A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises

Chaudhary, 2020 European Commission, 2020 Clark, 2020 Papadopoulos, 2020 C. Ponsard, J. Grandclaudon, G. Dallons, Towards a Cyber Security Label for SMEs: A European Perspective, in: Proceedings of the 4th International Conference on Information Systems Security and Privacy, Funchal, Madeira, Portugal, January 22-24, 2018, pp. 426–431. OECD, 2018 Kurpjuhn, 2015, The SME security challenge, Comput. Fradu Secur., 2015, 5, 10.1016/S1361-3723(15)30017-8 Vaidya, 2018 P. Chen, J. Visschers, C. Verstraete, L. Paoli, C. Huygens, L. Desmet, W. Joosen, The Relationship Between the Cost of Cybercrime and Web Security Posture: A Case Study on Belgian Companies, in: Proceedings of the 11th European Conference on Software Architecture. Canterbury, UK, September 11-15, 2017, pp. 115–120. Millaire, 2017 FireEye, 2020 Aguilar, 2015 M. Heidenreich, Conceptualization of a Measurement Method Proposal for the Assessment of IT Security in the Status Quo of Microenterprises, in: Proceedings of the International Conference on Computing, Electronics & Communication Engineering. London, UK, August, 2 2-23, 2019. G. Erdogan, R. Halvorsrud, C. Boletsis, S. Tverdal, J.B. Pickering, Cybersecurity Awareness and Capacities of SMEs, in: Proceedings of the 9th International Conference on Information Systems Security and Privacy, ICISSP 2023, Lisbon, Portugal, Feburary, 2023, pp. 22–24. Brodin, 2019, A framework for GDPR compliance for small and medium sized enterprises, Eur. J. Secur. Res., 2019, 243, 10.1007/s41125-019-00042-z S. Dojkovski, S. Lichtenstein, W. Matthew, Challenges in Fostering an Information Security Culture in Australian Small and Medium Sized Enterprises, in: Proceedings of the European Conference on Information Warfare and Security. Helsinki, Finland, June 1-2, 2006. Marinos, 2009 Siponen, 2001, Five dimensions of information security awareness, ACM SIGCAS Comput. Soc., 31, 24, 10.1145/503345.503348 Williams, 2019 Ponemon Institute, 2017 Furnell, 2017, Security education and awareness: Just let them burn?, Netw. Secur., 2017, 5, 10.1016/S1353-4858(17)30122-8 M. Bada, A.M. Sasse, Cyber Security Awareness Campaigns: Why do They Fail to Change Behaviour?, in: Proceedings of the International Conference on Cyber Security for Sustainable Society. Coventry, UK, February, 26, 2015. Scroxton, 2019 Hanus, 2018, Definition and multidimensionality of security, DATA BASE Adv. Inf. Syst., 49, 103, 10.1145/3210530.3210538 Park, 2017, A performance evaluation of information security training in public sector, J. Comput. Virol. Hack. Tech., 13, 289, 10.1007/s11416-017-0305-7 CKatsikas, 2000, Health care management and information security: Awareness, training or education?, Int. J. Med. Inf., 60, 129, 10.1016/S1386-5056(00)00112-X Wilson, 2003 Caballero, 2017, Security education, training, and awareness, 497 E. Amankwa, M. Loock, E. Kritzinger, A Conceptual Analysis of Information Security Education, Information Security Training and Information Security Awareness Definitions, in: Proceedings of the 9th International Conference for Internet Technology and Secured Transactions. London, UK, December 8-10, 2014. ENISA, 2010 Wilson, 1998 Vroom, 2002, A practical approach to information security awareness in the organization Wolf, 2018, An empirical study examining the perceptions and behaviours of security conscious users of mobile authentication, Behav. Inf. Technol., 37, 320, 10.1080/0144929X.2018.1436591 Kaspersky, 2020 McGill, 2016, Old risks, new challenges: exploring differences in security between home computer and mobile device use, Behav. Inf. Technol., 36, 1111, 