Individual cyber security awareness of public staff

This thesis aims to determine the individual cybersecurity awareness levels of public sector employees and to examine the factors influencing this awareness. The research's main starting point is the critical importance of public sector employees' attitudes and behaviors regarding information security in the face of increasing cyber threats, both within their respective public institutions and within the country. Quantitative methods were employed in the study. The data collection process lasted four weeks and employed an online survey method (Google Forms). A two-part survey form was used as the data collection tool. The first part consisted of five questions to collect participants' demographic information (age, gender, education level, public sector, and length of service). The second section consists of 25 five-point Likert-type questions designed to measure participants' individual cybersecurity awareness levels. The data obtained were analyzed using Microsoft Excel and IBM SPSS Statistics. For more detailed analyses, ANOVA, Kruskal-Wallis, Mann-Whitney U, Chi-Square tests, Principal Component Analysis (PCA), and correlation analyses were applied. A total of 303 public sector employees participated in the study. According to the scoring system used in the study, the overall cybersecurity awareness rate was determined to be 72,0%. Of the participants, 197 were male, and the average awareness level of this group was 73,7%. The average awareness level of the group, consisting of 106 female participants, was determined to be 68,8%. The vast majority of public sector employees implement basic cybersecurity measures (e.g., antivirus use, complex passwords, firewalls), but differences in knowledge and attitudes are observed, particularly in the areas of financial security and mobile security. Many security behaviors have been observed to develop in conjunction with education level or digital literacy. The correlation matrices obtained in the study revealed positive and statistically significant relationships among many security habits. It was particularly noteworthy that security measures with similar functions tended to be implemented together (e.g., wireless network encryption and a modem firewall, or complex passwords and a computer firewall). Principal Component Analysis (PCA) revealed that security habits clustered around a few key dimensions. The first five questions explained more than half of the dataset (≈54%). This suggests that it would be more resource- and time-efficient for institutions to build their security training and policies on these key components. Consequently, integrated planning of training, policy, and technical measures is necessary to promote cybersecurity habits in public institutions. This study provides a scientific basis for institutions' strategic training planning, policy design, and risk analysis.