EFFECT OF CYBERSECURITY AWARENESS TRAINING ON PHISHING ATTACK SUSCEPTABILITY AMONG EMPLOYEES IN BENUE STATE, NIGERIA
Main Article Content
Abstract
The study examines Effect of Cybersecurity Awareness Training on Phishing Attack Susceptibility Among Employees’ in Benue State. This study employed a quantitative cross-sectional research design to examine factors influencing employees’ susceptibility to phishing attacks in three selected banks Union Bank, Ecobank, and Zenith Bank in Makurdi, Benue State, Nigeria. The population consisted of 129 employees across various job categories, and a census sampling technique was used to include all staff. Data were collected through structured questionnaires administered via personal visits, supported by follow-up interviews. The instrument’s validity was confirmed using content and construct validation, including factor analysis with Kaiser-Meyer-Olkin (KMO = 0.856) and Bartlett’s Test of Sphericity (p = 0.029), while reliability was established with Cronbach’s alpha values ranging from 0.792 to 0.880. Logit regression analysis was used to test the relationships between phishing susceptibility and four predictors: frequency of cybersecurity awareness training (FCT), knowledge of phishing indicators (KPH), simulated phishing exercise exposure (SPE), and adherence to cybersecurity best practices (ACP). Results showed that KPH (B = -1.575, p = 0.020, Exp(B) = 4.828) and ACP (B = 1.652, p = 0.000, Exp(B) = 5.216) significantly reduced phishing susceptibility, while FCT (B = -0.051, p = 0.802) and SPE (B = -0.010, p = 0.950) were not significant. The study concludes that enhancing employees’ knowledge of phishing indicators and promoting adherence to cybersecurity best practices are the most effective strategies for reducing phishing vulnerability. Recommendations include improving the quality of training, integrating feedback into simulations, and fostering disciplined compliance with organizational cybersecurity guidelines to strengthen overall organizational resilience.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
References
[1] Abrahams, T. O., Farayola, O. A., Kaggwa, S., Uwaoma, P. U., Hassan, A. O., & Dawodu, S. O. (2024). Cybersecurity awareness and education programs: A review of employee engagement and accountability. Computer Science & IT Research Journal, 5(1), 100–119. https://doi.org/10.51594/csitrj.v5i.708
[2] Ajzen, I. (1991). The theory of planned behaviour. Organizational Behaviour and Human Decision Processes, 50(2), 179–211. https://doi.org/10.1016/0749-5978%2891%2990020-T
[3] Ansari, Meraj F. Sharma, P. K. and Dash, B. (2022). Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training. International Journal of Smart Sensor and Adhoc Network, 3(3), 6. DOI: 10.47893/IJSSAN.2022.1221
[4] Ayoola, V. B. James, U. U. Idoko, P. I., Ijiga, O. M., & Olola, T. M. (2024). Effectiveness of social engineering awareness training in mitigating spear phishing risks in financial institutions from a cybersecurity perspective. Global Journal of Engineering and Technology Advances, 20(3), 94–117.
[5] Back, S., & Guerette, R. T. (2021). Cyber place management and crime prevention: The effectiveness of cybersecurity awareness training against phishing attacks. Journal of Contemporary Criminal Justice, 37(3), 427–451. https://doi.org/10.1177/10439862211001628
[6] Daengsi, T., Wuttidittachotti, P., Pornpongtechavanich, P., & Utakrit, N. (2021). A comparative study of cybersecurity awareness on phishing among employees from different departments in an organization. In Proceedings of the 2021 2nd International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 102–106). IEEE. https://doi.org/10.1109/ICSCEE50312.2021.9498208
[7] Firdousi, A.R., Nadi, F., Daud, P., Ismail, N.A. (2026). Raising Cybersecurity Awareness Among Departmental Employees: Implementation of Trend Micro’s Phish Insight Tool. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2025, Volume 2. FTC 2025. Lecture Notes in Networks and Systems, Vol 1676. Springer, Cham. https://doi.org/10.1007/978-3-032-07989-3_18.
