International Journal of Electrical and Computer Engineering (IJECE) Vol.
No.
June 2025, pp.
ISSN: 2088-8708.
DOI: 10.
11591/ijece.
Enhancing cybersecurity awareness strategies in organization using Delphi technique Anawin Kaewsa-Ard.
Nattavee Utakrit Faculty of Information Technology and Digital Innovation.
King MongkutAos University of Technology North Bangkok.
Bangkok.
Thailand
Article Info
ABSTRACT
Article history:
Cybersecurity concerns were once primarily perceived as technical issues, prompting many organizations to prioritize investments in security However, it has become increasingly evident that cybersecurity is not solely a technical matter.
In fact, a significant number of cybersecurity breaches arise from users' lack of awareness about secure technological This research aims to develop a cybersecurity awareness strategy using the Delphi technique over three rounds, involving 15 cybersecurity The findings indicate a consensus among experts that cybersecurity awareness training is an effective strategy to enhance an organization's overall cybersecurity posture.
However, the true essence of cybersecurity lies in fostering secure technology usage practices among all users within the To address this, the researcher developed systematic training content for cybersecurity awareness, which was evaluated and refined by experts using the Delphi technique to ensure its effectiveness in promoting genuine cybersecurity awareness.
Received Jun 28, 2024 Revised Jan 2, 2025 Accepted Jan 16, 2025 Keywords:
Awareness Cybersecurity Delphi technique Strategy Training This is an open access article under the CC BY-SA license.
Corresponding Author:
Nattavee Utakrit Faculty of Information Technology and Digital Innovation.
King MongkutAos University of Technology North Bangkok 1518 Pracharat 1 Road.
Wongsawang.
Bangsue.
Bangkok 10800.
Thailand Email: nattavee.
u@itd.
INTRODUCTION
The organization has undergone significant technological advancements to align with the modern era, where technology has inevitably become an integral part of the organization.
These technological changes are not only essential for the organization itself but also play a crucial role in enhancing the quality of life for the general public .
This shift emphasizes the importance of digital literacy as an indispensable competency that will become a fundamental component of lifelong learning for individuals.
Despite the clear benefits that technology brings, it is also accompanied by numerous cyber threats that lurk in the digital world, poised to attack whenever we lack awareness .
In contemporary organizations, we observe that personnel, operational processes, and technology are integrated to drive the organization's mission.
Therefore, any cyber incident affecting these elements would undoubtedly disrupt the organization's mission .
A critical review of Taherdoost's work on cybersecurity awareness frameworks and training models concluded that the implementation of well-defined cybersecurity awareness and training programs can substantially reduce the cost and frequency of security incidents for businesses, thereby strengthening their overall security posture and cyber resilience .
Additionally.
Limna et al.
, which investigates the relationship between cybersecurity knowledge, awareness, and behavioral protection among mobile Journal homepage: http://ijece.
Int J Elec & Comp Eng
ISSN: 2088-8708
banking users in Thailand, confirmed the proposed conceptual framework.
The findings indicate that cybersecurity knowledge significantly influences cybersecurity awareness and behavior, with cybersecurity awareness serving as a crucial mediator between knowledge and behavior.
Similarly.
Popoola et al.
conducted a comparative analysis of cybersecurity awareness and training programs between Africa and the , revealing that the effectiveness of theoretical constructs in achieving cybersecurity awareness varies significantly between countries, largely due to differences in infrastructure, digital literacy, and cultural This highlights the importance of contextual analysis in developing strategies to enhance cybersecurity awareness.
Without a deep understanding of the specific cyber challenges and contexts, efforts to raise awareness may fail.
Given that the scope of our research is at the organizational level, it is essential to seek the support of cybersecurity experts who understand the broader context of organizational management and the role of information technology in organizations.
This ensures that the strategies we propose are aligned with the current organizational context and effectively enhance cybersecurity awareness.
Aphane's research further emphasizes the importance of cybersecurity awareness in combating cybercrime, using a qualitative approach to gain insights into the level of awareness among youth in Gauteng.
South Africa .
