Public cybersecurity awareness good practices on government-led websites

Globally, governments should prioritise and lead cybersecurity


Introduction
Over the past decade, cybersecurity awareness has become increasingly topical given the intensifying scale of cybercrime (Al-Janabi & Al-Shourbaji, 2016;Chang & Coppel, 2020), which amounted to one trillion dollars globally in 2020 (Gavėnaitė-Sirvydienė & Miečinskienė, 2021).Bada, von Solms and Agrafiotis (2018) convey that Africa is one of the regions with the highest rates of cybercrime, which continues to escalate in terms of intensity and frequency (Amanowicz, 2020;Kritzinger, 2017).Cybercrime, therefore, poses a serious threat to the government, state security, organizations and individual cyber users (Amanowicz, 2020;Furnell & Vasileiou, 2017).
Governments in several countries have responded to this call by placing cybersecurity awareness on their list of security concerns (Choo, 2011) and developing various cybersecurity technologies, policies and regulations (Chang & Coppel, 2020).The Estonian Cyber Security Policy, for example, was established following the first large-scale cyberattack against Estonia in 2007 (Czosseck, Ottis & Talihἃrm, 2011).Similarly, two years after the Estonian attack, other countries such as the United States of America (USA), the United Kingdom (UK), Australia and Canada recognised the importance of promoting government-led cybersecurity awareness measures (Kortjan & von Solms, 2014).More recently, given the Russia-Ukraine conflict, countries such as Australia, the UK and the USA joined forces to establish a joint cybersecurity advisory.This joint advisory seeks to warn organizations of increased cyber activity from Russian-aligned cybercrime groups (Zick, 2022).Likewise, Estonia signed a digital cooperation agreement with Japan to share best practices in terms of cybersecurity (Republic of Estonia, 2022).While several cybersecurity awareness measures have been implemented by governments worldwide, cybersecurity awareness is described as "in its infancy" (Bada et al., 2018, n.p).
Based on the recent Global Cybersecurity Index (GCI)2 report, developed by the International Telecommunication Union (ITU), the following four countries are at the forefront of cybersecurity awareness, namely: the USA, the UK, Saudi Arabia, and Estonia.These countries have the highest GCI measures globally, ranging from 100% down to 99,48%, and are ranked from first to third position globally (ITU, 2020).3Furthermore, these countries are considered the most cybersecurity-aware countries in the world as they have scored 20 (the highest score) for the organizational category, which specifically measures the national strategies to implement cybersecurity awareness (ITU, 2020).There are other indexes to measure the performance of countries' cybersecurity awareness such as the National Cybersecurity Index (NCSI) and the Index of Cybersecurity (ICS).However, the GCI was used in the current study as it is a means of triggering good practices in countries as it combines 25 indicators into one benchmark measure (Bruggemann, Koppatz, Scholl & Schuktomow, 2022).This paper aims to search for good practices of public cybersecurity awareness practices as set out on the websites of the four worldleading countries.The progress made by these four countries is demonstrated through the implementation of government-led cybersecurity awareness measures as evident in their strategies (Rama & Keevy, 2022).The good practices employed by the four world-leading countries could serve as a benchmark globally for other countries seeking to formulate or update their countries' public cybersecurity awareness practices on their websites.Furthermore, showcasing the four world-leading countries serves to assist countries which have lower GCI organizational measures can improve their cybersecurity awareness practices on their websites.
The current paper is different to those in the previous literature, as it focuses on public cybersecurity awareness practices of the four world-leading countries.Other studies have focused on whether cyber user campaigns have changed consumer behavior (Bada, Sasse & Nurse, 2019;van Steen, Norris, Atha & Joinson, 20202020); the cybersecurity strategies of countries (Rama & Keevy, 2022); cybersecurity campaigns focused on the youth (Reid & van Niekerk, 2014;Smith & Ali, 2019); and cybersecurity risk of sharing passwords (Whitty, Doodson, Creese & Hodges, 2015).Thus, to the authors' knowledge, this is the first paper addressing public cybersecurity awareness practices on the websites of the four world-leading countries.
The remainder of the paper is organized as follows.Section 2 addresses the theoretical framework, while Section 3 summarizes the existing literature.The research methodology is then explained in Section 4, followed by a discussion in Section of the findings of the government-led cybersecurity awareness practices as evident on the four world-leading countries' websites.Section 6 concludes the paper and is where we discuss our contribution, areas for improvement, limitations of the study and provide suggestions for future research.

