Dipartimento di Ingegneria informatica, automatica e gestionale

The increasing connectivity and digitization of organizations have made cybersecurity a top priority. Organizations have become highly dependent on integrated systems and data, exposing them to cyber threats that can lead to economic and reputational losses. The COVID-19 pandemic has further highlighted vulnerabilities in cybersecurity systems across sectors. In particular, there has been a recent focus on the role humans play in this scenario by turning out to be both a possible source of vulnerability and a mitigating factor. To manage this, organizations must focus on establishing a culture of cyber security awareness by promoting policies, standards, and users’ behaviors from an organizational learning perspective. Employees’ education is one of the components needed to create such a culture, hence training programs on cybersecurity have a crucial role. However, the effectiveness and sustainability of training programs depend on including a variety of stakeholder groups to identify and mitigate cost and efficacy concerns, adopt accessible training techniques, employ trainers with relevant expertise, and address psychological obstacles like trainee guilt and shame. A balanced human-machine approach is needed to maximize the benefits of connectivity while minimizing cyber risks. Overall, cybersecurity training requires an ongoing, collaborative, and flexible process tailored to each organization's context. Today, there is no consensus on the most effective and appropriate cybersecurity training methods. This research investigates available cybersecurity awareness types of training and provides guidelines for developing good organizational training programs in increasingly digital environments.