The strong growth in computer security incidents forces private companies and government organizations to improve and be aware of hackers’ new tacticss continually. To do this, these organizations must equip themselves with numerous hardware and software at the cutting edge of technology. Despite this, if no one can use them well or know how to use them wisely, it is useless. That is why cybersecurity knowledge is just as, if not more, necessary than any tool or software. However, this learning of knowledge seems to be strongly influenced by the beliefs of the human who acquired it. In other words, beliefs that an individual holds will influence the awareness of the knowledge transmitted to him and thus influence the implementation of this knowledge. For many reasons, individuals receiving information may decide to classify it as irrelevant if it is too complicated, takes too much time or is poorly explained.
In this study, researchers Percia, Keupp, and Mermoud (2020) set out to further understand the impact that human beliefs have on absorbing specific knowledge to provide effective cybersecurity protection. They based their study on knowledge and the economics of transaction costs. Briefly, this principle states that an individual will decide to absorb information transmitted to him if he judges that it will be profitable for him to acquire this knowledge or that the costs, either in effort or in time, are not higher than the profits.
Thus, the researchers attempt to affirm or abdicate four hypotheses related to beliefs about the absorption of knowledge.
1) The belief of resources: implies that the individual believes that the information transmitted to him will be useful. Thus, the information will become a reference resource for the future.
2) The belief in usefulness: implies that the individual perceives that the information transmitted is genuinely useful and worth spending time and energy on it.
3) The belief of reward: implies that the individual will give importance to information transmitted to him if he believes that he is getting a reward in return.
4) The belief of reciprocity: implies that the individual can absorb knowledge only through a social exchange to the extent that the individual can reciprocate when receiving information from others.
To do this, they analyzed data from 262 members of a closed user group MELANI-net, a national center for information sharing and analysis called ISAC located in Switzerland.
Figure 1. Knowledge Absorption Model
The study results indicate that belief in resources, belief in utility, and belief in reciprocity are positively associated with absorption of knowledge. However, belief in rewards is not significantly associated with absorption.
These results illustrate the importance of taking knowledge absorption into account in ensuring IT security. Understanding the factors and assumptions mentioned above allows cybersecurity trainers to convey information to an audience that is genuinely ready to acquire knowledge by playing on relevance, reciprocity, and the resources that emerge. This study also helps fill some limitations that past studies on cybersecurity knowledge have not been able to fill.