Literature Review Theoretical Framework
The study underscores the stakeholder and protection motivation theories.Firstly, regarding the stakeholder theory, the government should play a leading role in terms of public cybersecurity awareness to assist in securing the data of its citizens, while also educating its citizens on measures to safeguard against cybercrime (Kortjan & von Solms, 2014;Gcaza & von Solms, 2017;Ngoma et al., 2021).Stakeholder theory is often employed from a private sector perspective (Flak & Rose, 2005).However, this study argues that the government equally performs a duty to the public (Scholl, 2001).Succinctly stated, stakeholder theory is how organizations, through their business operations and decisions, create value for all impacted stakeholders (Valentinov, Roth & Will, 2018).

96
Similarly, the government, through its public cybersecurity awareness practices can address the needs of its stakeholderscyber users.
The protection motivation theory refers to the positive correlation between cybersecurity awareness and cybersecurity behavior.According to the notion of the protection motivation theory, there are two constructs: fear and coping appraisal (Bishop et al., 2020).The two constructs contribute to the intention for behavioral change.Cybersecurity awareness is underpinned by the ideology of positive changed behavior toward cybersecurity threats, to obtain a safer cyber environment through awareness (Khalifa & Al-Kumaim, 2021).Consequently, cyber users are more likely to engage in safe and positive online behavior the more informed they are (Lee & Kim, 2022).This study finds that government, through its public cybersecurity awareness practices on its websites, provides a vehicle to drive safe and positive online behavior for its citizens (cyber users) (ITU, 2020).