10.1080/0144929X.2017.1352028 Kirlappos, 2015, Shadow security as a tool for learning organization, ACM SIGCAS Comput. Soc., 45, 29, 10.1145/2738210.2738216 Adams, 1999, Users are not the enemy, Commun. ACM, 44, 41 M. Bawazir, M. Mahmud, N.N.A. Molok, J. Ibrahim, Persuasive Technology for Improving Information Security Awareness and Behaviour: A Literature Review, in: Proceedings of the 6th International Conference on Information and Communication Technology for the Muslim World. Jakarta, Indonesia, November 22-24, 2016. K. Renaud, M. Dupuis, Cyber Security Fear Appeals: Unexpectedly Complicated, in: Proceedings of the New Security Paradigm Workshop, San Carlos, Costa Rica. September 23-26, 2019. S.G. Chaudhary, V. kioulos, D. Goodman, Cybersecurity Awareness for Small and Medium-Sized Enterprises (SMEs): Availability and Scope of Free and Inexpensive Awareness Resources, in: Proceedings of the ESORICS 2022 International Workshops: CyberICPS 20222. Copenhagen, Denmark, September 29, 2022. S. Stockhardt, B.M. Berens, M. Volkamer, P. Mayer, A. Kunz, P. Rack, D. D. Lehmann, Teaching Phishing Security: Which Way is Best?, in: Proceedings of the 31st International Conference on ICT System Security and Privacy Protection. Ghent, Belgium, May 30 -June 1. J. Andress, M. Leary, Conducting Security Awareness and Training, in: Building a Practical Information Security Program. 1st Edition; Syngress: Burlington, MA, USA, October 14, 2016, pp. 135–155. Johnson, 2006, Security awareness: Switch to a better program, Netw. Secur., 2006, 15, 10.1016/S1353-4858(06)70337-3 Abawajy, 2012, User preference of cyber security awareness delivery methods, Behav. Inf. Technol., 33, 237, 10.1080/0144929X.2012.708787 Abawajy, 2010, Performance analysis of cyber security awareness delivery methods, 142 Shaw, 2009, The impact of information richness on information security awareness, Comput. Educ., 52, 92, 10.1016/j.compedu.2008.06.011 Daft, 1983 Webster, 2002, Analyzing the past to prepare for the future: Writing a literature review, MIS Q., 26, xiii Okoli, 2010, A guide to conducting a systematic literature review of information systems research, SSRN Electron. J., 37, 879 Renaud, 2016, How smaller businesses struggle with security advice, Comput. Fraud Secur., 2016, 10, 10.1016/S1361-3723(16)30062-8 Levy, 2006, A systems approach to conduct an effective literature, Int. J. Emerg. Transdiscipline, 9, 181, 10.28945/479 E. Sherif, S. Furnell, Awareness, Behaviour and Culture: The ABC in Cultivating Security Compliance, in: Proceedings of the 10th International Conference for Internet Technology and Secured Transactions. London, UK, December 14-16, 2015. B. Lebek, J. Uffen, M.H. Breitner, M. Neumann, B. Hohler, Employees’ Information Security Awareness and Behavior: A Literature Review, in: Proceedings of the 46th Hawaii International Conference on System Sciences. Wailea, Hawaii, USA, January 7-10, 2013. P. Mayer, A. Kunz, M. Volkamer, Reliable Behavioural Factor in the Information Security Context, in: Proceedings of the 12th International Conference on Availability, Reliability and Security. Reggio, Calabria, Italy, August 29 September 1, 2017. H. Aldawood, G. Skinner, Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review, in: Proceedings of the IEEE International Conference on Teaching, Assessment, and Learning for Engineering. Wollongong, NSW, Australia, December 4-7, 2018. P. Mayer, M. Volkamer, Addressing Misconceptions About Password Security Effectively, in: Proceedings of the 7th Workshop on SocioTechnical Aspects in Security and Trust. Orlando, Florida, USA, December 5, 2017, pp. 16–27. P. Mayer, C. Schwartz, M. Volkamer, On the