts to mitigate the risks posed by social media, no organisation can be completely protected from hackers. Therefore, specialists are increasingly relying on the training and education of the organisations’ workforce to prevent cyberattacks. To investigate the best training strategies available, we have conducted a survey among a large and diverse sample of employees working in various sectors, and we have interviewed people who possess expertise in policymaking and cybersecurity training—either as trainers or trainees. Our analysis reveals that the efficiency of cybersecurity training varies among individuals due to aspects such as motivation, simplicity, the expertise of the trainer, the experience of the trainee, the training environment, customisation, and the delivery methods employed. Moreover, we have concluded that cybersecurity training is contingent upon the trainees’ specific job roles within the organisation. Our findings have the potential to improve cybersecurity training, as well as the productivity of the trainers involved in its development.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Langlois, P.: The 2020 Verizon Data Breach Investigations Report (DBIR) (2020). https://www.cisecurity.org/insights/webinar/the-2020-verizon-data-breach-investigations-report-dbir
British Retail Consortium: BRC Retail Crime Survey 2015 (2015). https://brc.org.uk/media/54300/51309-4_2015_crime_survey_report_p7.pdf
Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3), 122–131 (2001)
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., Xu, L.: Gender difference and employees’ cybersecurity behaviors. Comput. Hum. Behav. 69, 437–443 (2017)
Chapple, M., Stewart, J.M., Gibson, D.: Certified Information System Security Professional (CISSP). SYBEX, ninth edition ed (2021)
Triplett, W.J.: Addressing human factors in cybersecurity leadership. J. Cybersecurity and Privacy 2(3), 573–586 (2022)
Dash, B.: An effective cybersecurity awareness training model: first defense of an organizational security strategy. International Research J. Eng. Technology (IRJET) 9(4) (2022)
Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: An exploratory study of current information security training and awareness practices in organizations. In: Proceedings of the 51st Hawaii International Conference on System Sciences, Honolulu HI, pp. 5085–5094 (2018)
ENISA: Cyber Europe 2010 Report (2011). https://www.enisa.europa.eu/publications/ce2010report/
Thakur, K., Hayajneh, T., Tseng, J.: Cyber security in social media: challenges and the way forward. IT Professional 21(2), 41–49 (2019). https://doi.org/10.1109/MITP.2018.2881373
Kaplan, A.M., Haenlein, M.: Users of the world, unite! the challenges and opportunities of social media. Bus. Horiz. 53(1), 59–68 (2010)
Ewing, M., Men, L.R., O’Neil, J.: Using social media to engage employees: insights from internal communication managers. Int. J. Strateg. Commun. 13(2), 110–132 (2019). https://doi.org/10.1080/1553118X.2019.1575830
van Steen, T., Deeleman, J.R.: Successful gamification of cybersecurity training. Cyberpsychol. Behav. Soc. Netw. 24(9), 593–598 (2021)
Sungkur, R.K., Maharaj, M.S.: Design and implementation of a smart learning environment for the upskilling of cybersecurity professionals in mauritius. Educ. Inf. Technol. 26, 3175–3201 (2021)
Haeussinger, F., Kranz, J.: Antecedents of employees’ information security awareness - review, synthesis, and directions for future research. In: European Conference on Information Systems. Guimaraes, Portugal (2017)
Furnell, S., Vasileiou, I.: Security education and awareness: just let them burn? Netw. Secur. 2017(12), 5–9 (2017)
Hadlington, L.: Employees attitudes towards cyber security and risky online behaviours: an empirical assessment in the United Kingdom. Int. J. Cyber Criminol. 12, 262–274 (2018)
Hatzivasilis, G., et al.: Modern aspects of cyber-security training and continuous adaptation of programmes to trainees. Appl. Sci. 10(16), 5702 (2020)
Pedley, D.; Borges, T.; Bollen, A.; Shah, J.N.; Donaldson, S.; Furnell, S.; Crozier, D. (2020) “Cyber Security Skills in the UK Labour Market”. URL https://www.gov.uk/government/publications/cyber-security-skills-in-the-uk-labour-market-2020