Empirical Review
Information and communication technologies (ICTs) have altered the way in which cyber users communicate, conduct business, and live their lives (Chang & Coppel, 2020).Cyber users' understanding of privacy and security risks, as well as how to protect themselves in the event of a cyberattack, is fundamental as technology advancements continues to accelerate at a rapid rate (Ulven & Wangen, 2021).Moreover, cybersecurity is "both a technical problem and also one" that impacts "non-expert end-users with online content" (Zhang-Kennedy & Chiasson, 2021, p. 1).This is explained further by Furnell and Vasileiou (2017), who posit that several cyber-related issues are a result of inadequate attention afforded to individual cyber users.Cyber users cannot be protected from online security threats when in the online space only by technological countermeasures, such as adjusting privacy settings, creating strong passwords and complying with security policies.For example, cyber users' personal information (such as identity numbers, personal cell phone numbers and banking information), is often subject to a security breach in the form of a cyberattack.In the event of a security breach, what the end user does to protect themselves comes down to their awareness and knowledge of cybersecurity (Furnell & Vasileiou, 2017).
It is found that awareness, training and education are often overlooked as essential vehicles for cybersecurity (Furnell & Vasileiou, 2017).Consequently, there needs to be an improvement in cybersecurity awareness (Furnell & Vasileiou, 2017;Zhang-Kennedy & Chiasson, 2021), as cyber users are not naturally equipped with the skills, instincts and behaviors required to ensure appropriate protection from cybercriminals (Furnell & Vasileiou, 2017).Bada et al. (2018) therefore suggest that successful awareness campaigns must follow a continuum of learning that starts with awareness and ends with education.
Zhang-Kennedy and Chiasson (2021) found a host of multimedia educational tools that can be employed in cybersecurity campaigns to equip individual cyber users with knowledge on how to combat cybersecurity threats.The educational tools include, inter alia, digital games, film and animation, tabletop games, learning modules, and comics, with digital games and short animated films being the most widespread media to convey cybersecurity teaching.It is evident that the tools include a combination of text, images, audio, animation, video and interactive content.Using a combination of tools can increase cyber users' engagement and understanding of the content (Zhang-Kennedy & Chiasson, 2021).Furthermore, employing a combination of tools can target both adults and children (Zhang-Kennedy & Chiasson, 2021).Mashiane, Dlamini and Mahlangu (2019) convey that posters, face-to-face training, games and eLearning platforms should be employed in campaigns to address larger and more diverse groups of cyber users.Furthermore, Yeoh, Huang, Lee, Al Jafari and Mansson (2022) argue that providing cyber users with simulation scenarios can be an effective mechanism to showcase social engineering and phishing.Additionally, Chang and Coppel (2020) found that social media can be an effective tool in cybersecurity awareness campaigns, especially for cyber users from developing markets.These individuals often use platforms, such as Facebook, as their only source of news and information.However, there is also caution against social media, as cyber users may be relatively new to social media and uninformed about its associated risks (online hate speech, smear campaigns, fake news, etc.) (Chang & Coppel, 2020).
Certain successful campaigns address the importance of portals to update cyber users on recent developments (Aljabri, 2021) as they provide a free and secure space for users to stay informed of cybersecurity threats (Sharma, Dash & Ansari, 2022).Other cybersecurity campaigns use fear appeals, shaming and emphasis on personal benefits to target cyber users (Furnell & Vasileiou, 2017).Chang and Coppel (2020) argue that invoking fear in cyber users is not an effective awareness tactic.Cybersecurity education should rather be "targeted, actionable, doable and provide feedback" to cyber users (Chang & Coppel 2020, p. 2).de Bruijn and Janssen (2017) make the case for evidence-based framing strategies to increase societal and political awareness of cybersecurity.They offer six strategies to better frame cybersecurity to cyber users, namely: (1) do not exacerbate cybersecurity, (2) make it clear who the villains are, (3) give cybersecurity a face by putting the heroes in the spotlight, (4) connect cybersecurity to values other than security alone, (5) personalize the message for easy recognition, and 6) connect to other tangible and clear issues.de Bruijn and Janssen (2017) go further to convey that evidence-based framing means that frames should be based on facts, as information to cyber users that is only emotional will not have a long-lasting positive impact.Information and messages to cyber users should thus be grounded in empirically researched evidence.
While several scholars agree that cybersecurity awareness campaigns can change online behavior (Chang & Coppel, 2020;Mashiane et al., 2019;Zhang-Kennedy & Chiasson, 2021), Wongkrachang (2023) argues that language is often a barrier to reaching cyber users with a different vernacular.Therefore, scholars convey that cybersecurity awareness training materials should be provided in different languages to reach a larger audience (Dahabiyeh, 2021).In line with this thinking, cybersecurity awareness campaigns should be suited to local audiences, by using terminology, images, cases and examples to which a local audience can relate.For example, merely translating another country's campaign material for other contexts will not necessarily result in risks resonating with a local target audience (Chang & Coppel, 2020).Chang and Coppel (2020) provide two reasons why this would be so: firstly, the issues experienced in other countries are different or less relevant, and, secondly, the "absence of local identifiers makes it harder to engage" for cyber users (p.8).
Cybersecurity awareness campaigns are not once-off events (Chang & Coppel, 2020).They are rather ongoing tasks of raising awareness, which need to be enforced on a frequent basis, not only for prior cyber users but also to lure new users (Chang & Coppel, 2020, p. 9).

Research Methodology Data Sampling and Population
The four world-leading countries are considered at the forefront of cybersecurity awareness, according to their GCI rankings (ITU, 2020).The scope of this paper is thus limited to public cybersecurity awareness practices in the USA, the UK, Saudi Arabia, and Estonia.
The GCI specifically has a questionnaire targeting public cybersecurity awareness practices under capacity development measures (ITU, 2020).The initial summary of the questionnaire outlines that public cybersecurity awareness […] includes actions such as setting up portals and websites to promote awareness, disseminating support materials and other relevant activities (ITU, 2020, p. 149).
This study provides insight into public cybersecurity awareness practices through the analysis of the websites, with a focus on support materials and other relevant activities to promote cybersecurity awareness for individuals (see Table 1).

