Article Info
Cybersecurity Awareness and Behaviour Theory Models: A Systematic Literature Review
Nor Afifah Binti Sabri, Aun Yichiet, Gan Ming Lee, William Yeoh Ging Sun, Lee-Kwun Chan
dx.doi.org/10.17576/apjitm-2026-1501-23
Abstract
Security behaviour models serve as foundational frameworks for studying human behaviour in the context of information security. Previous research has used various type of security behaviour models and cybersecurity awareness theories to better understand people?s security-related behaviours. This paper presents a systematic literature review (SLR) of human security behaviour models and theories applied in cybersecurity research over the past five years (2020-2025). Using a structured four-phase SLR methodology that includes planning, source selection, information gathering, and analysis, a total of 173 publications were methodically chosen from five major academic databases: Science Direct, IEEE Xplore, ACM Digital Library, Research Gate, and Google Scholar. From the analysis, 54 distinct behavioural theories were identified, of which five were most frequently applied: The Theory of Planned Behaviour (TPB), Theory of Reasoned Action (TRA), Protection Motivation Theory (PMT), Fogg Behaviour Model (FBM) and Knowledge-Attitude-Behaviour (KAB) Model. Every model is thoroughly investigated in terms of its theoretical fundamentals, components, and practical applications in cybersecurity. The findings of the literature will provide a form of integrated theoretical map that might assist practitioners and academicians in adopting appropriate behavioural models for cybersecurity approaches. These findings will be applied to develop a conceptual model for a future study on how cybersecurity influences human behaviour in Malaysian Small and Medium-sized Enterprises (SMEs).
keyword
Cybersecurity; Human Behaviour Model; Information Security; Security Behaviour Model; Systematic Literature Review

