{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T08:09:51Z","timestamp":1782979791080,"version":"3.54.5"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2021,3,15]],"date-time":"2021-03-15T00:00:00Z","timestamp":1615766400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,3,15]],"date-time":"2021-03-15T00:00:00Z","timestamp":1615766400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Pers Ubiquit Comput"],"published-print":{"date-parts":[[2021,10]]},"DOI":"10.1007\/s00779-021-01551-2","type":"journal-article","created":{"date-parts":[[2021,3,15]],"date-time":"2021-03-15T20:12:32Z","timestamp":1615839152000},"page":"829-841","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":27,"title":["From awareness to influence: toward a model for improving employees\u2019 security behaviour"],"prefix":"10.1007","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2895-3482","authenticated-orcid":false,"given":"Moneer","family":"Alshaikh","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Blair","family":"Adamson","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,3,15]]},"reference":[{"key":"1551_CR1","unstructured":"Office of the Australian Information Commissioner (2019) Notifiable data breaches quarterly statistics report. Retrieved from https:\/\/www.oaic.gov.au\/privacy\/notifiable-data-breaches\/notifiable-data-breaches-statistics\/. Accessed 03 Sep 2020"},{"key":"1551_CR2","unstructured":"Borys S (2019) Inside a massive cyber hack that risks compromising leaders across the globe. Australian Broadcasting Corporation News. Retrieved from https:\/\/www.abc.net.au\/news\/2019-10-02\/anu-cyber-hack-how-personal-information-got-out\/11550578?nw=0. Accessed 03 Sep 2020"},{"key":"1551_CR3","doi-asserted-by":"crossref","unstructured":"Carpenter P (2019) Transformational security awareness: What neuroscientists, storytellers, and marketers can teach us about driving secure behaviors: John Wiley & Sons","DOI":"10.1002\/9781119566380"},{"key":"1551_CR4","unstructured":"Beyer M, Ahmed S, Doerlemann K, Arnell S, Parkin S, Sasse M, Passingham N (2015) Awareness is only the first step: A framework for progressive engagement of staff in cyber security, Hewlett Packard, Busine. Retrieved from https:\/\/www.riscs.org.uk\/wp-content\/uploads\/2015\/12\/Awareness-is-Only-the-First-Step.pdf. Accessed 03 Sep 2020"},{"key":"1551_CR5","unstructured":"Alshaikh M, Naseer H, Ahmad A, Maynard SB (2019) Toward sustainable behaviour change: an approach for cyber security education training and awareness. In: In Proceedings of the 27th European Conference on Information Systems (ECIS), Stockholm & Uppsala, Sweden"},{"key":"1551_CR6","unstructured":"Bada M, Sasse AM, Nurse JR (2019) Cyber security awareness campaigns: why do they fail to change behaviour? arXiv preprint arXiv:190102672"},{"key":"1551_CR7","unstructured":"SANS (2019) The rising era of awareness training. Retrieved from https:\/\/www.knowbe4.com\/hubfs\/SANS-Security-Awareness-Report-2019.pdf. Accessed 03 Sep 2020"},{"key":"1551_CR8","unstructured":"NTT Security (2019) Global threat intelligence report. Retrieved from https:\/\/www.nttsecurity.com\/docs\/librariesprovider3\/resources\/2019-gtir\/2019_gtir_report_2019_uea_v2.pdf. Accessed 03 Sep 2020"},{"key":"1551_CR9","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1016\/j.puhe.2016.03.030","volume":"136","author":"MP Kelly","year":"2016","unstructured":"Kelly MP, Barker M (2016) Why is changing health-related behaviour so difficult? Public Health 136:109\u2013116","journal-title":"Public Health"},{"issue":"2","key":"1551_CR10","doi-asserted-by":"publisher","first-page":"525","DOI":"10.25300\/MISQ\/2019\/15117","volume":"43","author":"WA Cram","year":"2019","unstructured":"Cram WA, D\u2019Arcy J, Proudfoot JG (2019) Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Q 43(2):525\u2013554. https:\/\/doi.org\/10.25300\/MISQ\/2019\/15117","journal-title":"MIS Q"},{"key":"1551_CR11","unstructured":"Fertig T, Sch\u00fctz AE, Weber K (2020) Current issues of metrics for information security awareness. In: In Proceedings of the 28th European Conference on Information Systems (ECIS), An Online AIS Conference"},{"key":"1551_CR12","doi-asserted-by":"crossref","unstructured":"Alshaikh M, Maynard SB, Ahmad A, Chang S (2018) An exploratory study of current information security training and awareness practices in organizations. Paper presented at the Proceedingsofthe51st Hawaii International Conference on System Sciences, Hawaii, US","DOI":"10.24251\/HICSS.2018.635"},{"key":"1551_CR13","unstructured":"Information Security Forum (ISF). (2014). From Promoting Awareness to Embedding Behaviours. Retrieved