Data Analysis
The research study follows a qualitative research approach by using secondary data from the countries' websites. 4Content analysis was employed to analyse the websites, which includes compressing large text into content categories through coding, categorizing, and creating meaningful themes to finally conclude the unit of analysis (Kangas, Harju-Luukkainen, Brotherus, Gearon & Kuusisto, 2022;Stemler, 2000).Kim and Kuljis (2010) advocate for the use of website searches as part of content analysis.
The websites were analyzed by investigating the support materials and other relevant activities.However, given that the GCI questionnaire does not provide predetermined categories, the reviewers performed an inductive search for support materials and other relevant activities that are used to disseminate cybersecurity awareness content.However, during this search, additional categories were found (see Table 1).The paper provides examples of these categories to maintain the trustworthiness of the data (Akdemir & Yenal, 2021).
The searches on the websites were independently performed by two reviewers.Identified good practices were collated and compared, with discrepancies resolved through discussion (van Steen et al., 2020).The data set was collected between September 2022 and June 2023.To ensure that the websites relevant to the four world-leading countries were used, the reviewers started their search on the official dedicated government cybersecurity websites.This was followed by Google searches on all four countries to ensure the completeness of the websites (van Steen et al., 2020).

Stop.Think.Connect.
Evident in Table 1 is that the USA has two websites, namely, Stop.Think.Connect.and Stay Safe Online, which are also the two USA campaigns.Stop.Think.Connect.was launched in 2020 in partnership with the government (Department of Homeland Security), nonprofit organizations, and the private sector.This website is regularly updated as a 2023 date was evident on the footer.The website also refers cyber users to the social media handles on Twitter, Facebook and Instagram.The tips and advice tab on the website is accessible in six languages (English, Spanish, French, Portuguese/Brazilian, Japanese and Russian), while the other tabs (campaigns, resources, research and surveys, blogs, and get involved) only contain information in English.

98
The website provides cybersecurity content in the form of readings (tip sheets), videos, memes and infographics, posters and research.The different content is relatable to adults (including parents), teens, tweens, younger children and LGBTQ communities.For adults, the media covers aspects such as cybercrime during tax time, online shopping, talking about cybersecurity with your teens and using public computers, with titles such as "when planning a wedding say, 'I do' to cyber safety", "do a digital spring cleaning and clear out cyber clutter", "happy online holiday shopping", "rethink cyber safety rules and the 'tech talk' with your teens" etc., while for the tween and teen market, content focuses on online gaming and privacy tips, with app titles such as "game over -playing online", "personal information is like money.Value it.Protect it" and "it's your game, take control".Lastly, for the LGBTQ communities, content includes a title of "what LGBTQ communities should know about online safety".
Stop.Think.Connect.also provides statistics to cyber users on the importance of being cyber-aware as well as a platform for users to share their cybersecurity research.Moreover, research is conducted on the views of cyber users willing to participate in online surveys and polls.Blogs are also shared with cyber users to provide an overview of the latest activities hosted by Stop.Think.Connect.in other countries.

Stay Safe Online
The second website of the USA, Stay Safe Online, was launched in 2001 in partnership with the government (Department of Homeland Security), corporations and the National Cybersecurity Alliance (a non-profit organization).The website is regularly updated as a 2023 date was evident on the footer.Stay Safe Online's content is only accessible in English.Social media handles include Twitter, Facebook and LinkedIn.In addition, Stay Safe Online has a dedicated YouTube channel ("StaySafeOnline1").
Stay Safe Online conveys that it provides resources to raise awareness at home, work, school and for the community.The resources for these different cyber users consist of different reading material covering a range of cybersecurity awareness topics (i.e., online safety basics, hacked accounts, vacation and travel security tips).The reading material shows the cyber user when it was loaded onto the website with dates noted such as "2 days ago" or, for content loaded more than two days ago, the date when it was loaded would be displayed.The reading material also informs cyber users of how long the article will take to read.For example, the reading material on "Google users: fire up Google passkeys" informs cyber users that it will be a four-minute read and that it was loaded on 22 May 2023.Furthermore, reading material contains captivating titles (i.e., "planes, trains, automobiles … and staying safe online" and "wedding planning cybersecurity: say 'I do!' to digital bliss").
The reading material is filtered into the following categories: "new and featured content", "online safety + privacy basics", "career + education", "theft, fraud + crime" and "cybersecurity for business".When scrolling down the content, it is evident that it is relatable to a wide cyber user audience.For example, for parents, the reading material covers aspects such as "parenting in the digital age: 7 online dating rules for your teens" and "raising digital citizens".For adults, the reading material includes some of the following titles: "stay secure while job hunting", "share with care: staying safe on social media" and "online romance and dating scams".For teens, the reading material covers aspects such as 'the modern teen's guide to handing out L's to cyberbullies" and "only half of teens agree they feel supported online by parents".Lastly, for younger children, reading material covers some of the following topics, "you can stop cyberbullying as a kid!".Also notable is that the website contains information for LGBTQ cyber users, such as "what LGBTQ+ communities should know about online safety".
Video content on the website appeals to a wide audience.However, the content cannot be filtered for different cyber user groups.Cyber users need to click on the link which takes them to a range of YouTube videos presented by Stay Safe Online.Evidently, there are recent videos at the top and older videos further down the page.The dates of loaded videos and the length are evident.Some of the reading material is duplicated in video format.
The website also includes free downloadable content (tip sheets, graphics and infographics), for cyber users.Cyber users are, however, required to subscribe to obtain the content.The authors subscribed to certain of this content and noted that it included a toolkit consisting of the following for "vacation and travel security": a tip sheet, social media posts and graphics, an infographic, ondemand webinars and additional resources.
The website also includes events and programs.On inspection of these, it was relevant to business and industry and not really targeting everyday cyber users.Furthermore, the upcoming events had in-person or virtual offerings, but these were at a cost and were targeting business professionals.

