Improving employees’ intellectual capacity for cybersecurity through evidence-based malware training
| Pages | 203-213 |
| DOI | https://doi.org/10.1108/JIC-05-2019-0112 |
| Date | 20 December 2019 |
| Published date | 20 December 2019 |
| Author | Wu He,Ivan Ash,Mohd Anwar,Ling Li,Xiaohong Yuan,Li Xu,Xin Tian |
| Subject Matter | HR & organizational behaviour,Accounting & Finance,Behavioural accounting,Accounting/accountancy,Organizational structure/dynamics |
Improving employees’intellectual
capacity for cybersecurity
through evidence-based
malware training
Wu He and Ivan Ash
Old Dominion University, Norfolk, Virginia, USA
Mohd Anwar
North Carolina A&T State University,
Greensboro, North Carolina, USA
Ling Li
Old Dominion University, Norfolk, Virginia, USA
Xiaohong Yuan
North Carolina A&T State University, Greensboro, North Carolina, USA
Li Xu
Old Dominion University, Norfolk, Virginia, USA, and
Xin Tian
Kennesaw State University, Kennesaw, Georgia, USA
Abstract
Purpose –An organization’s ability to successfully manage intellectual capital is determined by the actions
of its employees to prevent or minimize information security incidents. To prevent more data breaches to
intellectual capital, organizations must provide regular cybersecurity awareness training for all personnel.
The purpose of this paper is to investigate the effect of different evidence-based cybersecurity training
methods on employees’cybersecurity risk perception and self-reported behavior.
Design/methodology/approach –The study participants were randomly assigned into four groups
(i.e. malware report, malware videos, both malware report and malware videos and no interventions) to assess
the effects of cybersecurity training on their perceptions of vulnerability, severity, self-efficacy, security
intention as well as their self-reported cybersecurity behaviors.
Findings –The results show that evidence-based malware report is a relatively better training method in
affecting employees’intentions of engaging in recommended cybersecurity behaviors comparing with the
other training methods used in this study. A closer analysis suggests whether the training method contains
self-relevant information could make a difference to the training effects.
Originality/value –This paper reports an in-depth investigation on how different evidence-based
cybersecurity training methods impact employees’perceptions of susceptibility, severity, self-efficacy,
security intention as well as on their self-reported cybersecurity behaviors.
Keywords Evidence-based practice, Cybersecurity training
Paper type Research paper
1. Introduction
Klein and Prusak (1994) define intellectual capital operationally as intellectual material that
has been formalized, captured and leveraged to produce a higher valued asset. According to
Kok (2007), intellectual capital consists of three elements: human capital, structural capital
(or organizational capital) and relational (customer) capital. Human capital, which includes
experience, the know-how, capabilities, skills and expertise of the human members of the
Received 26 May 2019
Revised 30 September 2019
Accepted 29 October 2019
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/1469-1930.htm
This work was supported in part by the US National Science Foundation under Grant SES-1318470
and SES-1318501.
Improving
employees’
intellectual
capacity
JournalofIntellectualCapital
Vol.21 No. 2, 2020
pp.203-213
©EmeraldPublishingLimited
1469-1930
DOI10.1108/JIC-05-2019-0112
203
To continue reading
Request your trial