The findings reveal a lack of existing initiatives in policing cybercrime and the absence of cybersecurity awareness programs in South Africa, which lags in strategy development in this area.
This study also utilized in-depth interviews, demonstrating how expert interviews can reveal critical issues within specific contexts.
From these findings, it is evident that technology, security, and human factors are The problem addressed in this paper is the challenge of insufficient cybersecurity awareness programs in organizations .
Ae.
, which leaves individuals vulnerable to evolving cyber threats.
To resolve this issue, this paper proposes the integration of structured cybersecurity awareness programs tailored to an organizationAos environment and culture .
Ae.
The solution involves using the Delphi technique to gather expert opinions and achieve consensus on the most effective strategies for enhancing awareness.
This qualitative method helps refine and validate the approaches for improving cybersecurity behavior and response to threats .
By understanding the role of human factors such as age, gender, education, and IT experience, the proposed solution also suggests creating more targeted and personalized training programs that address specific needs within the organization .
, .
To clarify these issues, the main research questions (RQ.
of this study are as follows:
RQ1: Can the Delphi technique help identify the issues that affect cybersecurity awareness within an RQ2: Can the Delphi technique guide the development of cybersecurity awareness strategies? PROPOSED METHOD Cyber security awareness building NIST special publication 800-16 distinguishes awareness from training and highlights its ability to modify behavior patterns or reinforce good security practices.
The principal objective of awareness presentations is to draw attention to security-related topics, empowering people to recognize and resolve IT security vulnerabilities.
On the other hand, training takes a more structured approach and seeks to develop knowledge and skills that will improve job performance .
The terms awareness is important for cyber Due to the increased usage of internet networks, the utilization of online services has rapidly expanded, resulting in an endless occurrence of cyberattacks and data breaches.
Moreover, the nature of cyber-attacks and threats affecting online service users has evolved significantly, becoming increasingly sophisticated, paralleling the advancements in information and communication technology .
, .
As previously mentioned, promoting organizational awareness among users or all personnel within an organization regarding cyber security and learning how to appropriately handle cyber threats or attacks is Therefore, cyber security awareness is a key factor in organizational training to prepare for unforeseen incidents in the future .
When planning to enhance awareness within the organization, it is essential to analyze training needs and design programs suited to the organizationAos environment or culture, as the context of technology use varies across different business sectors .
, .
Regarding cyber security awareness, numerous factors influence this awareness, especially human factors.
These factors include age, gender, education, and information technology experience .
, .
After reviewing previous research studies on the key success factors of cyber security awareness, we found many interesting studies that provide useful information and concepts applicable to this research, as shown in Table 1.
This research proposes the development of tailored training programs that consider human factors in cybersecurity awareness, promote behavioral change, utilize the Delphi technique for expert insights, and create practical cybersecurity tools to enhance organizational preparedness.
Enhancing cybersecurity awareness strategies in organization using A (Anawin Kaewsa-ar.
A ISSN: 2088-8708 Table 1.
Summary of previous research works Author Chen et al.
Research themes Building security Delivery methods Structural equation modeling (SEM) Kim et al.
Understanding of the user behavior in cyber security Security education A trend analysis an interview online survey study Alzahrani .
Cybersecurity awareness in Quantitative Grassegger and Nedbal Factors affecting ISA of employees SEM Daengsi et al.
Security awareness Phishing scenariobased learning quantitative analysis Yeom et al.
Training through scenario-based Main finding Security education, training and awareness (SETA) program and security monitoring are importance in building security culture.
This study presents an analysis of user characteristics concerning, .
cyber security awareness issues, i.
digital device usage, and .
approaches to addressing privacy concerns in product usage.
Engaging in situation awareness training within real organizational settings leads trainees to become more familiar with system operations and perform more effectively compared to the traditional approach of building new systems and learning to use them for each Institutions ought to incorporate education on anticybercrime legislation and pertinent information security awareness (ISA) issues identified within this study into their curriculum.
It is important for organizations to understand that technical measures alone are not enough to ensure information security.
The promotion of ISA should be central to the development of information security protection measures.