from https:\/\/www.securityforum.org\/uploads\/2015\/03\/From-Promoting-Awareness-ES-2014_Marketing.pdf. Accessed 03 Sep 2020"},{"key":"1551_CR14","doi-asserted-by":"crossref","unstructured":"Park M, Chai S (2018) Internalization of information security policy and information security practice: a comparison with compliance. In: Proceedings of the 51st Hawaii International Conference on System Sciences","DOI":"10.24251\/HICSS.2018.595"},{"key":"1551_CR15","doi-asserted-by":"publisher","unstructured":"Alshaikh M (2020) Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security 98:102003. https:\/\/doi.org\/10.1016\/j.cose.2020.102003","DOI":"10.1016\/j.cose.2020.102003"},{"key":"1551_CR16","doi-asserted-by":"publisher","unstructured":"Alshaikh M, Maynard SB, Ahmad A (2021) Applying social marketing to evaluate current security education training and awareness programs in organisations. Computers & Security 100:102090. https:\/\/doi.org\/10.1016\/j.cose.2020.102090","DOI":"10.1016\/j.cose.2020.102090"},{"key":"1551_CR17","doi-asserted-by":"publisher","unstructured":"Alshaikh M, Maynard SB, Ahmad A (2020) Security education, training, and awareness: Incorporating a social marketing approach for behavioural change. In: Venter H, Loock M, Coetzee M, Eloff M, Eloff J, Botha R. (eds) Information and Cyber Security, ISSA. Communications in Computer and Information Science, vol 1339. Springer, Cham. https:\/\/doi.org\/10.1007\/978-3-030-66039-0_6","DOI":"10.1007\/978-3-030-66039-0_6"},{"issue":"1","key":"1551_CR18","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1177\/002200275800200106","volume":"2","author":"HC Kelman","year":"1958","unstructured":"Kelman HC (1958) Compliance, identification, and internalization: three processes of attitude change. J Confl Resolut 2(1):51\u201360","journal-title":"J Confl Resolut"},{"issue":"3","key":"1551_CR19","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"DW Straub Jr","year":"1990","unstructured":"Straub DW Jr (1990) Effective IS security: an empirical study. Inf Syst Res 1(3):255\u2013276","journal-title":"Inf Syst Res"},{"issue":"1","key":"1551_CR20","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1287\/isre.1070.0160","volume":"20","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf Syst Res 20(1):79\u201398","journal-title":"Inf Syst Res"},{"key":"1551_CR21","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"M Siponen","year":"2010","unstructured":"Siponen M, Vance A (2010) Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q 34:487\u2013502","journal-title":"MIS Q"},{"issue":"2","key":"1551_CR22","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1111\/isj.12129","volume":"28","author":"R Willison","year":"2018","unstructured":"Willison R, Warkentin M, Johnston AC (2018) Examining employee computer abuse intentions: insights from justice, deterrence and neutralization perspectives. Inf Syst J 28(2):266\u2013293. https:\/\/doi.org\/10.1111\/isj.12129","journal-title":"Inf Syst J"},{"issue":"2","key":"1551_CR23","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","volume":"28","author":"KH Guo","year":"2011","unstructured":"Guo KH, Yuan Y, Archer NP, Connelly CE (2011) Understanding nonmalicious security violations in the workplace: a composite behavior model. J Manag Inf Syst 28(2):203\u2013236. https:\/\/doi.org\/10.2753\/MIS0742-1222280208","journal-title":"J Manag Inf Syst"},{"key":"1551_CR24","doi-asserted-by":"publisher","unstructured":"Lebek B, Uffen J, Breitner MH, Neumann M, Hohler B (2013) Employees\u2019 information security awareness and behavior: a literature review. In: System Sciences (HICSS), 2013 46th Hawaii International Conference on, 7-10 Jan. 2013. pp 2978-2987. https:\/\/doi.org\/10.1109\/hicss.2013.192","DOI":"10.1109\/hicss.2013.192"},{"issue":"1","key":"1551_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.2307\/25148826","volume":"32","author":"M Rosemann","year":"2008","unstructured":"Rosemann M, Vessey I (2008) Toward improving the relevance of information systems research to practice: the role of applicability checks. MIS Q 32(1):1\u201322. https:\/\/doi.org\/10.2307\/25148826","journal-title":"MIS Q"},{"issue":"4","key":"1551_CR26","doi-asserted-by":"publisher","first-page":"757","DOI":"10.2307\/25750704","volume":"34","author":"P Puhakainen","year":"2010","unstructured":"Puhakainen P, Siponen M (2010) Improving employees\u2019 compliance through information systems security training: an action research study. MIS Q 34(4):757\u2013778","journal-title":"MIS Q"},{"issue":"8","key":"1551_CR27","first-page":"518","volume":"12","author":"M Karjalainen","year":"2011","unstructured":"Karjalainen M, Siponen