1. Introduction

Klein and Prusak (1994) define intellectual capital operationally as intellectual material that has been formalized, captured and leveraged to produce a higher valued asset. According to Kok (2007), intellectual capital consists of three elements: human capital, structural capital (or organizational capital) and relational (customer) capital. Human capital, which includes experience, the know-how, capabilities, skills and expertise of the human members of the organization, plays a pivotal role in the management of intellectual capital by organizations regardless of industry type (Bontis et al., 2000; Maditinos et al., 2011).

With the advent of revolutionary technologies such as artificial intelligence, machine learning, cloud computing, big data and IoT, there is a growing pressure for organizations to ensure the security of their intellectual capital since cyber-attacks and data breaches are being reported on an almost daily basis. An organization’s ability to successfully manage intellectual capital is determined by the actions of its employees to prevent or minimize information security incidents.

However, developing robust cybersecurity defense is not a trivial task. As people are the weakest link in an organization’s cybersecurity chain, every employee has the obligation to do their part in protecting the organization and thus they need to be equipped with sufficient security training and resources (Chatterjee, 2019). Implementing the latest security technologies may be costly and may not help much if the users are not properly trained or educated (Singer and Friedman, 2014). According to a IBM (2014) report, around 80–90 percent of current cybersecurity failures are due to human and organizational shortcomings.

As security incidents continue to rise in cost and frequency, it becomes increasingly important to educate the users to practice safe online behavior and security countermeasures. Disparte and Furlow (2017) suggest that the best cybersecurity investment an organization can make is better training. Organizations can benefit by integrating a cybersecurity awareness training program into their strategic management of intellectual capital and organizational knowledge. According to Nerdrum and Erikson (2001), intellectual capital is a result of either formal education or informal on-the-job training. To prevent more data breaches to intellectual capital, organizations must provide regular cybersecurity awareness training for all personnel (Anwar et al., 2017). Al-Awadi and Renaud (2007) point out that awareness training is a key factor related to...