The concept of a cyber-attack simulation and knowledge transfer is highly recommended for use in other organizations, and in other countries as well, to enhance the cyber security awareness level of employees in order to prevent damage from cyber-attacks.
Delphi technique The use of consensus-building strategies has increased as a result of the Delphi technique's ability to draw conclusions in the face of contradicting or insufficient data.
Thus, the Delphi is a multistage, iterative procedure that combines opinion with group consensus .
The method of data analysis and results reporting are directly related to the type of questions used in the Delphi instrument.
The Delphi method can be seen at its best as an expert method.
Experts are often regarded as leaders in envisioning the future due to their extensive understanding across various fields such as technology, sociology, medicine, and politics, or their ability to creatively anticipate developments in these areas .
In the recruitment process for Delphi studies, the assembly of an expert panel and its composition is crucial, but it also poses methodological concerns that could potentially compromise the quality of the outcomes .
, .
Presently there is no agreement in the literature concerning expert panel size .
Varndell et al.
suggests that when a Delphi panel is homogenous 10 to 15 people are adequate.
Grime and Wright .
highlight the following principles for utilizing expert opinion in applications of the Delphi method.
Use experts with appropriate domain knowledge between 5 and 20 experts.
For Delphi feedback, provide the mean or median estimate of the panel plus the rationales from all panellists for their estimates.
Continue Delphi polling until the responses show stability.
Generally, three structured rounds are enough.
Obtain the Anal forecast by weighing all the expertsAo estimates equally and aggregating them.
Beiderbeck et al.
delineated the procedural steps involved in executing the Delphi technique a methodological framework employed in scholarly endeavors to orchestrate and regulate structured group communication processes.
Its primary objective is to elicit insights pertaining to existing or anticipated challenges, particularly in contexts characterized by limited data availability.
Delphi studies commonly utilize rank-order questions, rating scales, or open-ended questions, with a predominant focus on gauging consensus levels among experts.
Analogous to conventional research methodologies, empirical evidence suggests that engaging approximately 15 initial experts typically yields optimal results.
After each round, panelists have the possibility to review the aggregate results and to reconsider their assessment based on the added quantitative and qualitative information .
Ae.
The literature review uncovers research findings pertaining to cybersecurity obtained through the application of the Delphi method, as outlined in Table 2.
A key methodological approach in this research is the Delphi technique, which gathers insights from cybersecurity experts over multiple rounds of surveys or interviews.
This method helps refine the proposed strategies for improving cybersecurity awareness by achieving consensus among professionals.
The result is a set of validated recommendations that are both practical and grounded in expert knowledge.
Int J Elec & Comp Eng.
Vol.
No.
June 2025: 2986-2997
Int J Elec & Comp Eng
ISSN: 2088-8708
Table 2.
Summary of Delphi method in cyber security research area and related Author Chowdhury et al.
Participants Rounds Outcome Cyber security training Parekh et al.
Core concepts of cyber security education Haynes and Robinson Online risk to Nugraha et al.
Worrell et al.
IT Auditor
N=17
Business Manager N =15 IT Manager N = 12 Requirement for state cyber of defense against foreign intelligence IT risk factors Main finding The Delphi methodology was employed for the refinement and validation of researcher judgments throughout the iterative development process of the specialized issues training framework model.
Providing a foundation for developing evidence-based, cyber security educational assessment tools that will identify and measure effective methods for teaching.
The following topics were identified as priorities for further investigation: .
Personalization versus privacy, i.
Responsibility for privacy on social networks, .
Measuring privacy risk and perceptions of power-lessness and i.
The resulting apathy.
The people element is a current weakness in Indonesia.
Creating a security mindset and a culture of cyber security awareness within the organizations are the biggest challenges.
IT risk factors identiAed across all three expert panels, only three issues were common across all panels: .
lack of organizational alignment between business and IT, i.
interdependencies between systems, and technical complexity, and .
The IT auditors panel consistently ranked issues related to IT RESEARCH METHOD The Delphi technique is a structured approach used to guide expert discussions, aiming to generate insights on complex topics with limited available information.
