Key points are not available for this paper at this time.
This qualitative study evaluates the effectiveness of cybersecurity awareness programs in reducing phishing attacks within organizations in the UK. Through semi-structured interviews with employees who have participated in these programs, the research explores participants' perceptions, experiences, and behavioral changes regarding phishing awareness and response strategies. Findings indicate that the training significantly enhances participants' ability to recognize phishing attempts and fosters more cautious behavior when interacting with suspicious content. However, the study also reveals challenges, such as the need for more tailored training content to accommodate varying levels of technical expertise and the necessity for continuous reinforcement to sustain long-term vigilance. The insights gained underscore the importance of regularly updated and scenario-based training to maintain high levels of cybersecurity awareness among employees. The study concludes with practical recommendations for organizations to enhance the design and delivery of cybersecurity awareness programs, as well as suggestions for future research to explore the long-term impacts and sustainability of such training initiatives.
Khan et al. (Sat,) studied this question.