Cybersecurity Training and the End-User: Pathways to Compliance

Abstract

In order to effectively combat cybersercurity threats at home and in organizations, it is imperative to achieve higher end-user cybersecurity compliance. Cybersecurity training is generally accepted as a means to increase compliance behavior. Training can influence compliance by one or more of three causal pathways: by increasing cybersecurity awareness, by increasing cybersecurity proficiency (i.e., improve cybersecurity skills) and by raising cybersecurity self-efficacy. The effects of awareness and self-efficacy on compliance have been empirically examined and reported in literature, but the effect of cybersecurity skills has not received much attention. In an effort to understand the pathways through which training affects compliance, we develop a theoretical model and offer propositions. The model helps us understand how cybersecurity training should be designed and executed to optimally influence each of the three pathways to compliance and finally to have an optimal impact on compliance. Empirical validation will be performed at a later stage. Results of the study are expected to help design training programs to enhance end-user cybersecurity skills and consequently cybersecurity compliance.