Developing metrics to assess the effectiveness of Cybersecurity awareness program
Keywords:
Cybersecurity awareness, Security awareness training, Awareness program evaluation, CSA effectiveness metrics, Knowledge Attitude Behavior (KAB), Cybersecurity behavior change, Human factors in cybersecurity, Security culture, ROI in security awarenessAbstract
This paper presents a systematic analysis of methods and metrics for evaluating cybersecurity awareness (CSA) programs. Through a comprehensive review of existing literature and industry practices, we identify key evaluation metrics, methodologies, and challenges in assessing CSA program effectiveness. Our analysis reveals that while various evaluation approaches exist, there is no standardized framework for measuring CSA program success. We propose a structured evaluation framework that combines quantitative and qualitative metrics across four key dimensions: knowledge acquisition, behavioral change, program usability, and organizational impact.
Published
Issue
Section
License
Copyright (c) 2025 Journal of Cybersecurity Research
This work is licensed under a Creative Commons Attribution 4.0 International License.
This journal applies a delayed open access policy.
All articles are published with restricted access for a period of one (1) month following their initial publication. After the embargo period expires, articles are made freely available to the public under an Open Access model.
Authors retain copyright and grant the journal the right of first publication. After the embargo period, the work is distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original work is properly cited.