Abstract
The importance of user behaviour in the cybersecurity domain is widely acknowledged. Users face cyberthreats such as phishing and fraud daily, both at work and in their private use of technology. Using training interventions to improve users’ knowledge, awareness, and behaviour is a widely accepted approach to improving the security posture of users. Research into cybersecurity training has traditionally assumed that users are provided such training as members of an organization. However, users in their private capacity are expected to cater for their own security. This research addresses this gap with a survey where 1437 Swedish adults participated. Willingness to adopt and pay for different cybersecurity training types was measured. The included types were; training delivered to users in a context where the training is of direct relevance, eLearning and game-based training. The participants were most willing to adopt and pay for contextual training, while eLearning was the second most favoured training type. We also measured if willingness to pay and adopt cybersecurity training was impacted by the participant’s worry about various cyber threats. Surprisingly, no meaningful correlation was found, suggesting that something else than worry mediates willingness to adopt and pay for cybersecurity training.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
NIST: Framework for Improving Critical Infrastructure Cybersecurity. cited 20201230; Available from: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf (2018)
ISO/IEC: ISO/IEC 27001:2017 (2017)
Aldawood, H., Skinner, G.: Educating and raising awareness on cyber security social engineering: a literature review (2019)
Hu, S., Hsu, C., Zhou, Z.: Security education, training, and awareness programs: literature review. J. Comput. Inf. Syst. 1–13 (2021).
Chowdhury, N., Gkioulos, V.: Cyber security training for critical infrastructure protection: a literature review. Comput. Sci. Rev. 40, 100361 (2021)
Klimburg-Witjes, N., Wentland, A.: Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Sci. Technol. Human Values 46(6), 1316–1339 (2021)
Lain, D., Kostiainen, K., Capkun, S.: Phishing in organizations: findings from a large-scale and long-term study. arXiv preprint arXiv:2112.07498 (2021)
Al-Daeef, M.M., Basir, N., Saudi, M.M.: Security awareness training: a review. In: Proceedings of the World Congress on Engineering (2017)
Nagarajan, A., Allbeck, J.M., Sood, A., Janssen, T.L.: Exploring game design for cybersecurity training. In: 2012 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER). IEEE (2012)
Christopher, L., Choo, K.-K., Dehghantanha, A.: Honeypots for employee information security awareness and education training: a conceptual EASY training model. In: Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, pp. 111–129. Elsevier (2017)
Kävrestad, J., Nohlberg, M.: Evaluation strategies for cybersecurity training methods: a literature review. In: Furnell, S., Clarke, N. (eds.) HAISA 2021. IAICT, vol. 613, pp. 102–112. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81111-2_9
Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: An exploratory study of current information security training and awareness practices in organizations (2018)
He, W., Zhang, Z.: Enterprise cybersecurity training and awareness programs: recommendations for success. J. Organ. Comput. Electron. Commer. 29(4), 249–257 (2019)
Dahabiyeh, L.: Factors affecting organizational adoption and acceptance of computer-based security awareness training tools. Inf. Comput. Secur. (2021)
Amanowicz, M.: Towards building national cybersecurity awareness. Int. J. Electron. Telecommun. 66(2), 321–326 (2020)
Van Steen, T., Norris, E., Atha, K., Joinson, A.: What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use? J. Cybersecur. 6(1) (2020)
Joshi, A., Kale, S., Chandel, S., Pal, D.K.: Likert scale: explored and explained. Curr. J. Appl. Sci. Technol. 396–403 (2015)
Miller, R., Banerjee, N.K., Banerjee, S.: Within-system and cross-system behavior-based biometric authentication in virtual reality (2020)
Fowler Jr, F.J.: Survey research methods. Sage Publications (2013)
Henry, G.T.: Practical Sampling, vol. 21. Sage (1990)
Tavakol, M., Dennick, R.: Making sense of Cronbach’s alpha. Int. J. Med. Educ. 2, 53 (2011)
Park, E., Cho, M., Ki, C.-S.: Correct use of repeated measures analysis of variance. Korean J. Lab. Med. 29(1), 1–9 (2009)
Asuero, A.G., Sayago, A., Gonzalez, A.: The correlation coefficient: an overview. Crit. Rev. Anal. Chem. 36(1), 41–59 (2006)
Rahimi, B., Nadri, H., Afshar, H.L., Timpka, T.: A systematic review of the technology acceptance model in health informatics. Appl. Clin. Inform. 9(3), 604 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kävrestad, J., Gellerstedt, M., Nohlberg, M., Rambusch, J. (2022). Survey of Users’ Willingness to Adopt and Pay for Cybersecurity Training. In: Clarke, N., Furnell, S. (eds) Human Aspects of Information Security and Assurance. HAISA 2022. IFIP Advances in Information and Communication Technology, vol 658. Springer, Cham. https://doi.org/10.1007/978-3-031-12172-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-12172-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-12171-5
Online ISBN: 978-3-031-12172-2
eBook Packages: Computer ScienceComputer Science (R0)