Systematic Development and Evaluation of Password Security Awareness-Raising Materials, in: Proceedings of the 34th Annual Computer Security Applications Conference. San Juan, PR, USA, December 3-7, 2018. T.K. Lejaka, A. Da Veiga, M. Loock, Cyber Security Awareness for Small, Medium and Micro Enterprises (SMMEs) in South Africa, in: Proceedings of the Conference on Information Communications Technology and Society. Durban, South Africa, March 6-8, 2019. C. Ponsard, J. Grandclaudon, S. Bal, Survey Lessons Learned on Raising SMEs Awareness about Cybersecurity, in: Proceedings of the 5th International Conference on Information Systems Security and Privacy. Prague, Czech Republic, February 23-25, 2019. Samani, 2020 Mylonas, 2013, Delegate the smartphone user? Security awareness in smartphone platforms, Comput. Secur., 34, 47, 10.1016/j.cose.2012.11.004 A. Mylonas, D. Gritzalis, B. Tsoumas, T. Apostolopoulos, A Qualitative Metrics Vector for the Awareness of Smartphone Security Users, in: Proceedings of the 10th International Conference on Trust, Privacy and Security in Digital Business. Prague, Czech Republic, August 28-29, 2013, pp. 173–184. M. Al-Hadadi, A. Al Shidhani, Smartphone Security Awareness: Time to Act, in: Proceedings of the International Conference on Current Trends in Information Technology. Dubai, UAE, December 11-12, 2013. Breitinger, 2020, A srvey on smartphone user’s security choices, awareness and education, Comput. Secur., 88, 10.1016/j.cose.2019.101647 Ameen, 2020, Employees’ behavioural intention to smartphone security: A gender-based, crossnational study, Comput. Hum. Behav., 104, 10.1016/j.chb.2019.106184 B. Watson, J. Zheng, On the User Awareness of Mobile Security Recommendations, in: Proceedings of the ACM Southeast Regional Conference. Kennesaw, GA, USA, April 13-15, 2017, pp. 120–127. T. Shabe, E. Kritzinger, M. Loock, Scorecard Approach for Cybersecurity Awareness, in: Proceedings of the International Symposium on Emerging Technologies for Education. Cape Town, South Africa, September 20-22, 2017, pp. 144–153. Bitton, 2018, Taxonomy of mobile users’ security awareness, Comput. Secur., 73, 266, 10.1016/j.cose.2017.10.015 Bahrini, 2019, Make my phone secure! using gamification for mobile security settings, 11, 299 F. Parker, J. Ophoff, J. Van Belle, R.R. Karia, Security Awareness and Adoption of Security Controls by Smartphone Users, in: Proceedings of the 2nd International Conference on Information Security and Cyber Forensics. Cape Town, South Africa, November 15-17, 2015. Imgraben, 2014, Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users, Behav. Inf. Technol., 33, 1347, 10.1080/0144929X.2014.934286 BlackBerry, 2019 W. Melicher, D. Kurilova, S.M. Segreti, P. Kalvani, U.B. Shay, L. Bauer, N. Christin, L.F. Cranor, M.L. Mazurek, Usability and Security of Text Passwords on Mobile Devices, in: Proceedings of the 34th Annual CHI Conference on Human Factors in Computing Systems. San Jose, CA, USA, May 7-12, 2016, pp. 527–539. Endsley, 1995, Towards a theory of situation awareness in dynamic systems, Human Factors, 37, 32, 10.1518/001872095779049543 B. McGuinness, L. Foy, A Subjective Measure of SA: The Crew Awareness Rating Scale (CARS), in: Proceedings of the 1st Human performance, situation awareness and automation conference; user-centered design for the new millennium. Savannah, GA, USA: 286-291, 2000. A. Evesti, T. Kanstren, T. Frantti, Cybersecurity Situational Awareness Taxonomy, in: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment. London, UK, June 19-20, 2017. H. Tianfield, Cyber Security Situational Awareness, in: Proceedings of the IEEE International Conference