A study of the cyber security awareness and use of protective cyber security practices in defence settings

The UK Strategic Defence and Security Review (2015), places ‘cyber’ in the highest category tier-one risk. The threats from cyberspace is ever increasing as UK Armed Forces is becoming increasingly dependent on its’ information systems and networks for daily business processes. Hardware and software technological defences are effective tools to protect our systems and networks, nonetheless these defences are useless if humans operators allows attackers to maliciously exploit our systems through use of social engineering techniques. There is currently no measurement framework in the R SIGNALS or the Army to assess basic cyber awareness and behaviour of soldiers and officers and benchmarking user cyber awareness maturity state. In this study, the author creates an innovative measurement framework that is utilised to measure cyber security awareness and behaviour in the R SIGNALS. The framework is an extension and adaptation of the government NCSC infographics for basic cyber security protective practices which in this study is split into five themes for measuring awareness (device safety, device backup, phishing, password and malware) and one theme for behaviour. The research adopts a quantitative positivist approach with using a questionnaire to measure human cyber awareness and behaviour. Study of human psychology models in the literature indicates that factors such as awareness and subsequent attitudes have direct influences on human behaviour. Results after codification and statistical analysis confirmed that technical trades in the R SIGNALS has better awareness of device safety, malware and phishing while cyber training was directly related to user behaviour and awareness of device safety. Overall user awareness in the R SIGNALS was found to be at Integrated level out of the five levels in the Community Cyber Security Maturity Model. The measurement framework is not limited to application to R SIGNALS and has the utility for other corps and organisations within the Army. Key future research recommendations included adding an attitude scale to the framework and having the correct sample to represent population variation