A systematic review of current cybersecurity training methods

Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with regard to the optimal way to conduct a behav-ioural cybersecurity training. We conducted a systematic review to create a comprehensive overview of the methods used in cybersecurity training and their effectiveness in improving organisational cybersecurity be-haviours. Web of Science, ACM Digital Library, ProQuest, PubMed and PsycINFO were searched and 16,771 papers were identified. After title, abstract and full text screenings were conducted, 142 relevant papers were included in our analysis.The analysis shows that the majority of studies report positive effects of training, regardless of the cyberse-curity topic that was addressed or the training method that was employed. Game-based training methods were used most often. Most studies used a non-experimental design to test effectiveness, with pretest-posttest designs being the most frequent. Sample sizes were often small and many interventions were not tested on employees but other populations. Further findings with regard to intervention design, characteristics and evaluation are discussed.

Automated summary

One way to improve organizational cybersecurity behavior is through comprehensive training programs. Most studies find positive effects of training on improving cybersecurity behavior, regardless of the cybersecurity topic or training method. Game-based training methods are most frequently used, but sample sizes are often small and many interventions are not tested on employees.