Home > Journals > AIS Journals > MISQE > Vol. 23 (2024) > Iss. 4
Abstract
Mistraining and overtraining can cause cybersecurity training programs to fail. We explore the pitfalls of four common types of cybersecurity training—compliance awareness, threat simulation, specialized instruction and incident response planning. Based on insights from large accounting firms, we identify four unintended consequences—threat anxiety, security fatigue, risk passivity and cyber hesitancy—that result in adverse individual effects and organizational impacts. We recommend that organizations design a comprehensive cybersecurity readiness program using our LEAN model, which comprises four strategies: Localize, Empower, Activate and Normalize.
Recommended Citation
Abhari, Kaveh; Safaei Pour, Morteza; and Shirazi, Hossein
(2024)
"How to Design a Better Cybersecurity Readiness Program,"
MIS Quarterly Executive: Vol. 23:
Iss.
4, Article 8.
Available at:
https://aisel.aisnet.org/misqe/vol23/iss4/8