Research Article

Development of Organizational Cybersecurity Awareness Scale (OCAS)

Volume: 41 Number: 1 January 23, 2026
TR EN

Development of Organizational Cybersecurity Awareness Scale (OCAS)

Abstract

This study reports the development and validation of the Organizational Cybersecurity Awareness Scale (OCAS) for employees in public institutions. The scale comprises four dimensions: (1) Personal Awareness and Proactive Approach, (2) Legal and Regulatory Awareness, (3) Technical Protection and Implementation, and (4) Organizational Policy Awareness, with a total of 26 items. Data were collected in 2021 from 110 employees working in two public organizations to evaluate the scale’s EFA analysis. Exploratory Factor Analysis (EFA) was conducted to establish the dimensional structure of the scale. The Kaiser-Meyer-Olkin measure of sampling adequacy was 0.942, indicating excellent factorability. The four-factor solution explained 60.02% of the total variance: Factor 1 (Personal Awareness and Proactive Approach) accounted for 39.54%, Factor 2 (Legal and Regulatory Awareness) for 11.19%, Factor 3 (Technical Protection and Implementation) for 4.76%, and Factor 4 (Organizational Policy Awareness) for 4.53%. All 26 items demonstrated satisfactory factor loadings, and no items required deletion. Confirmatory Factor Analysis (CFA) was performed to test the hypothesized factor structure. The overall scale demonstrated excellent internal consistency (Cronbach’s α = 0.936). Although the chi-square test was significant (χ² = 7952.667, df = 325, N = 544, p < .05), which is common in large samples, other fit indices indicated acceptable model fit: Standardized RMR = 0.085 and RMSEA = 0.083. To test the hypothesized four-factor structure derived from EFA, CFA was performed by using another 544 employees. These results support the four-dimensional structure and demonstrate that the OCAS is a reliable and valid instrument for measuring cybersecurity awareness among public sector employees.

Keywords

References

  1. Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237–248.
  2. Al-Shanfari, I., Yassin, W., Tabook, N., et al. (2022). Determinants of Information Security Awareness and Behaviour Strategies in Public Sector Organizations among Employees. International Journal of Advanced Computer Science and Applications, 13(8), 855-864. https://doi.org/10.14569/ijacsa.2022.0130855
  3. AlMindeel, R., & Martins, J. T. (2020). Information security awareness in a developing country context: Insights from the government sector in Saudi Arabia. Information Technology & People, 34(3), 770-792. https://doi.org/10.1108/ITP-06-2019-0269
  4. Almuqrin, A., Mutambik, I., Zhang, Z., et al. (2024). Cracking the Code: Unraveling the Determinants of Cybersecurity Awareness Among University Students. Journal of Organizational and End User Computing, 36(1), 1-25. https://doi.org/10.4018/joeuc.345933
  5. Arpaci, I., & Aslan, Ö. (2022). Development of a scale to measure cybercrime-awareness on social media. Journal of Computer Information Systems, 63(3), 695–705. https://doi.org/10.1080/08874417.2022.2101160
  6. Arpaci, I., & Sevinc, K. (2022). Development of the cybersecurity scale (CS-S): Evidence of validity and reliability. Information Development, 38(2), 218-226.
  7. Aşan, C. (2024). Developing a measurement scale to assess the perception of cybersecurity among employees in the maritime industry. Journal of Naval Science and Engineering, 20(2), 135-162. https://doi.org/10.56850/jnse.1485985
  8. Barrett, P. (2007). Structural equation modelling: Adjudging model fit. Personality and Individual Differences, 42(5), 815-824. https://doi.org/10.1016/j.paid.2006.09.018

Details

Primary Language

English

Subjects

Development of Science, Technology and Engineering Education and Programs, Educational Technology and Computing, Specialist Studies in Education (Other)

Journal Section

Research Article

Publication Date

January 23, 2026

Submission Date

July 10, 2025

Acceptance Date

December 31, 2025

Published in Issue

Year 2026 Volume: 41 Number: 1

APA
Ünsal, N. Ö., & Ocak, M. A. (2026). Development of Organizational Cybersecurity Awareness Scale (OCAS). Hacettepe Üniversitesi Eğitim Fakültesi Dergisi, 41(1), 136-155. https://doi.org/10.16986/hunefd.1739282
AMA
1.Ünsal NÖ, Ocak MA. Development of Organizational Cybersecurity Awareness Scale (OCAS). Hacettepe Üniversitesi Eğitim Fakültesi Dergisi. 2026;41(1):136-155. doi:10.16986/hunefd.1739282
Chicago
Ünsal, Nimet Özgül, and Mehmet Akif Ocak. 2026. “Development of Organizational Cybersecurity Awareness Scale (OCAS)”. Hacettepe Üniversitesi Eğitim Fakültesi Dergisi 41 (1): 136-55. https://doi.org/10.16986/hunefd.1739282.
EndNote
Ünsal NÖ, Ocak MA (January 1, 2026) Development of Organizational Cybersecurity Awareness Scale (OCAS). Hacettepe Üniversitesi Eğitim Fakültesi Dergisi 41 1 136–155.
IEEE
[1]N. Ö. Ünsal and M. A. Ocak, “Development of Organizational Cybersecurity Awareness Scale (OCAS)”, Hacettepe Üniversitesi Eğitim Fakültesi Dergisi, vol. 41, no. 1, pp. 136–155, Jan. 2026, doi: 10.16986/hunefd.1739282.
ISNAD
Ünsal, Nimet Özgül - Ocak, Mehmet Akif. “Development of Organizational Cybersecurity Awareness Scale (OCAS)”. Hacettepe Üniversitesi Eğitim Fakültesi Dergisi 41/1 (January 1, 2026): 136-155. https://doi.org/10.16986/hunefd.1739282.
JAMA
1.Ünsal NÖ, Ocak MA. Development of Organizational Cybersecurity Awareness Scale (OCAS). Hacettepe Üniversitesi Eğitim Fakültesi Dergisi. 2026;41:136–155.
MLA
Ünsal, Nimet Özgül, and Mehmet Akif Ocak. “Development of Organizational Cybersecurity Awareness Scale (OCAS)”. Hacettepe Üniversitesi Eğitim Fakültesi Dergisi, vol. 41, no. 1, Jan. 2026, pp. 136-55, doi:10.16986/hunefd.1739282.
Vancouver
1.Nimet Özgül Ünsal, Mehmet Akif Ocak. Development of Organizational Cybersecurity Awareness Scale (OCAS). Hacettepe Üniversitesi Eğitim Fakültesi Dergisi. 2026 Jan. 1;41(1):136-55. doi:10.16986/hunefd.1739282