Cybersecurity Awareness Campaign Process Model (October 2022)

Cybersecurity awareness campaigns cannot simply get people to change their behaviour through disseminating knowledge. Therefore, it is important to motivate people to actually take action for long-term behaviour change. Accordingly, cybersecurity awareness campaigns should be evaluated by identifying whether the users’ psychological factors for behaviour change were facilitated. This paper aims to fill a gap by providing a set of standard guidelines on how to evaluate security programmes beyond knowledge-based checks.

Following a step-by-step guideline enables to achieve long-term behavioural and awareness change and to build a cybersecurity culture. Campaigns need to benchmark Cybersecurity Awareness Campaign Process Model by following the metrics step by step. By benchmarking the model, we can see the campaigns’ progress and measure the campaigns’ success. Ultimately, the model helps organisations produce more effective campaigns.”