This method has gained prominence and is increasingly published across various academic fields.
In this research, the Delphi technique was implemented in the context of cyber security to explore and formulate strategies for improving cyber awareness .
The research methodology is divided into 3 phases to facilitate the presentation of the overall research process.
Specifically.
Phase 3 will be explained in the results and discussion section.
The details for Phases 1 and 2 are provided in Figure 1.
Figure 1.
The research method Delphi study conceptualization Systematic preparation and planning are crucial tasks in the Delphi process, as they significantly impact its accuracy and validity .
, .
Therefore, it is essential to clearly define the scope of the Delphi This clarity helps researchers determine the desired outcomes of the Delphi process.
The scope, as defined by the researcher, is detailed in Table 3.
Enhancing cybersecurity awareness strategies in organization using A (Anawin Kaewsa-ar.
A ISSN: 2088-8708 Table 3.
Delphi study overview Delphi study goals Identify issues affecting cyber security awareness in organizations.
Assist in developing guidelines for cyber security awareness.
Delphi format Scope: cyber security awareness and human behavior in organizations.
Theory/framework: NIST framework or related cyber security principles.
Delphi structure: systematic multiple sequential Data collection: using open-ended questions and questionnaires for collecting opinions and feedback.
Delphi statement The statement in this study is based on following:
Human factors that affect security behavior.
Challenges in implementing effective security awareness Desk research In addition to conducting a systematic literature review, the researcher has studied current trends in cyber security issues at both organizational and individual user levels.
This includes examining emerging technologies to ensure that the scope leading to the design of the questionnaire is up to date.
This approach aims to secure responses that are genuinely beneficial to the research.
Expert participation and invitation The experts invited to participate in this Delphi process are 15 professionals working in the field of cybersecurity, both at the operational and executive levels.
The selection criteria include educational background, roles and responsibilities, possession of cybersecurity certifications, and work experience .
The specific selection criteria are outlined in Table 4.
Table 4.
ParticipantAos information criteria Education background MasterAos degree in computer engineering, computer science, information technology, or related fields.
Professional experiences Management level: 15 years Operations level: 5 years Certification Possessing an ANSI accredited cyber security certification, which guarantees adherence to ISO 17024.
Expert interview During the first round of the Delphi, we scheduled all interviews for 60 minutes.
The initial 15 minutes were dedicated to providing participants with an overview of the research background and explaining the key characteristics of a Delphi survey to ensure they understood the methodology.
Following this, we allocated 30 minutes to an in-depth discussion on the primary challenges of developing a security awareness strategy, allowing participants to share their insights and experiences.
Finally, we reserved the last 15 minutes of the interview to summarize the key points discussed, ensuring clarity and alignment on the main takeaways from the session.
Data analysis and interpretation After interviewing all 15 experts through the first round of the Delphi process, the next step involves analyzing and interpreting the collected data to identify relationships and consistencies among the experts.
This analysis will be conducted using qualitative data analysis tools.
QDA Miner is a qualitative data analysis software that integrates advanced statistical and visualization tools, enabling rapid identification and exploration of patterns and trends in the scenarios.
Develop strategy and survey conduction The development of strategies to enhance cybersecurity awareness within organizations will be undertaken after the analysis and interpretation of the data are completed.
The researcher will develop these strategies based on the input from cybersecurity experts.
Upon completion of strategy development, in the survey conduct process, the researcher will distribute questionnaires using a 5-point Likert scale to the 15 experts to achieve consensus .
Descriptive statistics, including arithmetic mean, interquartile ranges (IQR) and mode frequency (MOD), will be used to determine consensus.
This will be carried out through the second and third rounds of the Delphi process.
Von der Gracht's review of Delphi methodologies highlights that consensus measures such as mean and standard deviation, typically used for continuous scales or ratios, are not suitable for Likert-type scale surveys.
Instead, mode and interquartile ranges (IQR.
are more relevant, with an IQR of 1 or less indicating consensus .
, .
An advantage of this approach is that outliers do not unduly affect the average score or the dispersion of scores.
Int J Elec & Comp Eng.
