Following this study, et al.42 showed that awareness campaigns can play a positive role in reducing cyber risk behavior. The authors found that the level of exposure to and practice in training programs pushed students to use complex passwords. They suggested that pro- viding security awareness training courses can comprehen- sively influence attitudes to information security management. Similarly, Abawajy5 divided cyber security training into three categories: online, contextual, and embedded training. He concluded that a combination of delivery methods (such as text-based, game-based, and video- based) should determine the training type. Following Abawahy5, Pawlowski et al.43 recommended that cyber secur- ity training courses should be treated as problem-centered, utilizing case studies that are tailored to student levels of awareness. Alternatively, Son et al.44 suggested a different cyber security teaching approach: integration of security labs with the curriculum in three forms – (1) pure virtual, (2) traditional physical, and (3) hybrid. They concluded that security labs should be an essential part of the curriculum, although they suggested that the deployment model should be based on individual institutional requirements. Indeed, Harris and Patten45 developed a cyber security taxonomy that allows moving security issues from higher-level courses to lower and ntermediate ones. Recently, Bong-Hyun et al.46 emphasized the importance of developing internet-based cyber training programs in higher education institutions, offered and dis- tributed by e-mail and mobile devices with formal or informal training sessions and presentation types (Shtudiner et al.47). Even so, the literature tends to be characterized by calls for more research to address insufficient knowledge of the relationships between individual awareness, knowledge, and self-reported behavior in cyber mitigation processes and use of protection tools. These studies should then contribute to facilitate the development of substantive individual cyber security training programs.
As such, the purpose of this research is to provide a theoretical and practical solution to global lack of cyber security awareness, knowledge, and behavior, highlighting the need for cyber security training programs in educational and academic institutions to generate improved individual cyber security outcomes.
Our hypotheses are thus the following:
H1: Cyber security knowledge is positively connected to cyber awareness.
H2: The netizens country of residence will moderate the connection between cyber knowledge and cyber security awareness.
H3: Netizens with higher cyber security awareness will engage in more cyber protection behaviors.
H4: Cyber security awareness will serve as a mediator between cyber knowledge and cyber protection, i.e., individuals with greater cyber knowledge will be more aware of potential cyber hazards and, therefore, exhibit more cyber protection beha- vior than individuals who lack the needed levels of awareness or knowledge.
The study model is provided in Figure 1.
To the best of our knowledge, this is the first study to compare internet user behaviors and level of cyber security awareness and knowledge in the four selected countries based on their GDP differences. It is important to note that the research was conducted on a student sample. Even so, the study findings may stimulate follow-up research on the effec- tiveness of cyber security training programs in similar coun- tries with a wider sample of respondents.
3. Material and methods
A paper-based survey was distributed to cohorts of under- graduate and graduate students. In each country, the subjects were located through convenience sampling, with the assis- tance of the relevant department in the university. Since different disciplines require varying levels of cyber knowledge, we have chosen to focus on Management and/or Business Administration departments as a baseline for our comparison. All the students majored in Management and Business Administration. These included BA students in the depart- ment of Economics and Business Administration at Ariel University in (n = 89) and in the department of Business Administration at Lublin University in Poland (n = 182). BA and MBA students at the school of Business Administration from Celje (ISSBS) in Slovenia (n = 35) also filled out surveys, and data from a sample in Turkey (n = 153) was adjusted to the data of the other countries. Overall, the sample included 459 subjects who participated in the survey: 52% were female and 48% were male. Ten percent of the subjects declared that they were studying in a full-time pro- gram, whereas 58% stated that they worked a part-time job. The rest of the subjects (32%) declined to answer. Sixty percent were enrolled in their first degree (BA), 30% in their second degree (MBA), and 10% in their PhD. Detailed information for each country appears in Appendix A.
To provide a theoretical framework, we developed a questionnaire that included several questions aimed to test global familiarity of the subjects with cyber security issues as well as, specifically, level of awareness of cyber security risks. To develop the questionnaire, we used face validity. As such, the measurements were developed by a research team, most of whom are experts in cyber education. The team formulated several questions to capture the level of cyber awareness and cyber hazard awareness, the behaviors exhibited when confronted with cyber threats and the knowledge regarding cyber, in general, and cyber-attack, in particular. After deleting redundant questions, the questionnaire was delivered to the subjects.
Activity type of cyber security defense used by the subjects was also explored. This ranged from participating in cyber security training programs to more focused cyber behaviors such as installing specific cyber security defense tools. Each respondent was also asked to report their previous cyber knowledge, internet usage, and cyber security behavior. Classification was based on three criteria: (1) level of cyber security awareness (Awareness), (2) knowledge of cyber secur- ity and threats (Knowledge), and (3) attempts to prevent cyber-attack (Behavior).
Awareness was measured with the question: “To what degree are you familiar with the term cyber security?” The item was on a scale of 4 degrees, with 1 – no knowledge to 4 – very good knowledge.
We measured respondent knowledge of several aspects of cyber security, cyber threats, and general cyber knowledge as follows:
18.104.22.168. Threats. Threats were measured by presenting respondents with different cyber security scenarios and asking them to rate the degree of threat. Threat types ranged from loss of data, loss of money, blocking access to information, etc. We measured the answers on a Likert scale that ranged from 1 – strongly disagree to 5 – strongly agree. We also measured the total amount of threats (“threats”) by calculat- ing the mean score of the different items. Therefore, the higher the total score, the higher the amount of threats that the respondents estimated during a cyber-attack.
22.214.171.124. Education awareness. We measured level of respon- dent education awareness (“edu_awareness”) by asking the extent to which their current education influenced their cyber-security awareness. This was ranked on a Likert scale, ranging from 1 – definitely not affected to 5 – strongly affected. We also measured whether students had attended IT scrutiny training (“IT_past”) on a three-level scale (1-yes, 2-no, 3-I’m not sure). We transformed this variable into a dummy variable based on attendance (“d_attendance”), with 1 – attended cyber security course or program and – other. We asked respondents about their desire to attend an IT security training program to improve cyber security aware- ness (“IT_future”) on a Likert scale that ranged from 1 – definitely not to 5 – definitely yes. We measured knowledge by asking if respondents know the difference between http and https protocol (“Recognition”) on a binary scale (1-yes, 0-no). Lastly, we measured respondent knowledge of different programs and applications such as text editor, spreadsheets, social media, etc. The answers were ranged on a Likert scale as 1 – no skill to 5 – very high skills. We also measured the total mean score for the different items (“computer_knowledge”). Higher results indicated that respondents possess more skills using computer programs and applications.
126.96.36.199. Familiarity. To measure familiarity, respondents were asked to evaluate their knowledge of cyber security issues based on a series of different items. These included internet sources, university courses, IT journals, etc. Respondents had to report if they have (1) or do not have (0) sufficient knowledge of each item. We also measured total amount of familiarity (“familiarity”) by summing responses. Therefore, the higher the result, the higher the amount of respondent familiarity with cyber security knowledge.
3.2.3. Behavioral aspects
Several questions measured the means used by the respon- dents to prevent cyber-attack situations. For the first beha- vioral variables, we presented the respondents with different information and measured their readiness to provide the information if they were asked by a digital media outlet. Items included information regarding: home address, age, e-mail password, etc. Each question was measured on a categorical scale (1-yes, 0-no). We calculated the total
saving score / loading statistics ...