ABSTRACT
This article provides a four-part typology of security awareness. We argue that existing awareness typologies that distinguish problem awareness from solution awareness and that separate descriptive awareness from prescriptive awareness are on its own insufficient and need to be merged to have a complete picture of security awareness. Renaming and bridging both distinctions leads to four security awareness types: (1) Cognitive awareness of the threat; (2) Attitudinal awareness of the threat; (3) Cognitive awareness of the mitigation; and (4) Attitudinal awareness of the mitigation. Each type is subsequently explained in greater detail and illustrated by referring to the 2020 worldwide outbreak of COVID-19. Furthermore, it is demonstrated that the typology is applicable to study both organizational awareness and individual awareness.
Acknowledgments
This work was supported by Bel-V, Brussels Airport Company, Elia, Engie-Electrabel, the Federal Agency of Nuclear Control (FANC) and G4S. Furthermore, we would like to thank Genserik Reniers and the three anonymous reviewers for their comments.
Notes
1. Although it is recognized that actors can have many guises, the male pronoun will be systematically used for reasons of text readability.
2. In the spirit of the ‘Not in My Organization (NIMO) bias (Bunn & Sagan, Citation2016).
3. We would like to thank anonymous reviewer 3 for this suggestion.