The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence

Eunkyung Kweon, Hansol Lee, Sangmi Chai, Kyeongwon Yoo

Research output: Contribution to journalArticlepeer-review

34 Scopus citations


As recent cyber-attacks have been increasing exponentially, the importance of security training for employees also has become growing ever than before. In addition, it is suggested that security training and education be an effective method for discerning cyber-attacks within academia and industries. Despite the importance and the necessity of the training, prior study did not investigate the quantitative utility of security training in an organizational level. Due to the absence of referential studies, many firms are having troubles in making decisions with respect to arranging optimal security training programs with limited security budgets. The main objective of this study is to find out a relationship between cybersecurity training and the number of incidents of organizations. Thus, this study quantified the effectiveness of security training on security incidents as the first study. This research examined the relationship among three main factors; education time, education participants, and outsourcing with numbers of cybersecurity incidents. 7089 firm level data is analyzed through Poisson regression method. Based on analysis results, we found that the negative relationship between security trainings and the occurrence of cybersecurity incidents. This study sheds light on the role of security training and education by suggesting its positive association with reducing the number of incidents in organizations from the quantitative perspective. The result of this study can be used as a referential guide for information security training decision-making procedure in organizations.

Original languageEnglish
Pages (from-to)361-373
Number of pages13
JournalInformation Systems Frontiers
Issue number2
StatePublished - Apr 2021

Bibliographical note

Publisher Copyright:
© 2019, Springer Science+Business Media, LLC, part of Springer Nature.


  • Information security incidents
  • Information security management
  • Information security training
  • Poisson regression analysis


Dive into the research topics of 'The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence'. Together they form a unique fingerprint.

Cite this