UK
The UK's website is the National Cyber Security Centre (NCSC) which was launched by the government in 2016.Using the NCSC website, the UK operates its cybersecurity campaign Cyber Aware, which came into effect in 2020.The NCSC website is regularly updated as a 2023 date was evident on the footer.Furthermore, the social media handles include Twitter, LinkedIn and Instagram.In addition, the UK has its own YouTube channel ("NCSC_HMG").Content on the website is only accessible in English.
Cyber Aware filters the content into different cyber user groups, namely: cybersecurity professionals, individuals and families, large organizations, the public sector, self-employed and sole traders and small and medium-sized organizations.
For children (ages 7 -11) a game was evident, referred to as 'cyber sprinter'.The game includes virtual reality for children to navigate safe cyber practices with robot hackers, bots and clones.In addition, the game also provides crosswords and word searches.Specifically, under individuals and families, the content includes infographics, readings (guidance and information), games and activities and YouTube videos.Moreover, cyber users are supported with "citizen advice" on how to report cybercrime and are provided with a dedicated helpline.
Cyber Aware also provides cyber users with a "cyber action plan now" for small organizations and individuals and families.This allows cyber users to complete a few simple questions to get a free personalized action plan.The survey takes approximately twothree minutes to complete as indicated on the website.The authors participated in the survey for individuals and families, and it was noted that a free personalized action plan was generated after completing the survey which contained written information on various practices cyber users can follow to be more cyber secure (i.e., backing up data, changing passwords, installing updates).At the bottom of the personalized plan, Cyber Aware also directs cyber users on how to report suspicious emails by using either text or email.
Other content to increase cyber users' awareness includes the latest news articles on cybersecurity, as well as speeches delivered by NCSC and networking events hosted by NCSC.The events can be attended in person or streamed virtually using their YouTube channel.

Estonia
Estonia's website is the Ole IT-vaatlik which was launched by the government through the Information System Authority at the end of 2021.The website is updated regularly as a 2023 date was noted in the footer.The website refers cyber users to LinkedIn, Twitter, Facebook, and Instagram social media handles.In addition, Estonia has its own YouTube channel ("Riigi Infosüsteemi Amet NCSC-EE").This website is accessible in English, Estonian and Russian.However, for English content, users are required to click on a link to translate the content into English via Google Translate, therefore, it is not directly accessible in English.
The website filters the content into different categories, namely: individuals, parents, business and the public sector.For the individual category, the content includes relevant articles and YouTube videos.When drilling down into the parent classification, the website further filters the content into the following: for kids, for the youth, for parents and for teachers.Notably, for kids, the content could be accessed in additional languages (English, Russian, Danish Estonian, Polish and Ukrainian).The content includes animated children's images (such as rabbits, bears and dinosaurs), relatable cartoon YouTube videos, games and tips.There is also a helpline for children with an animated image.A cyber-related game, "Spoofy", can be played by 7 -10-year-old cyber users.In this game, children learn to behave safely in the digital world.
When drilling down into the young people classification, it was noted that the icons were more relevant to this audience, with images of mobile phones, young learners, gaming, etc.There is also a helpline for young people.The content includes infographics, memes, videos, games and tips.Young people are also provided with an opportunity to assess their current cybersecurity knowledge and obtain further skills through a test.The content is relatable to young people, as it includes details about social networks, cyberbullying, and smart devices.Young people also had a dedicated icon directing them to a helpline.
For parents, the content includes advice, YouTube videos, infographics and an online book.Noteworthy is that there is content for the entire family to learn cybersecurity together, as a video conveyed that the whole family should watch the adventures of "Netilammas online".For the teacher category, the same content was available as for parents, however, there was also specific content for teachers in the categories of kindergarten and schooling.

