Cybersecurity Awareness as a Component of HR Policies: Protecting Employee and Organizational Data in the Digital Era
DOI:
https://doi.org/10.61536/ambidextrous.v2i02.187Keywords:
Cybersecurity Awareness, Human Resource Policies, Employee Engagement, Organizational Resilience, Digital EraAbstract
Cybersecurity awareness has become a critical organizational priority in the digital era, where human factors play a significant role in mitigating cyber risks. This study investigates the implementation of cybersecurity awareness policies within human resource (HR) management, focusing on their effectiveness, challenges, and potential solutions. Using a qualitative case study approach, data were collected through interviews, observations, and document analysis in organizations with established HR policies addressing cybersecurity. The findings reveal that tailored training programs, leadership support, and cross-departmental collaboration are key to fostering employee engagement and preparedness. However, challenges such as resource limitations, resistance to change, and rapidly evolving cyber threats hinder the effectiveness of these initiatives. The study underscores the importance of aligning cybersecurity awareness with organizational culture and leveraging innovative approaches, such as gamification and role-specific training, to enhance engagement. This research contributes to the existing body of knowledge by exploring the intersection of HR policies and cybersecurity and provides actionable insights for organizations to strengthen their resilience. Recommendations for future research include examining the long-term impact of cybersecurity awareness programs and exploring their applicability across diverse organizational contexts.
Downloads
References
Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237-248. https://doi.org/10.1080/0144929X.2012.708787
Ahmad, A., Maynard, S. B., & Park, S. (2021). Information security strategies: Towards an organizational multi-strategy perspective. Journal of Information Security and Applications, 59, 102805. https://doi.org/10.1016/j.jisa.2021.102805
Abrahams, Temitayo & Farayola, Oluwatoyin & Kaggwa, Simon & Uwaoma, Prisca & Hassan, Azeez & Dawodu, Samuel. (2024). CYBERSECURITY AWARENESS AND EDUCATION PROGRAMS: A REVIEW OF EMPLOYEE ENGAGEMENT AND ACCOUNTABILITY. Computer Science & IT Research Journal. 5. 100-119. 10.51594/csitrj.v5i1.708.
Alotaibi, M., & Almagwashi, H. (2021). Cybersecurity awareness in SMEs: Challenges and solutions. Journal of Information Security and Applications, 56, 102675. https://doi.org/10.1016/j.jisa.2021.102675
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose.2020.102003
Bada, Maria & Sasse, Angela & Nurse, Jason. (2015). Cyber Security Awareness Campaigns: Why do they fail to change behaviour?. 118-131..
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101. https://doi.org/10.1191/1478088706qp063oa
Choi, K., Levy, Y., & Hovav, A. (2018). The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse. Computers & Security, 87, 101583. https://doi.org/10.1016/j.cose.2018.06.018
Cram, W. A., D’Arcy, J., & Proudfoot, J. G. (2017). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 41(1), 301-326.
Flick, U. (2018). An introduction to qualitative research. SAGE Publications.
Furnell, S., Clarke, N., & Lacey, D. (2020). Awareness, behavior, and culture: The ABC of cybersecurity culture. Computers & Security, 96, 101820. https://doi.org/10.1016/j.cose.2020.101820
Gupta, A., Dhillon, G., & Stahl, B. C. (2019). Information security policies and employee noncompliance: An empirical study. Information Systems Journal, 29(1), 43-58.
Hameed, A., & Khan, M. M. (2020). A cybersecurity awareness framework for managing human factors in the digital age. Journal of Information Security and Applications, 50, 102575. https://doi.org/10.1016/j.jisa.2020.102575
Harrison, B., Sanford, J., & Liu, L. (2021). Evaluating the impact of phishing simulation training on employee cybersecurity awareness. Journal of Information Technology Education, 20, 143-158.
Hillson, D., & Murray-Webster, R. (2017). Understanding and managing risk attitude. Routledge.
Koohang, A., Paliszkiewicz, J., & Goluchowski, J. (2021). Gamification in cybersecurity awareness: A review of effectiveness. Cybersecurity Journal, 4(3), 111–125.
Lincoln, Y. S., & Guba, E. G. (1985). Naturalistic inquiry. SAGE Publications.
Ng, B. Y., Kankanhalli, A., & Xu, Y. C. (2019). A theoretical model for cyber security risk analysis. MIS Quarterly, 33(4), 719-734.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers & Security, 42, 165-176. https://doi.org/10.1016/j.cose.2013.12.003
Ponemon Institute. (2022). Cost of a Data Breach Report. IBM Security.
Tassabehji, R., Hackney, R., & Popovic, A. (2022). Strategic alignment of cybersecurity policies in organizations: A framework for success. Journal of Strategic Information Systems, 31(1), 101642. https://doi.org/10.1016/j.jsis.2022.101642
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97-102. https://doi.org/10.1016/j.cose.2013.04.004
Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). SAGE Publications.
Zhang, L., & McDowell, W. (2022). The effectiveness of cybersecurity training in mitigating cyber threats: An empirical analysis. Cybersecurity Research Journal, 9(2), 87-104.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Inpaeng Sayvaya, Mei Veronika Siagian
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
