A Guideline for developing a Cyber Security Awareness and Training Program with Special Emphasis on Managerial Information Security Awareness

Cybercrime is a pressing issue, forecasts say that the cost of cybercrime is estimated to reach USD 6 trillion by 2012. Considering that the majority of cyber security incidents are caused by human actions, it is crucial to realize that security is less of a technical issue than a ‘people problem’. While organizations invest significant financial resources on technology tools to fight cybercrime, their investment into human factors and the security culture is insignificant. Companies which focus their attention only on the technology element of cybersecurity overlooking the importance of addressing the human factor are exposing themselves to potential threats. Employee training and awareness programs are an important part of cyber security as they are focusing on the human element, but it is an aspect that is often neglected by companies. The level of security awareness trainings is still not adequate in organizations. The cyber security awareness and training programs currently in existence focus on the general user of information systems, not giving due attention to managerial users even though research shows that managerial employees have low level of cyber security awareness. This is alarming given the fact that managerial information security awareness positively correlates with the level of cyber security awareness in organizations and the success of awareness programs....