Vol.
No.
June 2025: 2986-2997
Int J Elec & Comp Eng
ISSN: 2088-8708
Weighted Kappa was used to measure the stability of responses between the 2 nd and 3rd round of Delphi.
Weighted Kappa can be used to test the stability of ordinal responses in Delphi surveys by measuring within-participant agreement between rounds.
This measure is more suitable than the unweighted Kappa test, which does not consider the size of disagreements between two scores.
Kappa values between 0.
indicate almost perfect agreement, 0.
80 indicate substantial agreement, 0.
60 indicate moderate agreement, and 0.
40 indicate fair agreement .
RESULTS AND DISCUSSION
1st round of Delphi method The researcher analyzed interview data from 15 cybersecurity experts using the QDA Miner 3.
software in the first round of the Delphi process.
This approach ensured a systematic examination of qualitative data, enabling the identification of key themes.
The analysis revealed four key issues that influence the promotion of cybersecurity awareness in organizations, as detailed in sub-sections 4.
1 to 4.
The evolving landscape of cyber-attacks targeting individual The analysis revealed that the most significant cyberattacks affecting end-users, as agreed upon by 14 out of 15 experts, are related to social media attacks and information gathering.
This category includes phishing, romance scams.
SMS phishing, vishing, and whaling.
Additionally, 13 out of 15 experts expressed concern over malware, specifically ransomware and mobile malware targeting personal data and devices.
Furthermore, 7 out of 15 experts noted the ongoing issue of pirated software use, which leads to other problems such as ransomware infections or unauthorized remote access to computers.
An analysis of security risks faced by modern organizations 14 out of the 15 experts concurred that a significant risk arises from not promoting cybersecurity awareness or training.
They believe this neglect stems from a perception that such initiatives are time consuming and costly.
This risk is often overlooked by executives, who view cybersecurity incidents as rare and place undue reliance on the organization's security technology.
Additionally, 8 experts pointed out that most executives prefer to invest in IT services to enhance customer service rather than in security measures, as they do not see a tangible return on investment from the latter.
Beyond traditional threat: Emerging challenges to organizational cyber security This issue is particularly noteworthy because 10 out of 15 experts agreed that the most frightening cybersecurity threat is actually the insider threat.
In this context, insider threat refers to users who lack cybersecurity awareness and use technology carelessly, believing they are not likely targets for hackers.
Additionally, 8 out of 15 experts highlighted the concern of supply chain attacks.
These attacks target a company's procurement processes or internal operations.
Attackers exploit weaknesses in these systems to undermine internal security, potentially inserting malicious software during the procurement process or altering confidential information.
Such attacks can result in financial losses, impact brand networks or partners, and erode trust.
Optimizing security awareness initiatives: A guide to implementing problem-solving techniques in organizations The experts proposed solutions to enhance cybersecurity awareness, emphasizing several key actions to prioritize for improving organizational cybersecurity awareness:
Cultivating cybersecurity awareness behaviour: establishing a culture where cybersecurity awareness becomes a habitual practice for all employees.
Mandatory training sessions: conducting cybersecurity awareness training at least once a year or whenever a cyber incident with potential organizational impact occurs.
Awareness testing: implementing awareness tests or evaluations after each training session to ensure that the training effectively increases awareness among employees.
Adopting cybersecurity frameworks: integrating a cybersecurity framework tailored to the organization's specific context.
All experts unanimously agreed that these measures should be immediately implemented by senior management to effectively enhance cybersecurity awareness within the organization.
Cyber security awareness strategy All 15 experts unanimously agreed that enhancing cybersecurity awareness is crucial for fostering a secure culture within organizations.
This secure culture leads to security-conscious behavior among all employees, not just end-users.
Furthermore, the experts suggested that cybersecurity awareness training is Enhancing cybersecurity awareness strategies in organization using A (Anawin Kaewsa-ar.
A ISSN: 2088-8708 essential for bolstering the overall cybersecurity posture of an organization.
They emphasized that cyber security should not focus solely on technology.
the key lies in ensuring that everyone in the organization who uses technology adopts secure behavior.