[8] Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407–429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x
[9] Gan, C. L., Lee, Y. Y., & Liew, T. W. (2024). Fishing for phishy messages: Predicting phishing susceptibility through cyber-routine activities theory. Humanities and Social Sciences Communications, 11, 1552.
[10] Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behaviour and the protection motivation theory. Computers & Security, 31(1), 83–95. https://doi.org/10.1016/j.cose.2011.10.007
[11] Iqbal, F., & Yusof, Z. B. (2024). Efficacy of cybersecurity awareness training in reducing phishing vulnerabilities in organizations. Journal of Advances in Cybersecurity Science, Threat Intelligence, and Countermeasures, 8(12), 10-21.
[12] Khan, M. H., & Muntaha, S. T. (2024). Evaluating the effectiveness of cybersecurity awareness programs in reducing phishing attacks. World Journal of Advanced Research and Reviews, 23(2), 1663–1673.
[13] Lain, D., Jost, T., Matetic, S., Kostiainen, K., & Capkun, S. (2024). Content, nudges and incentives: A study on the effectiveness and perception of embedded phishing training. Journal of Digital Security and Privacy, 7(3), 88–107.
[14] Maddux, J. E., & Rogers, R. W. (1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469–479. https://doi.org/10.1016/0022-1031%2883%2990023-9.
[15] Mungo, J. (2023). Self-paced cybersecurity awareness training educating retail employees to identify phishing attacks. Journal of Cyber Security Technology, 8(2), 71–119. https://doi.org/10.1080/23742917.2023.2244210.
[16] Okeke, O. C., & Amaechi, C. E. (2024). Awareness of phishing attacks in institutions of higher learning. International Journal of Research and Innovation in Applied Science, 11 (6), 8-21.
[17] Olanrewaju, O. O. (2025). An analysis of cybersecurity culture among the Nigerian academia. Kontagora International Journal of Educational Research, 2(2), 1–14.
[18] Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2018). Exploring susceptibility to phishing in the workplace. International Journal of Human-Computer Studies, 120, 1–13. https://doi.org/10.1016/j.ijhcs.2018.06.004.
[19] Pinto, L., Brito, C., Marinho, V., & Pinto, P. (2022). Assessing the relevance of cybersecurity training and policies to prevent and mitigate the impact of phishing attacks. Journal of Internet Services and Information Security, 12(4), 23–38. https://doi.org/10.58346/JISIS.2022.I4.002.
[20] Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93–114. https://doi.org/10.1080/00223980.1975.9915803
[21] Rozema, A. T., & Davis, J. C. (2025). Anti-phishing training (still) does not work: A large-scale reproduction of phishing training inefficacy grounded in the NIST phish scale. Journal of Cybersecurity Research, 12(2), 145–162.
[22] Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217–224. https://doi.org/10.1016/j.im.2013.08.006.
[23] Sirawongphatsara, P., Pornpongtechavanich, P., Phanthuna, N., & Daengsi, T. (2024). Comparative simulation of phishing attacks on a critical information infrastructure organization: An empirical study. Journal of Information Assurance and Security, 8(4), 201–219.
[24] Sommestad, T., & Karlzén, H. (2024). The unpredictability of phishing susceptibility: Results from a repeated measures experiment. Journal of Cybersecurity, 10(1), 23-37.
[25] Toth, R., Dubniczky, R. A., Limonova, O., & Tihanyi, N. (2025). Sustaining cyber awareness: The long-term impact of continuous phishing training and emotional triggers. International Journal of Information Security Studies, 9(1), 33–52.
[26] Ugbaja, O. C. (2025). Online banking adoption and the surge of phishing and online scams in Nigeria: An empirical study. Journal of Economics, Management and Trade, 31(8), 234–244.
[27] Ussher-Eke, D. (2025). From awareness to action: Designing effective cybersecurity training programs. International Journal of Science and Research Archive, 16(2), 494–504.
[28] Yaro, H. U., & Mohd, M. (2025). Phishing susceptibility metrics in academic environments: Simulation-based analysis at Federal Polytechnic Bali, Nigeria. Asia-Pacific Journal of Information Technology and Multimedia, 14(1), 219–239.