Journal article

Applying social marketing to evaluate current security education training and awareness programs in organisations

Moneer Alshaikh, Sean B Maynard, Atif Ahmad

Computers & Security | Elsevier | Published : 2021


The effectiveness of cybersecurity management programs is contingent on improving employee security behaviour. Security education, training, and awareness (SETA) programs aim to drive positive behaviour change in support of cybersecurity objectives. In this paper, we argue that existing SETA programs are suboptimal as they aim to improve employee knowledge acquisition rather than behaviour and belief. We apply social marketing principles to examine SETA practices across six organisations. We find that SETA programs fail to implement the key principles and concepts of social marketing that are essential for positive behaviour change. We therefore propose a novel development process for SETA b..

View full abstract