information provided (“provide”) by summing the score of the different types of information. Therefore, the higher the score, the higher the respondent level of agreement to reveal information on the internet.
In the second behavioral variable, we showed the respon- dents different means, tools, or applications (e.g. strong pass- word or spam protection) and asked them whether they use this instrument to avoid cyberattack on a categorical scale (1-yes, 0-no). We calculated the total protection (“protection”) by summing the score of the different types of instruments. Therefore, the higher the score, the higher the level of respon- dent protection of their computer from cyberattack. We also asked a directed question regarding their knowledge in case of cyberattack (“behavioral”) on a scale from 1 – definitely no to 5 – definitely yes. Since the question measured lack of knowl- edge of how to behave, its direction was negative. The higher the response, the less knowledge they possessed in the event of a cyber-attack.
Another behavioral variable measured whether using cyber products and services made respondents feel as if their knowl- edge of cyber-attacks was forced on them or acquired by choice (“Choice”). The question was measured on a Likert scale that ranged from 1 – definitely by coercion to 5 – definitely by choice.
To measure how respondents protect their devices, we asked them to list the length of a standard account password (e-mail, social media, etc.) (“length”) and whether they use the same password (“password”) for different portals, systems, and applications on a categorical scale (1-yes, 0-no). We also asked respondents to describe their behaviors when finishing up work on their computer. Presented with individual activ- ities such as shutting down or locking their computer, they were requested to confirm if they engaged in (1) or did not engage in (0) these behaviors. We measured a total score for each respondent such that the higher the results, the more the subjects ensured their computer was safe (“finish”).
3.2.4. Characteristics of the sample
We measured gender (male – 1, female – 0), years of study (1 – no academic background to 6 – PhD student), type of study (1 – part time, – full time) and country (1 –, 2 – Poland, 3 – Slovenia, 4 – Turkey).
The questionnaire was uploaded to the internet for the respondents from the four tested countries. The authors dis- tributed the site link to the respondents in class during the academic year of 2017. The questionnaire was in English, although for Turkish students the English version was trans- lated into Turkish.
Descriptive analysis was initially conducted to capture level of awareness, knowledge, and behaviors toward cyber- attacks. The results of the means and standard deviation scores for the total countries and each country individually are presented in Appendix B. The results from the total respondent answers indicated high familiarity with the term “cyber-security” – either through the internet (81%), social media (60%), conversations with friends and traditional media (45%), classes at the university (29%), IT journals (21%), and/or scientific journals (15%). Only 9% reported having personal experience with cyber-attacks. Respondents also agreed that cyber-attacks could cause damage in multiple arenas. Their main cyber-attack concerns were violation of privacy (M = 4.20), loss of data (M = 4.17), spying on private citizens (M = 4.14), loss of money (M = 4.13), spying on organizations (M = 4.12), and potential role in terror attacks (M = 4.11), among others. On the other hand, they did not feel that cyber-attacks block access to information (M = 1.78).
In parallel with high cyberattack awareness, respondents avoid disclosure of sensitive information on the web, espe- cially e-mail passwords (M = 1.77), ID number (M = 1.81), home address (M = 2.19), social network login (M = 2.02), and phone number (M2.15). Their only readiness was to provide their age (M = 3.34). Other positive respondent cyber security habits include using strong password (85%), installing antivirus software (75%), regular data backup (61%), frequent password changes, and updating software (approxi- mately 56%). On the other hand, only 45% used spam protec- tion, 35% avoided using a public computer, and just 15% performed computer security audits. When asking about the means they use to protect their instrument from 11 threat options, respondents used five protection tools on average. About 56% of respondents used the same password for dif- ferent applications and usages, with average password length of six characters. Lastly, only two protection behaviors were conducted at the end of usage: logging off all programs (51%) and shutting off the computer (66%). Therefore, respondent behavior indicated a discrepancy between awareness and amount of activities used to protect themselves from cyber- attacks.
