Exploring public cybercrime prevention campaigns and victimization of businesses: A Bayesian model averaging approach

•Governments develop many policies to foster cyber security in businesses.•Awareness of UK government schemes is associated with more cyber secure practices.•Implementing government-recommended cyber security measures is not associated with lower victimization.•Implementing government-recommended cyber security measures is not associated with fewer negative consequences. Cybercrime is a pressing concern for governments and businesses around the globe, but little is known about what policy interventions work to prevent and mitigate threats to organizations. Thus, empirical studies on cybercrime prevention policies and tools are needed to understand their effectiveness and to improve implementation and evaluation. This article analyzes whether two UK government schemes aimed at encouraging and helping businesses to adopt cybersecurity controls and policies ('Cyber Essentials’ and ‘10 Steps to Cyber Security’) are associated with safer organizational behavior and whether adopting the recommended measures is related to lower levels of cybercrime victimization and its impacts. Bayesian model averaging is employed on a representative sample of 5,872 businesses from four rounds (2018–2021) of the UK Government's Cyber Security Breaches Survey. The results show that awareness of the Government schemes is associated with more cyber secure practices, but we do not find evidence of lower likelihood of victimization or negative consequences for companies that implement the recommended measures. Findings are discussed in relation to policy, practice and future research.