Beyond Posters: A User-Centric Digital Twin Framework for Cybersecurity Awareness

Abstract

Traditional cybersecurity awareness (CSA) methods, such as posters, flyers, and static training modules often fail to engage users or drive lasting behavioural change. To address these limitations, this paper proposes a novel, user-centric approach to CSA using Digital Twin (DT) technology integrated with machine learning (ML). The proposed framework introduces the concept of a User-Centric Digital Twin (UCDT)-CSA, a dynamic digital replica of each user modelled on their cybersecurity knowledge, behaviours, and risk profile. While UCDTs have been applied in domains such as construction, aquaculture, and healthcare, this work pioneers their use in the cybersecurity context. The system begins with a pre-assessment to capture individual user responses, which are used to configure a personalized training path. Through ongoing interaction with adaptive simulations and scenario-based learning, the UCDT-CSA evolves in real time, enabling training that continuously adjusts to user performance and behaviour. ML models analyse these interactions to refine each twin’s profile, delivering increasingly targeted content and interventions aimed at improving secure behaviours. This approach transforms CSA from a static, compliance-focused exercise into an engaging, data-driven, and behaviourally adaptive learning experience. The paper outlines the architecture of the UCDT-CSA framework, discusses key implementation considerations, and sets the stage for future empirical validation and deployment in government, Small and Medium-Sized Enterprises (SMEs) and academic environment.