Thumbnail Image
Journal Title
Journal ISSN
Volume Title
The control of cyberspace has, ever since the start of the 21st century, been anew kind of global conflict. Cybersecurity awareness needs be at a very high level amongst those who seek control over this cyberspace, and this goes much farther than simply understanding what cybersecurity is and the reasons for its significance. This is a much broader subject and involves a proper understanding of best internet security practices and what types of behaviour should be avoided. In excess of 80 per cent of attacks are the result of human error. So it is essential for each and every individual employee within an organisation to have good cybersecurity awareness. As the speed of technology and the danger of cyber war increases, countries start to implement cybersecurity. This paper aims to is to discover the levels of employees’ awareness of cybersecurity in a developed country United Kingdom (UK) and a developing country Saudi Arabia(KSA); to examine what best practices organisations should follow in order to increase the awareness of their employees and to examine the differences and similarities in awareness from one place to another. 40 British employees and94 Saudi employees participated in the survey I did to test awareness. I then conducted two interviews with one British and one Saudi cybersecurity expert,to discuss the results of the survey and to know more about cybersecurity awareness in the UK and KSA. The result shows that the awareness levels of British employees and Saudi employees are close. Cybersecurity is a global issues exceeded the limits of country development the human error will still cause many cyber attacks unless organisations follow the best ways to improve their employees awareness and encourage them to behave securely online for example regular back up, software updates when they appear, using password manger and 2FA.Organisations should make their employees aware about cyber attack examples. Furthermore, they should have a good CSO to deliver training to ensure that it is interesting and effective and that a company should not punish or fire staff who failed phishing tests because they just need more training, training must be continuous, not just one-off sessions and these must be tailored to the needs of the organisation and the employees.