| dc.description.abstract | Employees continue to be the weakest link in an organization's cybersecurity chain for their intentional or unintentional mistakes that cause data breaches. Traditionally, this has become referred to as the human factor in cybersecurity. Investigating and mitigating the human factors is a continuing concern within cybersecurity. In recent years, there has been an increasing interest in providing cybersecurity training for employees to mitigate human factors. Despite the rise in training, the human factors with its problems are still relevant. Considering the relevance of this existing problem, one can look at different training methods to provide better results toward mitigating the human factor. This research looks at a different method by studying self-efficacy in cybersecurity training. The concept of self-efficacy reflects confidence in an individual's ability to exert control over one's own motivation and behavior. Individuals with higher self-efficacy are more likely to perform and behave more securely concerning cybersecurity.
Nevertheless, much of the previous literature on self-efficacy in cybersecurity pays particular attention to measuring employees' self-efficacy. Little is written about how one focuses on increasing self-efficacy in cybersecurity training. One is left questioning to what extent cybersecurity training organizations have adopted self-efficacy in their training. This study explores this gap by identifying to what extent an organization focuses on each component of self-efficacy (mastery experiences, vicarious experiences, verbal persuasion, physiological state) in their cybersecurity training program. Subsequent attention was paid to investigating their opinions on the concept and its components. A case study method was used to allow an exploratory approach by generating data through interviews from seven different organizations that provide cybersecurity training. The finding has important implications for understanding self-efficacy in cybersecurity training and for developing a training program that focuses on self-efficacy. Firstly, the findings show several methods organizations have incorporated the various components of self-efficacy. Secondly, the findings may help us understand challenges and new ideas to consider when examining the concept of self-efficacy. Further work is required to establish a complete overview of how all other organizations deal with the various components of self-efficacy and their opinions, which can be accomplished by gathering information by interviewing more participants. | |