Human factors remain the dominant contributor to cybersecurity incidents, yet awareness training produces only moderate and often non-durable behaviour change, and most evaluated programs are either purely digital or evaluated only at the framework level. This study addresses two gaps: the scarcity of empirical and demographically stratified evidence for multi-modal community-facing awareness programs, and the lack of an explicit account of how artificial intelligence (AI) should be integrated into such programs rather than treated as an optional add-on. We evaluate Cyber4Me, a four-stage individual-awareness intervention (community roadshows, structured training, a hackathon, and a physical–digital escape room) that is wrapped in a cross-cutting AI adaptive layer built entirely on structured performance and behaviour data baseline competency tiering, awareness–behaviour gap detection, predictive early-warning, and personalised recommendation, with no reliance on free text. Using a single-group pre–post design with 130 participants in the UK Black Country region and a multi-dimensional Likert instrument, all four competency domains (confidence, familiarity, GDPR knowledge, incident-response preparedness) improved significantly (paired-t, all p<0.001; large within-participant effects, Cohen’s d≥1.0). Improvement was strongly moderated by demographics: older adults gained most in familiarity, undergraduates in confidence, and lower-education participants in regulatory knowledge. The contributions are as follows: transparent and demographically stratified pre–post evidence for a multi-modal awareness program with effect sizes reported; a fitness-for-purpose comparison against contemporary analogs (KnowBe4, Proofpoint, CyberPatriot, iCAT, CAT-RWE, GPT-CSAT, escape-room studies) that treats AI as a first-class design dimension; and an articulated AI integration architecture for the framework, demonstrated offline on the cohort using only structured performance and behaviour data (no free text). In this architecture, a gradient-boosted classifier assigns participants to three baseline competency tiers at 93.1% cross-validated accuracy; these tiers differ sharply in measured improvement (ANOVA F=68.8, p<0.001; Foundational +1.79 vs. Applied +0.30 scale points), an awareness–behaviour gap segment is detected and predicted from intake signals alone (AUC =0.73), and a recommender routes participants to personalised follow-on tracks. As the design is single-group and self-reported, results are reported as evidence of within-participant change associated with the intervention rather than as a causal efficacy estimate, and the AI layer is demonstrated for feasibility rather than being evaluated as a separate trial arm; the scope is explicitly individual security awareness and behaviour, not technical network, IIoT, or cloud security.
Rahman et al. (Mon,) studied this question.