on iThings) and GreenCom and CPSCom and SmartData. Chengdu, China, December 15-18, 2016. X. Li, Q. Wang, L. Yang, X. Luo, Network Security Situation Awareness Method Based on Visualization, in: Proceedings of the Third International Conference on Multimedia Information Networking and Security. Shanghai, China, November 4-6, 2011. I. Kotenko, E. Novikova, Visualization of Security Metrics for Cyber Situation Awareness, in: Proceedings of the 9th International Conference on Availability, Reliability and Security. Fribourg, Switzerland, September 8-12, 2014. M. Evangelopoulou, C.W. Johnson, Attack Visualization for Cyber Security Situation Awareness, in: Proceedings of the 9th IET International Conference on System Safety and Cyber Security. Manchester, UK, October 15-16, 2014. A. Evesti, C. Wieser, T. Zhao, Improved Information Security Situational Awareness by Manifold Visualization, in: Proceedings of the 10th European Conference on Software Architecture, Copenhagen. Denmark, November 28- December 2, 2016. M.J. Hall, D.D. Hansen, K. Jones, Cross-domain Situational Awareness and Collaborative Working for Cyber Security, in: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment. London, UK, June 8-9, 2015. Q. Zhang, D. Man, W. Yang, Using HMM for Intent Recognition in Cyber Security Situation Awareness, in: Proceedings of the Second International Symposium on Knowledge Acquisition and Modeling. Wuhan, China, November 30- December 1, 2009. A.C. Squicciarini, G. Petracca, W.G. Horne, A. Nath, Situational Awareness Through Reasoning on Network Incidents, in: Proceedings of the 4th ACM conference on Data and Application Security and Privacy. San Antonio, TX, USA, March 3-5, 2014, pp. 111–122. F.R.L. Silva, P. Jacob, Mission-Centric Risk Assessment to Improve Cyber Situational Awareness, in: Proceedings of the 13th International Conference on Availability, Reliability and Security. Hamburg, Germany, August 27-28, 2018, pp. 1–8. Rutzwiller, 2020, Gaps and opportunities in situational awareness for cybersecurity, Digital Threats: Res. Pract., 1, 18:1 Jiang, 2022, Systematic literature review on cyber situational awareness visualization, IEEE Access, 10, 57525, 10.1109/ACCESS.2022.3178195 Tsohou A., M. Karyda, S. Kokolakis, E. Kiountouzis, Analyzing Information Security Awareness through Network Association, in: Proceedings of the 7th International Conference on Trust, Privacy and Security in Digital Business. Bilbao, Spain, August 30-31, 2010, pp. 227–237. R.J. Mejias, An Integrative Model of Information Security Awareness for Assessing Information System Security Risk, in: Proceedings of the 45th Hawaii International Conference on System Sciences. Maui, HI, USA, January 4-7, 2012. L. Li, L. Xu, W. He, Y. Chen, H. Chen, Cyber security awareness and its impact on employee’s behaviour, in: Proceedings of the International Conference on Research and Practical Issues of Enterprise Information Systems. Vienna, Austria, December 13–14, 2016, pp. 103–111. Yoo, 2018, Exploring the influence of flow of psychological ownership on security education, training and awareness effectiveness and security compliance, Decis. Support Syst., 108, 107, 10.1016/j.dss.2018.02.009 J. Simonet, S. Teufel, The Influence of Organizational, Social and Personal Factors on Cybersecurity Awareness and Behaviour of Home Computer Users, in: Proceedings of the 34th International Conference on ICT Systems Security and Privacy Protection. Lisbon, Portugal, June 25-27, 2019, pp. 194–208. H.A. Kruger, S. Flowerday, L. Drevin, T.T. Steyn, An Assessment of the Role of Cultural Factors in Information Security Awareness, in: Proceedings of the Information