Individual Awareness in Shaping Perceptions of Incidents and Effectiveness of Various Cybersecurity Policies with a PLS-SEM Approach
Keywords:
Cybersecurity Awareness, Incident Perception, Security Policy, PLS-SEM, NIST CSF 2.0, COBIT 5, KAMI Index, ISO/IEC 27001.Abstract
This study analyzes the role of individual awareness in shaping perceptions of cybersecurity incidents (Phenomena) and the effectiveness of cybersecurity policy implementation (Security) within organizational settings. Employing the Partial Least Squares Structural Equation Modeling (PLS-SEM) approach with data gathered from 101 questionnaire respondents, the study examines the causal relationships among latent variables. The measurement model evaluation indicates strong reliability and convergent validity; however, there is a significant issue of discriminant validity between Phenomena and Security (HTMT = 0.958), suggesting conceptual overlap. Nevertheless, the structural model demonstrates that Awareness has a strong and statistically significant influence on Phenomena (path coefficient = 0.800), and Phenomena significantly affects Security (path coefficient = 0.680). Awareness is also found to have a significant direct effect on Security (path coefficient = 0.270). The model’s predictive power is notably high, with Awareness explaining 64.1% of the variance in Phenomena, and the combination of Awareness and Phenomena explaining 82.9% of the variance in Security. These findings highlight the importance of enhancing individual cybersecurity awareness as a foundational element in building a resilient security posture—both in terms of incident perception and response, and in ensuring the effectiveness of implemented policies. This research offers practical implications for organizations to prioritize cybersecurity training and awareness programs, and to consider the close conceptual integration between Phenomena and Security.
References
K. Komane, L. Khoza, and F. Radebe, “A Conceptual Framework for Cybersecurity Awareness,” Journal of Cyber Security, vol. 7,
no. 1, pp. 79–108, 2025, doi: 10.32604/jcs.2025.059712.
S. Colabianchi, F. Costantino, F. Nonino, and G. Palombi, “Transforming threats into opportunities: The role of human factors in enhancing cybersecurity,” Journal of Innovation and Knowledge, vol. 10, 10.1016/j.jik.2025.100695.
D. Arisjulyanto and A. Hendra Kusuma, “Pelatihan Metode Systematic Literature Review (SLR) dan Meta-Analysis dalam Pengolahan Data Penelitian pada Mahasiswa Sarjana Ilmu Kesehatan Masyarakat Universitas Cenderawasih,” SEWAGATI: Jurnal Pengabdian Masyarakat Indonesia, vol. 4, no. 2, 2025, doi: 10.56910/sewagati.v4i2.2528.
M. Alsharif, S. Mishra, and M. AlShehri, “Impact of Human Vulnerabilities on Cybersecurity,” Computer Systems Science and Engineering, vol. 40, no. 3, pp. 1153–1166, Sep. 2021, doi: 10.32604/CSSE.2022.019938.
D. LISIAK-FELICKA and M. SZMIT, “INFORMATION SECURITY INCIDENT CYBERSECURITY MANAGEMENT AWARENESS IN AND LOCAL GOVERNMENT IN POLAND,” Scientific Papers of Silesian University of Technology. Organization and Management Series, vol. 2025, pp. 315333, 2025, doi: 10.29119/16413466.2025.221.17.
G. Talpe, “CYBER SECURITY AWARENESS AMONG COLLEGE STUDENTS,” www.irjmets.com @International Research Journal of Modernization in Engineering, 2117, [Online]. Available: www.irjmets.com
I. Dunđer, S. Seljan, and M. Odak, “Information Security Awareness in the University Environment: A Focus on Undergraduates,” TEM Journal, vol. 14, no. 2, pp. 1621–1628, 2025, doi: 10.18421/TEM142-59.
A. Kaewsa-Ard and N. Utakrit, “Enhancing cybersecurity awareness strategies in organization using Delphi technique,” International Journal of Electrical and Computer Engineering (IJECE), vol. 15, no. 3, p. 2986, Jun. 2025, doi: 10.11591/ijece.v15i3.pp2986-2997.
L. M. Bishop, P. M. Asquith, and P. L. Morgan, “The Employee Cybersecurity Awareness Framework 1 2 Corresponding Author.”
"The NIST Cybersecurity Framework (CSF) 2.0,” Feb. 2024. doi:10.6028/NIST.CSWP.29.
Y.T. Sepis, “ANALISA KEAMANAN SISTEM INFORMASI MENGGUNAKAN FRAMEWORK COBIT 5 DENGAN DOMAIN DSS05 DAN APO13 DI PT XYZ SECURITY ANALYSIS OF INFORMATION SYSTEM USING FRAMEWORK COBIT 5 WITH DOMAIN DSS05 AND APO13 IN PT XYZ.”
P.Indeks KAMI and V. Septiyana Kasma, “Indeks KAMI.”
M. I. Rosyidin, “Metode Indeks Keamanan Informasi (KAMI) terhadap Keamanan Informasi.” [Online]. Available: https://www.researchgate.net/publication/370098700
"EVALUASI KEAMANAN INFORMASI PERGURUAN TINGGI MENGGUNAKAN INDEKS KEAMANAN INFORMASI (KAMI) VERSI 5.0”
“Information technology-Security techniques-Information security management systems Requirements ISO/IEC 27001 INTERNATIONAL
K. Kwong and K. Wong, “Partial least squares structural equation modeling (PLS-SEM) techniques using SmartPLS,” 2015. [Online]. http://www.researchgate.net/publication/268449353
Putu Gede Subhaktiyasa, “PLS-SEM for Multivariate Analysis: A Practical Guide to Educational Research using SmartPLS,” EduLine: Journal of Education and Learning Innovation, vol. 4, no. 3, pp. 353–365, Aug. 2024, doi: 10.35877/454ri.eduline2861.
"ASSESSING PLS-SEM RESULTS PART I Evaluation of Reflective Measurement Models ILLUSTRATION-EVALUATION CASE OF STUDY REFLECTIVE MEASUREMENT MODELS Running the PLS-SEM Algorithm.” H. Setiabudhi et al., “Analisis Data.”
H. M. Ringle, M. Sarstedt, N. Sinkovics, and R. R. Sinkovics, “A perspective on using partial least squares structural equation modelling in data articles,” Data Brief, vol. 48, Jun. 2023, doi: 10.1016/j.dib.2023.109074.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.