Analysis of the Influence of Cybersecurity Awareness and Experience on the Implementation of Information Security Policy Using PLS-SEM
Keywords:
Cybersecurity, Cybersecurity Awareness, Cybersecurity Experience, Information Security Policy, PLS-SEM, Human FactorAbstract
In the contemporary digital era, increasing dependence on information technology has been accompanied by a proportional increase in the volume and sophistication of cyber threats. While significant investments have been made in technological defenses, the human factor has consistently been identified as the weakest link in cybersecurity. This study aims to analyze the influence of cybersecurity awareness and experience on the implementation of information security policies. Using a quantitative approach, data was collected from 101 respondents via an online questionnaire and analyzed using Partial Least Squares Structural Equation Modeling (PLS-SEM). The analysis evaluates the relationship between three main constructs: Awareness, Phenomena (incident experience), and Security (policy implementation). The findings reveal that awareness and experience have a significant and positive effect on security policy compliance. The model demonstrates strong predictive power, with these two factors explaining 62.7% of the variance in the security construct (R² = 0.627). These results underscore the need for organizations to develop holistic security strategies that not only enhance user awareness but also incorporate experience-based learning to transform users into a resilient line of defense.
References
M. A. Al Affan, M. Fronita, E. Saputra, M. L. Hamzah, and Zarnelly, “Mengukur Tingkat Kesadaran Cybersecurity pada Pengguna Media Sosial di Kalangan Mahasiswa,” Jurnal Inovtek Polbeng - Seri Informatika, vol. 10, no. 1, pp. 134–145, Mar. 2025, doi: 10.35314/vycq9t65.
W. J. Triplett, “Addressing Human Factors in Cybersecurity Leadership,” J. Cybersecurity Priv., vol. 2, no. 3, pp. 573–586, 2022, doi: 10.3390/jcp2030029.
R. F. Ali, P. D. D. Dominic, S. E. A. Ali, M. Rehman, and A. Sohail, “Information security behavior and information security policy compliance: a systematic literature review for identifying the transformation process from noncompliance to compliance,” Appl. Sci., vol. 11, no. 8, 2021, doi: 10.3390/app11083383.
A.-T. Delso-Vicente, L. Diaz-Marcos, O. Aguado-Tevar, and M. G. de Blanes-Sebastián, “Factors influencing employee compliance with information security policies: a systematic literature review of behavioral and technological aspects in cybersecurity,” Futur. Bus. J., vol. 11, no. 1, 2025, doi: 10.1186/s43093-025-00452-7.
H. Qalby, G. Y. Hariyanto, D. T. Utomo, et al., “The Influence of Cybersecurity Protection Behavior: Employees of Big Four Account Firm Companies,” J. Impresi, pp. 1780–1798, 2025. [Online]. Available: https://jii.rivierapublishing.id/index.php/jii/article/view/6684. [Accessed: July 10, 2025].
A. Ertan, G. Crossland, C. Heath, D. Denney, and R. B. Jensen, “Everyday cyber security in organisations,” arXiv preprint arXiv:2004.11768, 2020. [Online]. Available: https://arxiv.org/abs/2004.11768. [Accessed: July 11, 2025].
A. H. ASFOOR, F. A. RAHIM, and S. YUSSOF, “Identifying factors that influence security behaviors relating to phishing attacks susceptibility: A systematic literature review,” J. Theor. Appl. Inf. Technol., vol. 98, no. 15, pp. 3127–3161, 2020.
L. Alevizos, “Automated cybersecurity compliance and threat response using AI, blockchain and smart contracts,” Int. J. Inf. Technol., vol. 17, no. 2, pp. 767–781, 2025, doi: 10.1007/s41870-024-02324-9.
T. Ramayah, “Factors Influencing the Effectiveness of Information System Governance in Higher Education Institutions (HEIs) through a Partial Least Squares Structural Equation Modeling (PLS-SEM) Approach,” IAIC Trans. Sustain. Digit. Innov., vol. 5, no. 2, pp. 100–107, 2024, doi: 10.34306/itsdi.v5i2.658.
M. A. Memon, T. Ramayah, J. H. Cheah, H. Ting, F. Chuah, and T. H. Cham, “Pls-Sem Statistical Programs: a Review,” J. Appl. Struct. Equ. Model., vol. 5, no. 1, pp. i–xiv, 2021, doi: 10.47263/JASEM.5(1)06.
S. Saeed, “Education, Online Presence and Cybersecurity Implications: A Study of Information Security Practices of Computing Students in Saudi Arabia,” Sustain., vol. 15, no. 12, 2023, doi: 10.3390/su15129426.
[12] A. Pollini et al., “Leveraging human factors in cybersecurity: an integrated methodological approach,” Cogn. Technol. Work, vol. 24, no. 2, pp. 371–390, 2022, doi: 10.1007/s10111-021-00683-y.
S. Sternad Zabukovšek et al., “Enhancing PLS-SEM-Enabled Research with ANN and IPMA,” Mathematics, vol. 10, no. 9, p. 1379, 2022, doi: https://doi.org/10.3390/math10091379.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.