A Quantitative Evaluation of Cyber4Me: A Holistic Framework for Enhancing Individual Cybersecurity Awareness
Md. Arafatur Rahman, Mohamad Ibrahim, Bashir Ahmed, Nadia Refat, Tan Sze Wei, Prashant PillaiHuman factors remain the dominant contributor to cybersecurity incidents, yet awareness training produces only moderate and often non-durable behaviour change, and most evaluated programs are either purely digital or evaluated only at the framework level. This study addresses two gaps: the scarcity of empirical and demographically stratified evidence for multi-modal community-facing awareness programs, and the lack of an explicit account of how artificial intelligence (AI) should be integrated into such programs rather than treated as an optional add-on. We evaluate Cyber4Me, a four-stage individual-awareness intervention (community roadshows, structured training, a hackathon, and a physical–digital escape room) that is wrapped in a cross-cutting AI adaptive layer built entirely on structured performance and behaviour data baseline competency tiering, awareness–behaviour gap detection, predictive early-warning, and personalised recommendation, with no reliance on free text. Using a single-group pre–post design with 130 participants in the UK Black Country region and a multi-dimensional Likert instrument, all four competency domains (confidence, familiarity, GDPR knowledge, incident-response preparedness) improved significantly (paired-t, all p<0.001; large within-participant effects, Cohen’s d≥1.0). Improvement was strongly moderated by demographics: older adults gained most in familiarity, undergraduates in confidence, and lower-education participants in regulatory knowledge. The contributions are as follows: transparent and demographically stratified pre–post evidence for a multi-modal awareness program with effect sizes reported; a fitness-for-purpose comparison against contemporary analogs (KnowBe4, Proofpoint, CyberPatriot, iCAT, CAT-RWE, GPT-CSAT, escape-room studies) that treats AI as a first-class design dimension; and an articulated AI integration architecture for the framework, demonstrated offline on the cohort using only structured performance and behaviour data (no free text). In this architecture, a gradient-boosted classifier assigns participants to three baseline competency tiers at 93.1% cross-validated accuracy; these tiers differ sharply in measured improvement (ANOVA F=68.8, p<0.001; Foundational +1.79 vs. Applied +0.30 scale points), an awareness–behaviour gap segment is detected and predicted from intake signals alone (AUC =0.73), and a recommender routes participants to personalised follow-on tracks. As the design is single-group and self-reported, results are reported as evidence of within-participant change associated with the intervention rather than as a causal efficacy estimate, and the AI layer is demonstrated for feasibility rather than being evaluated as a separate trial arm; the scope is explicitly individual security awareness and behaviour, not technical network, IIoT, or cloud security.