Journals - MOST Wiedzy

Abstract

Background and Objective: Cybercrime is rapidly expanding in both scale and sophistication, posing significant risks to users with limited technical knowledge, particularly older adults and individuals new to digital technologies. Traditional cybersecurity education often relies on technical explanations that may be difficult for these groups to understand. This paper aims to investigate whether Business Process Model and Notation (BPMN) can serve as an effective visual educational tool to enhance cybersecurity awareness by clearly illustrating how cyberattacks commonly unfold and where preventive actions can mitigate them.
Study Design/Materials and Methods: The study adopts a design-oriented, model-based research approach grounded in visual process representation. BPMN was applied to develop illustrative models of three prevalent online threats: phishing, smishing, and online shopping fraud. Each model represents the sequence of attacker and victim actions, key decision points, and critical moments where informed user behaviour can prevent or mitigate an attack. The models were designed to be adaptable for different age groups and levels of digital literacy. As the study is conceptual and focuses on model development rather than empirical validation, no statistical analysis was performed; therefore, confidence intervals and levels of statistical significance are not applicable.
Results: The resulting BPMN diagrams provide a structured and transparent visualisation of cyberattack progression, enabling clearer understanding of manipulation techniques and risk points. The models highlight actionable prevention steps and support comprehension of the human-factor vulnerabilities exploited in common cybercrime scenarios. BPMN proved suitable for representing cybersecurity threats in a way that is intuitive, process-oriented, and accessible to non-technical users.
Practical Implications: The proposed BPMN-based models can be directly applied in cybersecurity awareness programmes, educational workshops, and organisational training initiatives. They offer a standardised yet flexible framework for communicating cyber threats and preventive behaviours across diverse user groups. In practice, this approach may strengthen user awareness, reduce susceptibility to social engineering attacks, and support the development of age-appropriate and inclusive cybersecurity education materials.
Conclusion and Summary: This study demonstrates the potential of BPMN as a visual and educational tool for improving cybersecurity awareness among users with varying levels of digital competence. By translating complex cyberattack mechanisms into clear, process-based diagrams, BPMN can bridge the gap between technical cybersecurity knowledge and everyday user understanding. While the findings are conceptual, they provide a foundation for future empirical research to evaluate the educational effectiveness of BPMN-based cybersecurity training in real-world contexts.