Learn, Unlearn and Relearn: Adaptive Cybersecurity Culture Model


  • Tapiwa Gundu Nelson Mandela University




cybersecurity culture, Adaptive Cybersecurity, Learn, Unlearn, Relearn, Cyber Threat Resilience, Growth Mindset, Continuous Learning


In the ever-evolving cyberspace landscape, organisations face persistent threats that continuously mutate and adapt. To effectively defend against these dynamic cyber threats, a fundamental shift in cybersecurity culture is imperative. This paper presents a novel Adaptive Cybersecurity Culture Model (ACCM) that encapsulates the principles of "Learn, Unlearn, and Relearn" as a strategic stance to foster resilience and adaptability in the face of evolving cyber threats. The ACCM emphasizes the importance of continuous learning as the cornerstone of cybersecurity culture. It advocates the adoption of a growth mindset within organisations, encouraging employees to stay updated with emerging threats, technologies, and best practices. However, the model goes beyond mere learning; it underscores the significance of unlearning outdated practices and misconceptions that may hinder effective cybersecurity. Furthermore, the ACC model introduces the concept of "Relearn," emphasizing the need to rapidly adapt and evolve strategies and tactics in response to ever-changing cyber threats. It promotes a culture of agility and adaptability, enabling organisations to respond effectively to both known and unforeseen cyber challenges. The model presented in this paper draws from case studies of various industries to illustrate the successful adoption and transformation of cybersecurity culture using the Learn, Unlearn, and Relearn principles. The ACCM represents a paradigm shift in cybersecurity culture, acknowledging that the ability to adapt is as critical as the ability to protect. By fostering a culture of continuous learning, unlearning, and relearning, organisations can proactively enhance their cyber resilience and effectively defend against the ever-evolving cyber threat landscape. This paper provides a roadmap for organisations to embark on this transformative journey toward a more adaptive and resilient cybersecurity culture.