Applying marketing principles to assess cybersecurity education training and awareness programs

Cybersecurity Management and prevention programs’ success and relevance depend primarily on improving employees’ security behaviours within an organization. Indeed, several existing programs make sure to apply those concepts, so employees have the proper tools and knowledge to intervene in a cybersecurity compromise situation within their organizations. Existing programs like education, training, and security awareness programs (SETA “security education, training, and awareness” in English) invite employees to adopt positive cybersecurity behaviour changes.

However, researchers Alshaikh, Maynard, & Ahmad (2020) believe that current SETA programs are not ideal. They only aim to improve employee knowledge instead of targeting changes in employee behaviours and beliefs about cybersecurity issues.

To address these critical gaps, the researchers applied the principles of social marketing to examine SETA practices in six organizations. The marketing principles are: 1) Customer focus 2) Focus on behaviour 3) Based on theory 4) Develop “Insight” 5) Exchange 6) Competition 7) Audience segmentation 8) Mix of methods.

To answer the research questions, the researchers applied a qualitative methodology with semi-structured interviews. Specifically, six interviews were conducted with experts from SETA programs, all from different organizations

When analyzing the transcripts, the researchers focused on SETA programs’ practices in different organizations by grouping the topic’s information. Then they applied the different marketing principles to achieve the following result: SETA programs fail to include the fundamental marketing principles. These key concepts are essential for enacting positive and effective cybersecurity behaviour change.

However, researchers provide solutions using the marketing principles in question to complement existing SETA programs (Table 2).

Table 2 : A mapping of social marketing key principles to gaps in current SETA approaches.

This study is relevant for researchers and those responsible for cybersecurity training in organizations. The researchers shed light on essential gaps in SETA’s cybersecurity programs, provide solutions to counter the problem, and ensure that employees in various organizations receive the right training and tools.

To cite:  Alshaikh, M., Maynard, B. & Ahmad, A. (2020). Applying social marketing to evaluate current security education training and awareness programs in organisations. Computers & Security, 100.