Cybersecurity Awareness as a Mediating Factor in the Human Firewall System

Employees remain a central vulnerability in cybersecurity, making awareness a critical focus for research and practice. This study advances a theoretical framework of cybersecurity awareness that synthesizes individual psychological and organizational factors to explain technology-mediated secure behavior during employees’ routine interaction with workplace information systems. The primary objective of this study is to develop and empirically test an integrated model that explains how psychological and organizational drivers influence secure behavior through cybersecurity awareness. Grounded in Protection Motivation Theory (PMT) and the concept of organizational security culture, we conducted a survey of 408 employees in Saudi Arabia and analyzed the data using partial least squares structural equation modeling (PLS-SEM). Results show that coping appraisal, organizational culture, and threat appraisal significantly predict awareness. Awareness, in turn, strongly predicts secure behavior and also mediates the effects of individual and organizational factors on behavior. The findings advance theory by showing how cybersecurity awareness functions as the explanatory link between individual protection appraisals, organizational security culture, and secure behavior during routine workplace information-system use. This study also offers practical implications for the human-centered design of security interventions, including how organizations can design training, communication, and security workflows that better support secure behavior when employees use workplace information systems.