This gap may be attributed to participant knowledge. Based on self-evaluation of skills and knowledge, the results indi- cated that respondents reported having sufficient knowledge (M = 3.33) especially of e-mail (M = 4.02), computer applica- tions (M = 3.97), web browsers (M = 3.98), smartphone (M = 3.93), and social networks (M = 3.92). They felt less secure about web page development (M = 2.42), application devel- opment environments (M = 2.44), network architecture (M = 2.77), and computer architecture (M = 2.90). Judging their knowledge of IT security, most respondents never attended an IT security training program in the past (around 66%), but were willing to participate in this kind of training in the future (M = 3.68). Even so, we need to treat this readiness with caution, since results may suggest a social desirability bias. That is, respondents may feel more obligated to participate in future training after having a host of cyber threats pointed out to them. Indeed, when asked about their behaviors, only 11% reported taking part in cyber security courses.
We also conducted a correlation analysis to detect multi- collinearity between the dependent and independent variables that were later included in the regression analysis. We entered country of residence as the dummy variable (, d_Poland, d_Slovenia and d_Turkey), indicating 1 – for the subject living in that country, – any other country. The results appear in Table 1.
The result shows that the variables did not display multi- collinearity. Interestingly, we found that all the countries showed negative, yet significant, correlation. This indicates that subjects showed unique country-specific behaviors, although the highest levels of difference were between subjects living in Turkey and Poland (r = −.573, p < .001).
4.1. Connection between cyber knowledge and awareness
The connection between previous cyber knowledge and level of cyber security awareness was analyzed controlling for respon- dent country of residence and gender. Three steps were applied in the multiple hierarchical regression. In the first step, we entered country as dummy variables (, d_Poland and d_Slovenia), with Turkey as the comparison country. Gender was included in the second step, and in the last step, we entered the different knowledge variables. Table 2 shows the results of the multiple hierarchical regression analyses.
In the first step, respondent country type explained 7.4% of variance in awareness of cyber-attack (R2 = 0.74, F(3,454) = 13.03,
p < .01). While Turkey had a significant and positive connection to awareness (α = 2.654, p < .01), both (β = −.139, p < .01) and Poland (β = −.315, p < .01) were negatively associated with cyber- attack awareness. That is, levels of awareness in and Poland were lower compared to other countries. Entering gender into the regression analysis added a significant contribution of 3% to the level of awareness (R2 = 0.10, F (4,453) = 13.72, p < .01). Based on the direction of the coefficient, males were found to have more awareness of cyber-attacks compared to females. The last regres- sion step indicated that cyber knowledge added another 16% to total variance over netizens country of residence and the gender of respondents (R2 = .26, F(8,449) = 20.92, p < .01). Education awareness (Edu_awareness) was positively associated with aware- ness (β = .143, p < .01), meaning that respondents who felt that their current education influenced their awareness to cyber- security also felt higher awareness toward this hazard. Understanding the differences between http and https protocol (Recognition) was associated with higher amount of cyber-attack awareness (β = 0.11, p < .05). Lastly, extensive knowledge of different aspects of computer usage and applications was also positively connected to more awareness of cyber-attacks (β = 0.28, p < .01). Therefore, the results suggest that knowledge of the cyber world and security problems is associated with more awareness of the phenomenon of cyber-attacks, supporting the first hypothesis.
Models 2 to 7 focused on the netizen country of residence as a moderator in the connection between cyber knowledge and cyber awareness. The interaction was significant for two variables: recognition and computer knowledge. For the recog- nition variable, the interaction among respondents was significant (β = .125, p < .05), meaning that respondents who recognize differences between http and https protocol and live in exhibited a higher awareness of cyber-attacks com- pared to people living outside with the same knowledge. The opposite was found with respondents with no recognition of differences between http and https protocol. The group that lives in was characterized by the lowest awareness compared to all other groups and students who live outside.
saving score / loading statistics ...