Parker, H.J., Flowerday, S.V.: Contributing factors to increased susceptibility to social media phishing attacks. South African J. Information Manage. 22, 1–10 (2020)
Nifakos, S., et al.: Influence of human factors on cyber security within healthcare organisations: a systematic review. Sensors 21(15), 5119 (2021)
Pattinson, M.R., et al.: Adapting cyber-security training to your employees. In: Proceedings of the International Symposium on Human Aspects of Information Security and Assurance (HAISA), pp. 67–79 (2018)
Schürmann, C., Jensen, L.H., Sigbjörnsdóttir, R.M.: Effective cybersecurity awareness training for election officials. In: Krimmer, R., et al. Electronic Voting. Lecture Notes in Computer Science, 12455, pp. 196–212 (2020). Springer, Cham
Zhang, Z., He, W., Li, W., Abdous, M.H.: Cybersecurity awareness training programs: a cost-benefit analysis framework. Ind. Manag. Data Syst. 121(3), 613–636 (2021)
ENISA: Good Practice Guide on Training Methodologies (2014). https://www.enisa.europa.eu/publications/good-practice-guide-on-training-methodologies
McBride, M., Carter, L., Warkentin, M.: Exploring the role of individual employee characteristics and personality on employee compliance with cybersecurity policies. RTI International-Institute for Homeland Security Solutions 5(1) (2012)
Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: Proceedings of the International Conference on Advances in Human Factors in Cybersecurity, Los Angeles, California, pp. 269–280 (2018). Springer International
Bada, M., Nurse, J.R.: Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs). Information & Computer Security 27(3), 393–410 (2019)
McKim, C.A.: The value of mixed methods research: a mixed methods study. J. Mixed Methods Res. 11(2), 202–222 (2017)
Dulock, H.L.: Research design: descriptive research. J. Pediatr. Oncol. Nurs. 10(4), 154–157 (1993)
Castro, S.: Google forms quizzes and substitution, augmentation, modification, and redefinition (samr) model integration. Issues and Trends in Educational Technol. 6(1), 4–14 (2018)
Sarfraz, M.: Developments in Information Security and Cybernetic Wars. IGI Global. ISBN: 9781522583042 (2019)
Symantec. 2018 Internet Security Threat Report. Symantec Corporation (2018)
University of Plymouth. Plymouth Ethics Online Systems (PEOS) (2023). https://apply-ethicsonlinesystem.plymouth.ac.uk/
Kuwait Central Statistical Bureau (2022). https://knoema.com/atlas/sources/csb
Calculator.net. Sample Size Calculator (2023). https://www.calculator.net/sample-size-calculator.html
De Swert, K.: Calculating inter-coder reliability in media content analysis using krippendorff’s alpha. Center for Politics and Communication 15, 1–15 (2012)
Archibald, M.M., Ambagtsheer, R.C., Casey, M.G., Lawless, M.: Using zoom videoconferencing for qualitative data collection: perceptions and experiences of researchers and participants. Int J Qual Methods 18, 1–8 (2019)
DeCuir-Gunby, J.T., et al.: Developing and using a codebook for the analysis of interview data: an example from a professional development research project. Field Methods 23(2), 136–155 (2011)
Taylor, J.J.: Confusing Stats Terms Explained: Internal Consistency (2021)
McHugh, M.L.: The chi-square test of independence. Biochemia medica 23(2), 143–149 (2013)
Ben Salamah, F., Palomino, M.A., Craven, M.J., Papadaki, M., Furnell, S.: An adaptive cybersecurity training framework for the education of social media users at work. Appl. Sci. 13(17), 9595 (2023)
Hofstede, G.: Culture’s consequences: comparing values, behaviors, institutions, and organizations across nations. Collegiate Aviation Review 34(2), 108 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 IFIP International Federation for Information Processing
About this paper
Cite this paper
Salamah, F.B., Palomino, M.A., Papadaki, M., Craven, M.J., Furnell, S. (2025). The Influence of Human Factors on Adaptive Social Media Cybersecurity Training and Education. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2024. IFIP Advances in Information and Communication Technology, vol 722. Springer, Cham. https://doi.org/10.1007/978-3-031-72563-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-72563-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-72562-3
Online ISBN: 978-3-031-72563-0
eBook Packages: Computer ScienceComputer Science (R0)