This research investigates the effects of people’s mental modal of cybersecurity on their security behaviour. Data were collected using survey design and the questions were measured on a Likert five point-scale. The questionnaires were distributed to mainly IT staff, management staff and other staff that uses computers in the discharge of their duties. The data were analysed using percentages, frequencies and statistical methods of regression and ANOVA while Cronbach Alpha reliability coefficient technique was adopted to test the validity of the questions used to collect primary data. The result reveals that people’s prior knowledge of cybersecurity issues has no effect on people’s mental models for improved cybersecurity behaviour, but lack of trained staff (cyber talents), lack of supportive infrastructures, time constraints, exclusion of cybersecurity in non-computing courses, poor knowledge of fundamental computing areas, lack of mentors with hands-on experience, lack of cyber training or challenge programme, and inadequate books on cyber security were admitted by the participants as some of the major factors that inhibit their knowledge and engagement in cybersecurity education. These barriers if not checked could limit the level of cybersecurity awareness among undergraduate students.