This holistic approach to cybersecurity integrates technological measures with the human element, ensuring that all employees understand and practice secure technology use.
Building cybersecurity awareness might seem straightforward, but it is important to remember that each organization faces unique cyber threats due to differences in their information technology contexts.
Therefore, fostering cybersecurity awareness behavior should focus on the risk scenarios that the organization has previously encountered.
This approach leads to genuine solutions for the organization's cybersecurity challenges.
The development strategy for raising cyber awareness is detailed in Figure 2.
Figure 2.
Cybersecurity awareness strategies development Based on a review of related literature and desk research, which included studying cybersecurity risk management and industry trends, the training content scope was developed as follows:
Importance of cybersecurity in organizations: understanding the significance of cybersecurity based on the context of the organization's information technology and business operations.
Cyber threats: identifying and understanding various cyber threats.
Emerging cybersecurity trends: keeping up-to-date with the latest trends in cybersecurity.
Social engineering: recognizing and mitigating social engineering attacks.
Cybersecurity frameworks: implementing cybersecurity frameworks relevant to the organization.
Information security principles: fundamental principles of information security.
Information security policies and practices: establishing and adhering to robust information security policies and practices.
Hands-on security awareness testing: practical exercises such as phishing simulations to test and reinforce Security tips: practical advice, such as using VirusTotal for checking files and links, and employing password managers for secure password practices.
Expert consensus building in the 2nd and 3rd rounds of Delphi In the second round of the Delphi process, consensus among the 15 experts remained largely The experts recommended updating the training content to ensure it is current, easily understandable for non-technical users, and avoids delving too deeply into technical details.
After revising the training content to be more comprehensive and user-friendly, all experts reached a consensus.
The details are outlined in Table 5.
Int J Elec & Comp Eng.
Vol.
No.
June 2025: 2986-2997
Int J Elec & Comp Eng
ISSN: 2088-8708
While previous studies have focused on the development of cyber security awareness programs, none have utilized the Delphi method to systematically gather expert opinions in the development process.
This study is innovative as it applies Delphi methodology to create a tailored awareness program that not only considers a wide range of expert insights but also ensures the program's relevance and effectiveness through multiple rounds of expert feedback.
Unlike prior works, which primarily rely on generalized surveys or existing frameworks, this approach allows for more precise and context-specific outcomes, addressing critical gaps in the current literature.
Table 5.
Results of consensus analysis of Delphi statement No.
Delphi statement Instructional materials that are applicable to both everyday life and organizational The training materials for instructional use are current and easily The IT Security department can utilize this set of training materials to conduct training sessions aimed at enhancing organizational awareness.
Training materials that promote the development of learners' skills in secure and safe digital usage.
Training materials aligns with international standards such as the NIST framework and ISO 27001:2022.
Training materials enhance learnersAo This training manual assists personnel in understanding cyber security threats in various forms, as well as strategies for managing the diverse range of cyber threats prevalent today.
The presentation of various scenario based cyber situations in the manual contributes to personnel developing security awareness behaviors.
The training content helps staff understand how to configure privacy settings to prevent accidental exposure of personal information or data leaks to Training aids personnel in fostering awareness to create complex passwords, thereby enhancing the security of their accounts The malware detection tools and URLs included in the training manual are presented clearly and simply, making them easy for end-users to understand.
Learners can readily adhere to the cyber threat mitigation guidelines outlined in this manual.
Delphi round 2
MEAN
MOD
IQR
(R.
(R.
(R.
Delphi round 3
MEAN
MOD
IQR
(R.
(R.
(R.
Weighted Kappa Discussion In the first round of the Delphi method, interviews with 15 experts revealed a consensus that sustainable cybersecurity within an organization must begin with users being aware of their role in maintaining the organization's security.
This finding aligns with the broader research of Chen et al.
Kim et al.
Grassegger and Nedbal .
, and Daengsri et al.
However, during the second and third rounds of the Delphi process.
Kappa statistics analysis, as detailed in Table 5, highlighted some observations.
Specifically.
Delphi statements No.
