Abstract

     Cyber-security behavior research is scant with even scarce studies carried out in developing countries. We examine the cyber-security and risky Internet behaviors of undergraduate students from Pakistan, taking into account the diversity of these students in terms of demographics, socioeconomic status, and the digital divide. Data were collected using a survey questionnaire. A total of 294 students belonging to six different cities of Pakistan were surveyed employing multistage stratified sampling in face-to-face interaction. The results indicated significant differences of cyber-security posture in terms of gender, age and digital divide variables. The profiles of students based on cyber-security and risky Internet behaviors indicate three groups with a majority of them falling into group that exhibits more risk-averse yet low cyber-security behavior. Moreover, proactive cyber-security awareness behavior has a positive impact on high risk-averse behavior. The implications of the findings are studied in terms of providing customized training and awareness. The future directions are laid out for further explorations in terms of cultural differences within and cross-country contexts.

Introduction

     In the wake of globalization and the complex integration of Information Systems with Information and Communication Technologies (ICTs), cyber-security constitutes an important place. Cyber-security has been defined as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets” (Alahmari and Duncan 2020). Cyber-security being relatively a nascent area of research (Lowry et al. 2017), complex individual behaviors have caught the attention of researchers only recently (Schneier 2015). Cyber-criminals exploit the weak security behavior of individuals to carry out different cyber-crimes. Literature is replete in prescribing technical hardware-software controls to safeguard assets from security threats and consequent breaches (Schneier 2015). Never-the-less, complete reliance on technical cyber-security solutions has been considered insufficient (Abawajy 2014) and various studies are emphasizing the role of non-technical cyber-security interventions in deterring security breaches (Bulgurcu et al. 2010; Haeussinger and Kranz 2013). According to a study within the field of cyber-security research, only 4% of the literature deals with behavioral studies (Gillam and Foster 2020). Moreover, most of the studies from cyber-security behavioral research are from developed countries.

Conclusion

     The confluence of technical and behavioral solutions establishes the required cyber-security in any organization. With the dearth of behavioral evidence in organizations specifically tertiary institutes, this study explores the cyber-security behavior of students in a developing country context. Our study augments previous studies by using a valid and comparatively smaller instrument and exploring in terms of socio-demographics and digital divide variables and by constructing profiles of students based on their risky and cyber-security behaviors. The study was conducted on undergraduate students and significant differences in cyber-security and risky behavior were reported for gender, age, and frequency of Internet access. The findings from this study are the result of the participant pool derived through a stratified multistage sampling strategy thus supporting external validity. The cyber-security behavior of participants from tertiary institutes paralleled with previous studies. New insights were brought to light in contrast to previous studies regarding the cyber-security posture of undergraduate students. Given the dearth of similar studies, our findings add solution evidence to the inexorably growing cyber-security problem space. The results of our study and the statistical processing lay a solid foundation for those who are looking for further scholarship. The practical application of this study calls for tailored cyber-security trainings keeping gender, age, digital divide variables and participants’ high risky-low cyber-security profiles in mind. Further, establishing the effectiveness of customized training programs before their implementation holds promise for efficient utilization of meager resources kept for cyber-security intervention in developing countries.