The Mediating Role of Cybersecurity Awareness in the Relationship between Perception of Phenomena and Implementation of Security Policies
Abstract
Amidst rising cyber threats, the human factor remains a crucial element in the effectiveness of security defenses. This study aims to empirically test a model that explains the driving factors behind the implementation of cybersecurity policies among individuals. Specifically, this research examines the mediating role of Security Awareness (SA) in the relationship between the Phenomenon Perception (PP) of cyber threats and the actual Security Policy Implementation (SPI). Using a quantitative approach, data were collected via a survey questionnaire from 150 valid respondents. Data analysis was performed using the Partial Least Squares Structural Equation Modeling (PLS-SEM) method with SmartPLS 4 software. The analysis results indicate that all three proposed hypotheses were accepted. Phenomenon Perception was found to have a positive and significant effect on Security Awareness (β = +0.562, p < 0.001). Security Awareness has a positive and significant effect on Security Policy Implementation (β = +0.536, p < 0.001). Furthermore, a significant positive direct effect was also found from Phenomenon Perception to Security Policy Implementation (β = +0.329, p < 0.001). Mediation analysis confirmed that Security Awareness acts as a complementary partial mediator, explaining 47.8% of the total effect of Phenomenon Perception on Security Policy Implementation. The model demonstrates moderate predictive power for Security Awareness (R2 = 0.316) and strong predictive power for Security Policy Implementation (R2 = 0.593). These findings provide important implications for developing more effective cybersecurity strategies and training programs by focusing on enhancing threat perception to build awareness, which in turn drives secure behavior.
References
Mimecast, "The State of Human Risk 2025," 2025. [Online]. Available:https://www.mimecast.com/resources/ebooks/state-of-human-risk-2025/.
Savvy Cyber Kids, "95% of Data Breaches Tied to Human Error in 2024," 2025. [Online]. Available: https://savvycyberkids.org/2025/03/18/95-of-data-breaches-tied-to-human-error-in-2024/.
B. R. Side, "Cybersecurity Culture vs. Awareness: Why Training Alone Fails in 2025," 2025. [Online]. Available: https://www.brside.com/academy-blog/cybersecurity-culture-vs-awareness-why-training-alone-fails-in-2025.
R. W. Rogers, "A Protection Motivation Theory of Fear Appeals and Attitude Change," Journal of Psychology, vol. 91, no. 1, pp. 93-114, 1975.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.
I. Ajzen, "The Theory of Planned Behavior," Organizational Behavior and Human Decision Processes, vol. 50, no. 2, pp. 179-211, 1991.
N. Kock, "Perception of threat and its impact on employee behavior in response to cybersecurity," Journal of Cybersecurity Research, vol. 5, no. 2, pp. 45-59, 2021..
S. T. Alqahtani, "The Interplay Between Cyber Awareness, Knowledge, and Behavior," International Journal of Computer Science and Network Security, vol. 22, no. 8, pp. 1-10, 2022.
J. F. Hair, M. Sarstedt, C. M. Ringle, and S. P. Gudergan, Advanced Issues in Partial Least Squares Structural Equation Modeling (PLS-SEM). Sage publications, 2017.
W. W. Chin, "The partial least squares approach to structural equation modeling," in Modern methods for business research, G. A. Marcoulides, Ed. Mahwah, NJ: Lawrence Erlbaum Associates, 1998, pp. 295-336.
J. Henseler, C. M. Ringle, and M. Sarstedt, "A new criterion for assessing discriminant validity in variance-based structural equation modeling," Journal of the Academy of Marketing Science, vol. 43, no. 1, pp. 115-135, 2015.
K. J. Preacher and A. F. Hayes, "SPSS and SAS procedures for estimating indirect effects in simple mediation models," Behavior research methods, instruments, & computers, vol. 36, no. 4, pp. 717-731, 2004.
X. Zhao, J. G. Lynch Jr, and Q. Chen, "Reconsidering Baron and Kenny: A new and more powerful approach to mediation analysis," Journal of consumer research, vol. 37, no. 2, pp. 197-206, 2010.
J. F. Hair Jr, G. T. M. Hult, C. M. Ringle, and M. Sarstedt, A primer on partial least squares structural equation modeling (PLS-SEM). Sage publications, 2014.
E. Rader, R. Wash, and B. Brooks, "Stories from the front lines: The role of experience in security," in Proceedings of the Symposium on Usable Privacy and Security, 2014.