Security South Africa Conference. Johannesburg, South Africa, August 15-17, 2011. P. Tarwireyi, S. Flowerday, A. Bayaga, Information Security Competence Test with Regards to Password Management, in: Proceedings of the Information Security for South Africa. Johannesburg, South Africa, August 15-17, 2011. A. Farooq, J. Isoaho, S. Virtanen, J. Isoaho, Information Security Awareness in Educational Institution: An Analysis of Students’Individual Factors, in: Proceedings of the IEEE Trustcom/BigDataSE/ISPA. Helsinki, Finland, August 20-22, 2015. Kearney, 2016, Can perceptual differences account for enigmatic information security behaviour in an organisation?, Comput. Secur., 61, 46, 10.1016/j.cose.2016.05.006 Z. Ahmad, M. Norhashim, O.T. Song, L.T. Hui, A Typology of Employees’Information Security Behaviour, in: Proceedings of the 4th International Conference on Information and Communication Technology. Bandung, Indonesia, May 25-27, 2016. Ki-Aries, 2017, Persona centered information security awareness, Comput. Secur., 70, 663, 10.1016/j.cose.2017.08.001 A. Bostan, I. Akman, ICT User and Usage Characteristics and Email Security Awareness, in: Proceedings of the International Conference on Electronics, Computer and Computation. Ankara, Turkey, November 7-9, 2013. H. Lee, O. Na, S. Sung, H. Chang, An analysis study on security activity changes by security accident, in: Proceedings of the 17th International Conference on Electronic Commerce. Seoul, South Korea, August 3-5, 2015, pp. 1–7. W. Sung, S. Kang, An Empirical Study on the Effect of Information Security Activities: Focusing on the Technology, Institution and Awareness, in: Proceedings of the 18th Annual International Conference on Digital Government Research. Staten Island, NY, USA, June 7-9, 2017, pp. 84–93. Trim, 2019, The role of B2B marketers in increasing cyber security awareness and influencing behavioural change, Ind. Mark. Manag., 83, 224, 10.1016/j.indmarman.2019.04.003 Flores, 2016, Shaping intention to resist social engineering through transformational leadership, information security culture and awareness, Comput. Secur., 59, 26, 10.1016/j.cose.2016.01.004 Arachchilage, 2014, Security awareness of computer users: A phishing threat avoidance perspective, Comput. Hum. Behav., 38, 304, 10.1016/j.chb.2014.05.046 Kuo, 2018, EMRS adoption: Exploring the effects of information security management awareness and perceived service quality, Health Policy Technol., 7, 365, 10.1016/j.hlpt.2018.10.012 Thomson, 1998, Information security awareness: Educating your users effectively, Inf. Manag. Comput. Secur., 6, 167, 10.1108/09685229810227649 Kranenbarg, 2017, 23 ENISA, 2018 H. Kruger, L. Drevin, T. Steyn, Email Security Awareness- a Practical Assessment of Employee Behaviour, in: Proceedings of the 5th World Conference on Information Security Education. West Point, NY, USA, June 19-21:33-40, 2007. M.A. Tariq, J. Brynielsson, H. Artman, The Security Awareness Paradox: A Case Study, in: Proceedings of the International Conference on Advances in Social Networks Analysis and Mining. Beijing, China, August 17-20, 2014. M. Harbach, S. Fahl, M. Smith, Who’s Afraid of Which Bad Wolf? A Survey of IT Security Risk and Awareness, in: Proceedings of the IEEE 27th Computer Security Foundations Symposium. Vienna, Austria, July 19-22, 2014. Hassanzadeh, 2014, A conceptual framework for information security awareness, assessment, and training, 99 X. Bellekens, A. Hamilton, P. Seeam, K. Nieradzinska, Q. Franssen, A. Seeam, Pervasive e-health Services: A Security and Privacy Risk Awareness Survey, in: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment. London, UK, June 