TY - GEN
T1 - Identifying Gaps in the Evaluation of Security Education, Training and Awareness (SETA) Programs
T2 - 1st IFIP TC 9, TC 11 International Conference in Cybersecurity, IFIP-UNIVEN-CSIR ICC 2025
AU - Mudau, Phathutshedzo
AU - Mpekoa, Noluntu
AU - Gcaza, Noluxolo
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2026.
PY - 2026
Y1 - 2026
N2 - Many organisations are dedicated to enhancing their security by investing heavily in Security Education, Training, and Awareness (SETA) programmes to protect their platforms and personnel better. However, measuring the effectiveness of these initiatives remains a considerable challenge. This study presents a systematic literature review conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology to examine how SETA effectiveness is currently assessed and to identify significant gaps in existing approaches. The review reveals that many evaluations still depend on self-reported data, knowledge tests, or participation rates, which offer limited insight into whether secure behaviours are genuinely being adopted or sustained. Moreover, current assessment practices often neglect the impact of emerging threats, such as AI-driven phishing and deepfakes, and seldom consider the long-term behavioural effects of SETA programmes. Although innovative methods employing behavioural metrics, psychological engagement, and mixed-method approaches demonstrate strong potential, they remain underutilised. The findings underscore the necessity for more meaningful, behaviour-oriented, and context-aware evaluation frameworks that mirror real-world security challenges and foster more robust organisational security cultures.
AB - Many organisations are dedicated to enhancing their security by investing heavily in Security Education, Training, and Awareness (SETA) programmes to protect their platforms and personnel better. However, measuring the effectiveness of these initiatives remains a considerable challenge. This study presents a systematic literature review conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) methodology to examine how SETA effectiveness is currently assessed and to identify significant gaps in existing approaches. The review reveals that many evaluations still depend on self-reported data, knowledge tests, or participation rates, which offer limited insight into whether secure behaviours are genuinely being adopted or sustained. Moreover, current assessment practices often neglect the impact of emerging threats, such as AI-driven phishing and deepfakes, and seldom consider the long-term behavioural effects of SETA programmes. Although innovative methods employing behavioural metrics, psychological engagement, and mixed-method approaches demonstrate strong potential, they remain underutilised. The findings underscore the necessity for more meaningful, behaviour-oriented, and context-aware evaluation frameworks that mirror real-world security challenges and foster more robust organisational security cultures.
KW - SETA Effectiveness assessment
KW - Security Education
KW - Training and Awareness (SETA)
KW - behavioural change
UR - https://www.scopus.com/pages/publications/105024692250
U2 - 10.1007/978-3-032-13075-4_10
DO - 10.1007/978-3-032-13075-4_10
M3 - Conference contribution
AN - SCOPUS:105024692250
SN - 9783032130747
T3 - IFIP Advances in Information and Communication Technology
SP - 141
EP - 153
BT - Advancing Innovative Cybersecurity Solutions and Approaches to Protect Digital Ecosystems - 1st IFIP TC 9, TC 11 International Conference in Cybersecurity, IFIP-UNIVEN-CSIR ICC 2025, Proceedings
A2 - Mtsweni, Jabu
A2 - Phahlamohlaka, Jackie
A2 - Kanyane, Modimowabarwa
A2 - Munyoka, Willard
A2 - Thomson, Kerry-Lynn
A2 - Futcher, Lynn
A2 - Jansen van Vuuren, Joey
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 11 December 2025 through 12 December 2025
ER -