M (2011) Toward a new meta-theory for designing information systems (IS) security training approaches. J Assoc Inf Syst 12(8):518\u2013555","journal-title":"J Assoc Inf Syst"},{"issue":"3","key":"1551_CR28","doi-asserted-by":"publisher","first-page":"103195","DOI":"10.1016\/j.im.2019.103195","volume":"57","author":"Z Lu","year":"2020","unstructured":"Lu Z, Cui T, Tong Y, Wang W (2020) Examining the effects of social influence in pre-adoption phase and initial post-adoption phase in the healthcare context. Inf Manag 57(3):103195","journal-title":"Inf Manag"},{"key":"1551_CR29","unstructured":"Padgett DK (2016) Qualitative methods in social work research, vol 36. Sage publications"},{"issue":"2","key":"1551_CR30","first-page":"529","volume":"7","author":"H Gaya","year":"2016","unstructured":"Gaya H, Smith E (2016) Developing a qualitative single case study in the strategic management realm: an appropriate research design. Int J Bus Manag Econ Res 7(2):529\u2013538","journal-title":"Int J Bus Manag Econ Res"},{"key":"1551_CR31","unstructured":"Yin RK (2017) Case study research and applications: design and methods. Sage publications"},{"key":"1551_CR32","unstructured":"Beautement A, Becker I, Parkin S, Krol K, Sasse A (2016) Productive security: A scalable methodology for analysing employee security behaviours. Paper presented at the Twelfth Symposium on Usable Privacy and Security, Denver, CO"},{"issue":"3","key":"1551_CR33","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSP.2015.65","volume":"13","author":"A Sasse","year":"2015","unstructured":"Sasse A (2015) Scaring and bullying people into security won\u2019t work. IEEE Secur Privacy 13(3):80\u201383. https:\/\/doi.org\/10.1109\/MSP.2015.65","journal-title":"IEEE Secur Privacy"},{"issue":"2","key":"1551_CR34","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1057\/ejis.2009.8","volume":"18","author":"SR Boss","year":"2009","unstructured":"Boss SR, Kirsch LJ, Angermeier I, Shingler RA, Boss RW (2009) If someone is watching, I\u2019ll do what I\u2019m asked: mandatoriness, control, and information security. Eur J Inf Syst 18(2):151\u2013164","journal-title":"Eur J Inf Syst"},{"key":"1551_CR35","unstructured":"SANS (2018) Security awareness report: Building successful security awareness programs. Retrieved from https:\/\/www.sans.org\/security-awareness-training\/reports\/2018-security-awareness-report. Accessed 03 Sep 2020"},{"issue":"1","key":"1551_CR36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.giq.2017.02.007","volume":"34","author":"H de Bruijn","year":"2017","unstructured":"de Bruijn H, Janssen M (2017) Building cybersecurity awareness: the need for evidence-based framing strategies. Gov Inf Q 34(1):1\u20137. https:\/\/doi.org\/10.1016\/j.giq.2017.02.007","journal-title":"Gov Inf Q"},{"issue":"4","key":"1551_CR37","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1515\/jhsem-2014-0035","volume":"11","author":"SL Pfleeger","year":"2014","unstructured":"Pfleeger SL, Sasse MA, Furnham A (2014) From weakest link to security hero: transforming staff security behavior. J Homeland Secur Emerg Manag 11(4):489\u2013510","journal-title":"J Homeland Secur Emerg Manag"},{"key":"1551_CR38","unstructured":"ENISA (2017) Cyber security culture in organisations. Retrieved from https:\/\/www.enisa.europa.eu\/publications\/cyber-security-culture-in-organisations. Accessed 03 Sep 2020"},{"key":"1551_CR39","unstructured":"Krebs on Security (2018) Half of all phishing sites now have the padlock. Retrieved from https:\/\/krebsonsecurity.com\/2018\/11\/half-of-all-phishing-sites-now-have-the-padlock\/comment-page-1\/. Accessed 03 Sep 2020"}],"container-title":["Personal and Ubiquitous Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00779-021-01551-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00779-021-01551-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00779-021-01551-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T05:03:55Z","timestamp":1633583035000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00779-021-01551-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,15]]},"references-count":39,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2021,10]]}},"alternative-id":["1551"],"URL":"https:\/\/doi.org\/10.1007\/s00779-021-01551-2","relation":{},"ISSN":["1617-4909","1617-4917"],"issn-type":[{"value":"1617-4909","type":"print"},{"value":"1617-4917","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,15]]},"assertion":[{"value":"3 September 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 March 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 March 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}