There is lots of excellent research into the human aspect of cybersecurity. We regularly add new articles to the Research Library - the world’s first globally accessible archive of research into the human aspect of cybersecurity.

However, here are a few pieces to get you started.

1. Cybersecurity Awareness

   • Date Published: 2021​
   • Author: Jason R.C. Nurse
   • Short Description: This article provides an overview of cybersecurity awareness, defining it as the understanding of cybersecurity risks, threats, and protective measures. It discusses how awareness influences security behavior and why it is a crucial component of cybersecurity strategies for individuals and organizations. The paper also explores different approaches to raising cybersecurity awareness, such as training programs, awareness campaigns, and behavioral interventions, while addressing challenges in measuring their effectiveness.

2. Cyber Security Awareness Campaigns: Why do they fail to change behaviour?

   • Date Published: 2015​
   • Authors: Maria Bada, Angela M. Sasse, Jason R.C. Nurse
   • Short Description: This paper examines the reasons behind the ineffectiveness of cybersecurity awareness campaigns in changing user behavior. It emphasizes the need to understand psychological factors influencing risk perception and behavior, suggesting that merely providing information is insufficient without addressing attitudes and intentions.

3. Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study

   • Date Published: 2022
   • Authors: Jody L. Jacobs, Julie M. Haney, Susanne M. Furman
   • Short Description: This study investigates how U.S. government organizations assess the effectiveness of their security awareness programs. It highlights a reliance on compliance metrics, such as training completion rates, and identifies challenges in measuring actual behavioral changes among employees.

4. A systematic review of current cybersecurity training methods

   • Date Published: 2023
   • Authors: Saif Al-Dean Qawasmeh, Ali Abdullah S. AlQahtani, Muhammad Khurram Khan
   • Short Description: This comprehensive review analyzes various cybersecurity awareness training methods, including traditional, technology-based, and innovative strategies. It evaluates the principles, effectiveness, and limitations of each method, providing a comparative analysis and discussing emerging trends like artificial intelligence in cybersecurity training.

5. Developing a cyber security culture: Current practices and future needs

   • Date Published: 2021​
   • Authors: Betsy Uchendu, Jason R.C. Nurse, Maria Bada, Steven Furnell
   • Short Description: This systematic literature review investigates organizational cybersecurity culture, focusing on definitions, essential factors for building and maintaining such a culture, proposed frameworks, and assessment metrics. It identifies critical elements like top management support and awareness training, highlighting the need for dynamic measures and real-world evaluations.