Saudi Arabia
Saudi Arabia's website, Computer Emergency Response Team (CERT), conveys that the National Cybersecurity Authority (NCA) was established by the government in 2017.The NCA is a government entity responsible for the cybersecurity of the country, of which the CERT is mandated to increase the level of knowledge and awareness, disseminate information about vulnerabilities, and campaigns and cooperates with other response teams.The website is regularly updated as a 2023 date was evident on the footer.The website is accessible in Arabic and English, barring cybersecurity news, which is only available in Arabic.The website also refers cyber users to the Twitter social media handle.Saudi Arabia also has its own dedicated YouTube channel (Saudi CERT).
The website has two tabs which are relevant to cybersecurity awareness, namely, Security Releases and Security Awareness.
Regarding the former, it is divided into Security Alerts and Cybersecurity News sections.The Security Alerts section provides a page informing cyber users of critical and high-security incidents.These security incidents pertain to platforms that are commonly used by cyber users such as Google, Dell, Adobe, etc.As previously mentioned, Cyber Security News is only accessible in Arabic and, therefore, the researchers are not able to provide insights into which information is available for cyber users.
On the Security Awareness tab content can be filtered for "general" and "children".Material under these filters includes posters and videos which address recent cybersecurity issues such as "protect your TikTok account", "avoid phishing links" and "don't be a victim of social media".When filtering for children, content is also relatable as it addresses the following: "don't be a victim of social media", "report inappropriate ads" and "password protection".Furthermore, the Security Awareness tab also contains downloadables, for example, "what to do when your child is blackmailed".
Saudi Arabia also has various awareness campaigns, which can be filtered into different categories, namely: NGOs, the elderly, persons with disabilities, the public, students and teachers.Within each of these categories, videos, information (tips and advice) and booklets are available.Saudi Arabia also has its own dedicated YouTube channel (Saudi CERT).

