Cybersecurity Awareness, Experience, and Implementation Analysis in Individuals and Organizations with Community-Based Digital Education Strategies
Keywords:
Cyber Security, AwarenessAbstract
The growing reliance on digital technologies in personal, educational, and organizational contexts has significantly increased the exposure of individuals to cyber threats. While advancements in technical security measures continue, human factors remain one of the weakest links in the cybersecurity chain. This study aims to assess cybersecurity readiness from a behavioral and experiential perspective by analyzing three core dimensions: user awareness, real-life experiences with digital threats, and the actual implementation of cybersecurity practices. A structured online survey was distributed to 127 respondents, capturing data on their knowledge, exposure, and security behaviors. Using Partial Least Squares Structural Equation Modeling (PLS-SEM), the study evaluates the influence of each construct and the causal relationships between them. The analysis reveals that organizational awareness and operational awareness are significant predictors of policy-level security implementation. In contrast, risk perception emerging from past experiences with cyber incidents is strongly associated with users’ technical actions, such as enabling two-factor authentication, updating software, and avoiding suspicious links. Interestingly, personal awareness alone without institutional reinforcement or direct experience—does not translate into secure behavior, suggesting a critical gap between awareness and action. The study contributes to the literature by proposing a validated model of user-centric cybersecurity and demonstrating how educational strategies rooted in community engagement can strengthen digital safety culture, particularly in regions with limited access to formal cybersecurity education
References
NIST, Framework for Improving Critical Infrastructure Cybersecurity, National Institute of Standards and Technology, Gaithersburg, MD,
USA, 2018.
ISO/IEC 27032:2012, Guidelines for Cybersecurity, International Organization for Standardization, Geneva, Switzerland, 2012.
ISO/IEC 27001:2013, Information Security Management Systems – Requirements, International Organization for Standardization, Geneva,
Switzerland, 2013.
ISACA, COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, Rolling Meadows, IL, USA: ISACA,
2012.
National Cyber and Crypto Agency (BSSN), INDEKS KAMI – Information Security Maturity Evaluation Instrument, Jakarta,
Indonesia, 2020.
J. F. Hair, G. T. M. Hult, C. M. Ringle, and M. Sarstedt, A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), 2nd
ed., Thousand Oaks, CA, USA: Sage, 2017.
Group 6, “Beware of Digital Threats – Simple Ways to Protect Yourself in Cyberspace,” Outreach Material, Informatics Study Program, Universitas Sebelas April, 2025.
W. Alasmary, F. Alhaidari, and F. Alotaibi, “Evaluating cybersecurity awareness: A study of university students,” Int. J. Adv. Comput. Sci.
Appl., vol. 11, no. 4, pp. 256–263, 2020.
A. Refsdal, B. Solhaug, and K. Stølen, Cyber-risk Management, Springer, 2015.
M. Siponen, M. A. Mahmood, and S. Pahnila, “Employees’ adherence to information security policies: An exploratory field study,”
Information & Management, vol. 47, no. 6, pp. 291–298, 2010.
K. Parsons, A. McCormac, M. Butavicius, M. Pattinson, and C. Jerram, “Determining employee awareness using the Human Aspects of
Information Security Questionnaire (HAIS-Q),” Computers & Security, vol. 42, pp. 165–176, 2014.
A. Tsohou, M. Karyda, and S. Kokolakis, “Analyzing the role of human factors in the effectiveness of information security awareness programs: A case study,” Computers & Security, vol. 34, pp. 1–11, 2013.
L. Hadlington, “Human factors in cybersecurity: Examining the link between Internet addiction, impulsivity, attitudes towards
cybersecurity, and risky cybersecurity behaviours,” Heliyon, vol. 3, no. 7, e00346, 2017.
A. Vance, M. Siponen, and S. Pahnila, “Motivating IS security compliance: Insights from habit and protection motivation theory,”
Information & Management, vol. 49, no. 3–4, pp. 190–198, 2012.
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management
B. Bulgurcu, H. Cavusoglu, and I. Benbasat, “Information security policy compliance: An empirical study of rationality-based beliefs and
information security awareness,” MIS Quarterly, vol. 34, no. 3, pp. 523–548, 2010.
E. Kritzinger and S. H. Von Solms, “Cyber security for home users: A new way of protection through awareness enforcement,” Computers & Security, vol. 29, no. 8, pp. 840–847, 2010.
ENISA, Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity, European Union Agency for Cybersecurity, 2019.
M. B. Alotaibi and L. S. Alfehaid, “Cybersecurity awareness among Saudi employees: A survey study,” Int. J. Adv. Comput. Sci. Appl.,
vol. 11, no. 9, pp. 120–127, 2020.