Institute of Art Design + Technology
Dún Laoghaire

Desmond Finn 

MSc Cyberpsychology

My name is Desmond Finn, with 13 years of IT experience in the Education and Healthcare sectors in Ireland. Over the past four years, my specialization has been in Cybersecurity. Motivated by a keen interest in the intersection of human psychology and the digital realm, I enrolled in the MSc in Cyberpsychology program. My objective is to deepen my comprehension of how individuals' psychological tendencies influence their behaviours and decisions in the cyber domain. I aspire to leverage the insights gained from this program to enhance training programs aimed at educating both staff and students about cybersecurity practices

Project Description

Cybersecurity attacks persist against organisations in Ireland, despite organisations increasing investment in cutting-edge technologies and software aimed at safeguarding their systems against online threats. Nevertheless, cybercriminals persistently circumvent these defences, gaining unauthorized access to organizations' protected data. Although users have long been recognised as a weak link in the cybersecurity chain, organisations disproportionately prioritize technological solutions over user training, despite indications that the majority of breaches have come from users direct or indirect actions. This study found evidence that only a small percentage of the IT budgets are allocated in training users, though there was no indication as to whether any training was related to cybersecurity.

Project Outcomes

This aim of this study was to examine what impact cybersecurity training would have on the cybersecurity awareness of users within a single higher education institution. The researcher focussed on evaluating the cybersecurity knowledge, attitudes and behaviours of staff members before and after the delivery of an online training video. The assessment utilised questions from the Human Aspects of Information Security questionnaire. The results of the study found that there were slight changes in the knowledge, attitudes and behaviours of staff post-intervention. However, the results were constrained by low participation (N=21) and insufficient reliability of the post-intervention survey data. The researcher suggests extending the study to explore more long-term effects of cybersecurity training or by broadening the study to examine users across multiple institutions in Ireland, as there appears to be a scarcity of similar studies being carried out in Ireland

Thesis Title

How cybersecurity training affects cybersecurity awareness among staff in a higher education institution