13-14, 2016. J.M. Torres, J.M. Sarriegi, J. Hernantes, A. Lauge, Steering Security through Management, in: Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business. Linz, Austria, September 3-4, 2009, pp. 95–104. Algosec, 2016 Osoba, 2017 Ŏg̈uţc̈u, 2016, Analysis of personal information security behaviour and awareness, Comput. Secur., 56, 83, 10.1016/j.cose.2015.10.002 K. Solic, B. Tovjanin, V. Ilakovac, Assessment Methodology for the Categorization of ICT System Users Security Awareness, in: Proceedings of the 35th International Convention MIPRO. Opatija, Croatia, May 21-25, 2012. Cone, 2007, A video game for cybersecurity training and awareness, Comput. Secur., 26, 63, 10.1016/j.cose.2006.10.005 W.A. Labuschagne, I. Burke, N. Veerasamy, M.M. Eloff, Design of Cyber Security Awareness Game Utilizing a Social Media Framework, in: Proceedings of the Information Security for South Africa. Johannesburg, South Africa, August 15-17, 2011. T. Denning, A. Lerner, A. Shostack, T. Kohno, Control-AltHack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education, in: Proceedings of the ACM SIGSAC Conference on Computer & Communications Security. Berlin, Germany, November 48, 2013, pp. 915–928. E.S. Ruboczki, How to Develop Cloud Security Awareness, in: Proceedings of the 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics. Timisoara, Romania, May 21-23, 2015. V.N. Mathoosoothenen, J.S. Sundaram, R.A. Palanichamy, S.N. Brohi, An Integrated Real-time Simulated Ethical Hacking Toolkit with Interactive Gamification Capabilities and Cyber Security Educational Platform, in: Proceedings of the International Conference on Computer Science and Artificial Intelligence. Jakarta, Indonesia, December 5-7, 2017, pp. 199–202. F. Alotaibi, S. Furnell, I. Stengel, M. Papadaki, Enhancing Cyber Security Awareness with Mobile Games, in: Proceedings of the 12th International Conference for Internet Technology and Secured Transactions. Cambridge, UK, December 11-14, 2017. D. Huynh, P. Luong, H. Iida, R. Beuran, Design and Evaluation of a Cybersecurity Awareness Training Game, in: Proceedings of the 16th IFIP TC 14 International Conference. Tsukuba City, Japan, September 18-21, 2017, pp. 183–188. E.G.B. Gjertsen, E.A. Gjære, M. Bartnes, W.R. Flores, Gamification of Information Security Awareness Training, in: Proceedings of the 3rd International Conference on Information Systems Security and Privacy. Porto, Portugal, February 19-21, 2017. V. Visoottiviseth, R. Sainont, T. Boonnak, V. Thammakulkrajang, POMEGA: Security Game for Building Security Awareness, in: Proceedings of the 7th ICT International Student Project Conference. Nakhon Pathom, Thailand, July 11-13, 2018. D. Filipczuk, C. Mason, S. Snow, Using a Game to Explore Notions of Responsibility for Cyber Security in Organizations, in: Proceedings of the CHI Conference on Human Factors in Computing Systems. Glasgow, Scotland, UK, May 4-9, 2019, pp. 1–6. J.R. Cole, T. Pence, J. Cummings, E. Baker, Gamifying Security Awareness: A New Prototype, in: Proceedings of the International Conference on Human-Computer Interaction. Orlando, Florida, USA, July 26-31, 2019. S. Scholefield, L. Shepherd, Gamification Techniques for Raising Cyber Security Awareness, in: Proceedings of the 21st International Conference on Human-Computer Interaction. Orlando, Florida, USA, July 26-31, 2019, pp. 191–201. Bada, 2019, Developing cybersecurity education and awareness programmers for small and medium-sized enterprises (SMEs), Inf. Comput. Secur., 27, 393, 10.1108/ICS-07-2018-0080 N. Zargham, M. Bahrini, G. Volkmar, D. Wenig, K. Sohr, R. Malaka, What Could Go Wrong? Raising Mobile Privacy and