4 and No.
7, which addressed the enhancement of skills and knowledge, exhibited high weighted Kappa values of 0.
90 and 0.
87, respectively, indicating almost perfect agreement among the experts.
Conversely.
Delphi statement No.
10, concerning individual-level security awareness, had a lower weighted Kappa value of 0.
52, indicating moderate agreement.
This discrepancy suggests that while experts agree that training content effectively enhances users' knowledge, it may not directly influence their cybersecurity behavior.
Enhancing cybersecurity awareness strategies in organization using A (Anawin Kaewsa-ar.
A ISSN: 2088-8708 The research questions were thus addressed, confirming that the Delphi method can effectively identify key factors influencing the success of cybersecurity awareness initiatives within organizations and aid in formulating appropriate strategies.
This finding is consistent with the research of Haynes and Robinson .
who also employed the Delphi method, although their focus was on issues related to personal information disclosure rather than cybersecurity awareness.
Nonetheless, the issue of user cybersecurity awareness remains within the scope of their research.
It can therefore be concluded that the Delphi technique is effective in enhancing cybersecurity awareness and in identifying the organizational level challenges and The findings from the first round of the Delphi process provide crucial insights, and the subsequent rounds, supported by Kappa statistics, validate the proposed strategies through expert consensus.
However, the strategies emerging from this study predominantly focus on education and awareness through training, which may be influenced by the fact that the participating experts were solely from the cybersecurity domain.
Future research should include experts from other organizational fields, as this may reveal more effective strategies for enhancing cybersecurity awareness beyond those identified in the current study.
CONCLUSION
The Delphi method has demonstrated that a lack of cyber awareness among organizational personnel critically undermines overall cybersecurity efforts.
This method effectively identifies and highlights specific issues that hinder awareness, enabling the development of targeted, systematic strategies for improvement.
Consequently, it is crucial for organizations to shift their approach to cybersecurity from being solely the responsibility of the technical department to being a shared concern across all levels of the organization.
Promoting cybersecurity as a collective responsibility is essential for fostering a culture of security and achieving long-term, sustainable protection against cyber threats.
However, this study is limited because it only includes perspectives from cybersecurity To better understand how cyber awareness affects organizational security, future research should actively involve experts from other departments.
Gaining these diverse insights will offer a more complete view of the organizational dynamics and help develop more effective strategies to enhance cybersecurity awareness throughout the organization.
ACKNOWLEDGMENTS
The author would like to thank the experts who participated in the Delphi process, as well as those involved in providing valuable information for this research.
FUNDING INFORMATION
There is no financial support for this research.
AUTHOR CONTRIBUTIONS STATEMENT
This journal uses the Contributor Roles Taxonomy (CRediT) to recognize individual author contributions, reduce authorship disputes, and facilitate collaboration.
Name of Author Anawin Kaewsa-ard Nattavee Utakrit C : Conceptualization M : Methodology So : Software Va : Validation Fo : Formal analysis ue ue ue ue ue ue ue ue ue ue ue I : Investigation R : Resources D : Data Curation O : Writing - Original Draft E : Writing - Review & Editing CONFLICT OF INTEREST STATEMENT The authors would like to inform that there is no conflict of interest.
Int J Elec & Comp Eng.
Vol.
No.
June 2025: 2986-2997
Vi : Visualization Su : Supervision P : Project administration Fu : Funding acquisition Int J Elec & Comp Eng
ISSN: 2088-8708
INFORMED CONSENT
The authors obtained comprehensive informed consent documentation, including written permission from all participants, prior to their inclusion in the study.
In terms of the tools used for data collection, they have been reviewed and approved for human research ethics by the Human Research Ethics Committee under the collaboration Naresuan University Network Research Ethics (NU-NREC).
Thailand.
ETHICAL APPROVAL
This research did not involve any practices related to animals and vulnerable groups.
However, the authors have considered and complied with all relevant national regulations and institutional policies regarding the care and use of human rights.
DATA AVAILABILITY
The data that supports the findings of this study are available from the corresponding author.
NU, upon reasonable request.
REFERENCES