Summary of the good practices from the four world-leading countries
All four world-leading countries (the USA, the UK, Saudi Arabia and Estonia) regularly update their websites, as the most recent update was in 2023.These countries, therefore, consider the most recent cyber landscape as part of their cybersecurity awareness practices.The importance of updating websites on recent cybersecurity developments is equally conveyed in the literature (Aljabri, 2021).
Apparent on the websites is the wide cyber user audience, as the four world-leading countries filter websites into different categories.The focus is often family and children.For example, all four-world leading countries have a children category, and some countries specifically focus on parents (USA and Estonia), teens (USA), tweens (USA) and youth (Estonia).Estonia and Saudi Arabia have a teacher category and thus convey the importance of relaying cybersecurity awareness through the teacher within a classroom setting.Both the USA's websites have content for the LGBTQ community, while Saudi Arabia provides content for the elderly and people with disabilities.Content provided on the websites of the four world-leading countries is therefore targeted not only at specific audiences, as called for in the literature (Chang & Coppel, 2020) but also at a wider cyber user audience (Mashiane et al., 2019).Notably, the UK and Saudi Arabia provide a filtering tool for different audiences, which enables cyber users to obtain relevant information with ease, instead of scrolling down the website to find support material.
The literature conveys that cybersecurity awareness training materials should be provided in different languages to reach a larger audience (Dahabiyeh, 2021).Evident in this study was that for countries where the first language is not English (Estonia and Saudi Arabia), websites are in the official language in addition to English.Moreover, the USA Stop.Think.Connect.website is accessible in six languages.Therefore, it appears that in countries with more than one official language or where the official language is not English, websites are accessible in various languages.
With regard to social media handles, all four world-leading countries have their own dedicated YouTube channel and use Twitter, while three of the countries (the USA, the UK and Estonia) use LinkedIn, two (USA, Estonia) use Facebook and two (USA, UK) use Instagram.Chang and Coppel (2020) similarly found that social media is an effective tool for the promotion of cybersecurity awareness.
Evident on the websites is the plethora of support material used by all four world-leading countries (videos, tip sheets, infographics, memes, posters, games, quizzes, and activities).The literature similarly supports the importance of using a host of multimedia educational tools to create awareness (Mashiane et al., 2019;Zhang-Kennedy & Chiasson, 2021).All four world-leading countries use videos and readings and three of the countries (the USA, the UK, and Estonia) use infographics.Quizzes and games are evident for the UK and Estonia.Noteworthy is the game for children aged 7 -11 in the UK, which provides them with virtual reality to navigate safe cyber practices.
Apparent therefore, for all four world-leading countries, is that a combination of text, images, audio, video and interactive content is available for cyber users as suggested in the literature (Zhang-Kennedy & Chiasson, 2021), thus also allowing the four world-leading countries to target a wide audience of cyber users (Zhang-Kennedy & Chiasson, 2021).
In addition, the UK offers users a platform to complete their current cyber practices in a quiz.A free personalized action plan is then generated, in this way providing users with feedback (Chang & Coppel, 2020).The UK and Estonia also direct cyber users to helplines in the event of being faced with cyber-related incidents.
Lastly, a notable best practice for the USA's Stay Safe Online website is that it displays when the reading material was loaded (for example, two days ago), and how long it will take cyber users to read the article.Furthermore, both Stop.Think.Connect.and Stay Safe Online use appealing titles (such as, "when planning a wedding say, 'I do' to cyber safety" and "planes, trains, automobiles … and staying safe online").
Table 1 outlines the good practices as found on the websites of the four world-leading countries.Table 1 provides the support materials and other relevant activities as well as the additional categories (the language/(s), social media handles, and cyber user audience) which aid in disseminating content).Table 1 therefore provides some common practices, which could serve as a basis for the improvement of cybersecurity practices as evident on the websites of the four world-leading countries.

Conclusion, Limitations and Areas for Future Research
The paper aimed to search for good practices of public cybersecurity awareness as evident on the websites of the four world-leading countries (the USA, the UK, Saudi Arabia, and Estonia).The present study contributes to the emerging literature on government-led cybersecurity awareness practices for individuals.
This study found that all four world-leading countries regularly update their websites and consider the most recent cyber landscape as part of their cybersecurity practices.The countries provide content for a wide cyber user audience, by using a host of multimedia educational tools including videos, readings, infographics, memes, games and quizzes.The content is categorized into different cyber users.For example, the categories of children and parents are provided by all four countries, while certain countries provide content relevant for teachers, the LGBTQ community, the elderly and people with disabilities.In addition, social media platforms are used by all four countries with all having their own dedicated YouTube channel and Twitter handle.In addition, it was found that in countries where the first language is not English (Estonia and Saudi Arabia), websites are in the official language in addition to English.All these practices as evident on the websites of the four world-leading countries showcase the wide cyber user reach.
Limitations are duly acknowledged in the current study.The data set for the four world-leading countries was collected between September 2022 and June 2023.Therefore, there may be content before or after this timeframe, which will not appear in the current study.The study also is limited to an analysis of cybersecurity awareness practices of the four world-leading countries as evident on their websites.This review assessed government-led practices for individuals and not businesses.Therefore, the websites of the four world-leading countries also contained practices pertaining to the business environment, which could be assessed in a follow-up study.Moreover, there may be several other countries (using the NCSI and the ICS indexes), not reflected in the study, that have commendable cybersecurity awareness practices on their websites.
Cybersecurity awareness is not a once-off event (Chang & Coppel, 2020), as websites and content should be regularly updated to reflect the most recent cyber landscape, as evidenced by the four world-leading countries.Furthermore, a host of multimedia content should be available to appeal to a wide cyber user audience, in different languages and for different cyber user categories.This study concludes that the good practices employed by the four world-leading countries could serve as a benchmark globally for other governments seeking to formulate or update their countries' public cybersecurity awareness practices on their websites.Showcasing the four world-leading countries serves to assist where countries which have a lower GCI organizational measure can improve their cybersecurity awareness practices for individuals, as these cyber users are referred to as the weakest link (Nagyfejeo & Von Solms, 2020;Ngoma et al., 2021).