Security Awareness through a Decision-making Game, in: Proceedings of the CHI PLAY. Barcelona, Spain, October 22-25, 2019, pp. 805–812. M. Maurer, A. De Luca, S. Kempe, Using Data Type Based Security Alert Dialogs to Raise Online Security Awareness, in: Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburgh, PA USA, July 20-22, 2011, pp. 1–13. M. Serrhini, A. Dargham, A.A. Ait-Moussa, Improve Security of Browser with Stand-alone e-Learning Awareness Application, in: Proceedings of the International Conference on Multimedia Computing and Systems. Tangier, Morocco, May 10-12, 2012. M. Potgieter, C. Marais, M. Gerber, Fostering Content Relevant Information Security Awareness through Browser Extensions, in: Proceedings of the 8th IFIP World Conference on Information Security Education. Auckland, New Zealand, July 8-10, 2013, pp. 58–67. D. Malandrino, A. Petta, V. Scarano, L. Serra, R. Spinelli, B. Krishnamurthy, Privacy Awareness About Information Leakage: Who Knows What About Me?, in: Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, Berlin, Germany, November 4, 2013, pp. 279–284. A. Tolnai, S. von Solms, Solving Security Issues Using Information Security Awareness Portal, in: Proceedings of the International Conference for Internet Technology and Secured Transactions. London, UK, November 9-12, 2009. P.K.A. Sari, A. Prasetio, Knowledge Sharing and Electronic Word of Mouth to Promote Information Security Awareness in Social Network Site, in: Proceedings of the International Workshop on Big Data and Information Security. Jakarta, Indonesia, September 23-24, 2017. A. Smith, M. Papadaki, S.M. Furnell, Improving Awareness of Social Engineering Attacks, in: Proceedings of the 8th World Conference on Information Security Education. Bento Goņcalves, Brazil, July 27-31, 2009, pp. 249–256. B. Endicott-Popovsky, I. Orton, K. Bailey, D. Frincke, Community Security Awareness Training, in: Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop. West Point, NY, USA, June 15-17, 2005. DodgeCarver, 2007, Phishing for user security awareness, Comput. Secur., 26, 73, 10.1016/j.cose.2006.10.009 Y. Chen, Using Anomalous Data to Foster Conceptual Change in Security Awareness, in: Proceedings of the International Symposium on Intelligent Signal Processing and Communication Systems. Kanazawa, Japan, January 7-9, 2009. Mamonova, 2018, The impact of information security threat awareness on privacy protective behaviour, Comput. Hum. Behav., 83, 32, 10.1016/j.chb.2018.01.028 D.D. Maeyer, Setting up an Effective Information Security Awareness Programme, in: Proceedings of the SECURE Conference. Warsaw, Poland, September 25-27, 2007, pp. 49–58. A. Liska, Fusing Internal and External Intelligence, in: Building an Intelligence- Led Security Program, Syngress:123-137, 2014. S. Chaudhary, S. Kompara, V. Pape, M. Gkioulos, Properties for Cybersecurity Awareness Posters’ Design and Quality Assessment, in: Proceedings of the 17th International Conference on Availability, Reliability and Security, ARES 2022, Vienna, Austrai, August, 2022, pp. 23–26. Chaudhary, 2022, Developing metrics to assess the effectiveness of cybersecurity awareness program, J. Cybersecur., 8, 10.1093/cybsec/tyac006 Evans, 2016, Human behaviour as an aspect of cyber security assurance, Secur. Commun. Netw., 9, 4667, 10.1002/sec.1657 V. Andrews, Analyzing Awareness on Data Privacy, in: Proceedings of the ACM Southeast Conference. Kennesaw, Georgia, USA, April 18-20:, 2019, pp. 198–201. Furnell, 2003, Improving security awareness through computer-based training, 287 L. Jixing, W. Yu, Q. Bin, Discussion on Cyber Security Awareness and Awareness Model Building based on