Measuring Multi‑Channel IT Security Awareness Effectiveness in Strengthening Cybersecurity Culture at Bank XYZ
Keywords:
IT Security Awareness, Cybersecurity, Employee Engagement, Security RiskAbstract
Information security awareness is a critical determinant in mitigating human-related cybersecurity risks within the banking sector. This study evaluates the implementation and effectiveness of the IT Security Awareness program conducted by Bank XYZ throughout 2025. The program adopted a multi-channel delivery model encompassing newsletters, flyers, desktop wallpapers, monthly quizzes, e-learning modules, and webinars. A descriptive quantitative and qualitative approach was employed using participation statistics, learning outcomes, and employee engagement trends obtained from internal organizational systems. The findings reveal that interactive awareness media substantially outperform passive content in terms of employee engagement. The e-learning module reached 14,810 employees (88.86% of the total workforce) with a completion rate of 99.68%. Monthly quizzes achieved an average participation of 3,520 employees, with a peak of 5,123 participants in November 2025. In contrast, webinar participation remained comparatively low at 413 employees. These results indicate that continuous, interactive, and context-driven awareness initiatives significantly enhance employee cybersecurity awareness. This study contributes empirical evidence for the design of sustainable, data-driven IT security awareness programs in large banking institutions.
Downloads
References
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose.2020.102003
Bada, M., Sasse, A. M., & Nurse, J. R. C. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour? International Conference on Cyber Security for Sustainable Society. https://doi.org/10.48550/arXiv.1901.02672
Bank XYZ. (2026). Laporan Pelaksanaan IT Security Awareness Tahun 2025. Dokumen internal.
Chaudhary, S., Gkioulos, V., & Katsikas, S. (2022). Developing metrics to assess the effectiveness of cybersecurity awareness program. Journal of Cybersecurity, 8(1). https://doi.org/10.1093/cybsec/tyac006
Colwill, K. (2009). Human factors in information security: The insider threat – Who can you trust these days? Information Security Technical Report, 14(4), 186–196.
Da Veiga, A. (2019). Achieving a security culture. In Cybersecurity Education for Awareness and Compliance. IGI Global. https://doi.org/10.4018/978-1-5225-7847-5.CH005
ENISA. (2019). Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity. European Union Agency for Cybersecurity.
Furnell, S., & Clarke, N. (2007). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 26(6), 404–409.
Hadlington, L. (2017). Human factors in cybersecurity: Examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cyber behaviours. Heliyon, 3(7), e00346. https://doi.org/10.1016/j.heliyon.2017.e00346
Haney, J., & Lutters, W. (2020). Security awareness training for the workforce: Moving beyond “check-the-box” compliance. IEEE Computer Magazine, 53(10). https://doi.org/10.1109/MC.2020.3001959
Hinsz, V. B. (2025). Motivating cybersecurity behaviors: A beyond reasoned action conceptualization. Organizational Cybersecurity Journal: Practice, Process & People, 5(1), 60–78. https://doi.org/10.1108/OCJ-08-2023-0015
ISO. (2022). ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection — Information Security Management Systems — Requirements. International Organization for Standardization.
Kambourakis, N. F., Gritzalis, S., & Parkin, C. (2019). Evaluating information security awareness programs: A critical review. Information & Computer Security, 27(2), 237–258.
National Institute of Standards and Technology. (2003). NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Program. NIST.
Orehek, Š., & Petrič, G. (2021). A systematic review of scales for measuring information security culture. Information and Computer Security, 29(1), 133–158. https://doi.org/10.1108/ICS-12-2019-0140
Parsons, S., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers & Security, 42, 165–176. https://doi.org/10.1016/j.cose.2013.12.003
Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267–270.
Sumner, A., Yuan, X., Anwar, M., & McBride, M. (2022). Examining factors impacting the effectiveness of anti-phishing trainings. Journal of Computer Information Systems, 62(5), 975–997. https://doi.org/10.1080/08874417.2021.1955638
Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2018). Analyzing information security awareness through social dimensions. Information Systems Management, 35(3), 263–280.
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3–4), 190–198. https://doi.org/10.1016/j.im.2012.04.002
Verizon. (2024). Data Breach Investigations Report. Verizon Enterprise.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Naufalarizqa Ramadha Meisa Putra (Author)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