Connectionism, in: Proceedings of the IEEE 4th Information Technology and Mechatronics Engineering Conference. Chongqing, China, December 14-16, 2018. W.A. Al-Hamdani, Assessment of Need and Method of Delivery for Information Security Awareness Program, in: Proceedings of the 3rd Annual Conference on Information Security Curriculum Development. Kennesaw, GA, USA, September 22-23, 2006, pp. 102–108. Kritzinger, 2008, Information security management: An information security retrieval and awareness model for industry, Comput. Secur., 27, 224, 10.1016/j.cose.2008.05.006 Chaudhary, 2022 U. Gattiker, Can an Early Warning System for Home Users and SMEs Make a Difference? A Field Study, in: Proceedings of the International Workshop on Critical Information Infrastructures Security. Samos Island, Greece, August 31 - September 1, 2006. L. Ngo, W. Zhou, A. Chonka, J. Singh, Assessing the Level of I.T, Security Culture Improvement: Results from Three Australian SMEs, in: Proceedings of the 35th Annual Conference of the IEEE Industrial Electronic Society. Porto, Portugal, November 3-5, 2009. L.E. Śanchez, A. Santos-Olmo, E. Ferńandez-Medina, M. Piattini, Security Culture in Small and Medium-size Enterprise, in: Proceedings of the CENTERIS. Viana do Castelo, Portugal, October 20-22, 2010, pp. 315–324. L. Freeman, The Utilization of Information Systems Security in SMEs in the South East of Ireland, in: A. DAtri, M. de Marco, A. Braccini, F. Cabiddu (Eds.), Management of the Interconnected World, Physica-Verlag HD, 2010, pp. 121–128. Gundu, 2013, Ignorance to awareness: Towards an information security awareness process, South African Inst. Electr. Eng., 104, 69 H. Shih, X. Guo, K. Lai, T.C.E. Cheng, Taking Promotion and Prevention Mechanisms Matter for Information Systems Security Policy in Chinese SMEs, in: Proceedings of the 2nd International Conference on Information Management. London, UK, May 7-8, 2016. Tawileh, 2010, Managing information security in small and medium sized enterprises: A holistic approach, 331 R. Groner, P. Brune, Towards an Empirical Examination of IT Security Infrastructures in SME, in: Proceedings of the 17th Nordic Conference on Secure IT Systems. Karlskrona, Sweden, October 31- November 2, 2012. S. Parkin, A. Fielder, A.P. Ashby, Pragmatic Security: Modelling IT Security Management Responsibilities for SME Archetypes, in: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. Vienna, Austria, October, 24-28. Yeldirim, 2011, Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey, Int. J. Inf. Manage., 31, 360, 10.1016/j.ijinfomgt.2010.10.006 Blau, 2017 Lopes, 2014, Understanding information security culture: A survey in small and medium sized enterprises, 277 Spitzner, 2019 Pironti, 2010 Schroeder, 2017, Challenges faced by organizations, 1 Aitel, 2012 J.M. Haney, W.G. Lutters, Skills and characteristics of successful cybersecurity advocates, in: Proceedings of the Workshop on Security Information Workers, Symposium on Usable Privacy and Security (SOUPS), Santa Clara, CA, USA, July 12-14, 2017, pp. 1663–1670. Eminağgaoğlu, 2009, The positive outcomes of information security awareness training in companies-a case study, Inf. Secur. Tech. Rep., 14, 223, 10.1016/j.istr.2010.05.002 J. Kaur, N. Mustafa, Examining the effects of knowledge, attitude and behavior on information security awareness: A case on SME, in: Proceedings of the 3rd International Conference on Research and Innovation in Information System. Kuala Lumpur, Malaysia, November 27-28, 2013. ISF 30, 2020 Albrechtsen, 2007, A quality study of users’view on information security, Comput. Secur., 26, 276, 10.1016/j.cose.2006.11.004 Farvaque, 2009