Abstract
With the increased use of computers and network systems in a time of digitalization, the digital connectedness frames our daily life at work and at home. To ensure secure systems, all computer users should safely interact with these systems. Prior research indicates insufficient cybersecurity awareness of home computer users who are also difficult to reach as they are not necessarily part of organizational structures. This study therefore investigates organizational, social and personal determinants of an individual’s cybersecurity awareness and its influence on cybersecurity behavior in the home environment, using partial least squares structural equation modeling based on survey data. The results show a low influence of the workplace and weak social influences, while the study confirms a significant effect of personal initiative and a strong effect of information systems knowledge on an individual’s cybersecurity awareness. The results suggest that security strategies aimed at the general public should focus on improving the knowledge and understanding instead of making fear. The study provides valuable insights about cybersecurity awareness and its determinants contributing to the field of research. The findings can be used for reviewing cybersecurity strategies.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The trends of digitalization and increased interconnectedness have reached most areas of the daily life. These trends enhance the risk of cyber threats such as cybercrime or system failure. Computer users’ interactions with such systems are critical to preserving a safe cyber environment as many of them do not possess a deep understanding of computers or cyber threats [2, 27, 31, 39]. While the management of cybersecurity has started in businesses, home users are often not aware of their responsibility [14, 41]. Additionally, it demands the user’s initiative to act secure [2, 29]. The loosening of structures and decentralization, for example in smart grids [21] or with mobile working [7], call for safe user behavior in the home environment. Many studies have been conducted in the work context [7, 12, 18, 25, 33, 38], the home user though has not received the same attention in research. Therefore, the present study aims to understand what factors influence a user’s decision making for a safe (or unsafe) cyber behavior and to grasp what sources of information impact a computer user’s cybersecurity awareness in his home environment.
The next section presents the theoretical background and the research model developed. In Sect. 3, the methodology used is presented, while the results of the analysis are listed in Sect. 4. A discussion of the findings (Sect. 5) and a conclusion (Sect. 6) round off this paper.
2 Theoretical Background and Research Model
A home computer user can learn about cybersecurity from various sources. The workplace of a user can function as a source by providing knowledge that the user might transfer to his home environment. Many organizations distribute security policies [18, 25] or provide security training and awareness programs [12, 18, 41] explaining the correct use and interaction with computers and systems connected to the Web covering topics such as password management or phishing. Two streams differentiate how such security measures are implemented. While some authors suggest following the deterrence approach by creating fear-based campaigns [12, 22], other researchers call for skills-based measures [18, 24, 39]. An all-encompassing approach towards cybersecurity in organizations is the promotion of an information security culture. According to [37], an information security culture should change employees’ values in order to promote an intrinsic motivation for safe cyber behavior. As an intangible concept, information security culture has an impact on security awareness [34] but is in return nurtured through awareness [11, 38]. In line with this, it is assumed that policy provision, security training and an information security culture at the workplace influence the cybersecurity awareness of a home computer user. The corresponding hypotheses are:
H1a: Information Security Policy Provision (ISPP) in the individual’s workplace is positively related to the individual’s Cybersecurity Awareness (CSA).
H1b: Security Training and Awareness Programs (SETA) in the individual’s workplace is positively related to the individual’s Cybersecurity Awareness.
H1c: Information Security Culture (ISC) in the individual’s workplace is positively related to the individual’s Cybersecurity Awareness.
More informal determinants of a user’s cybersecurity awareness can be found in the social environment of a home computer user. Especially since consequences of cybersecurity incidents are not always visible directly or at anytime, stories told by friends and family can act as vicarious examples and enhance a social learning process for cybersecurity issues [5, 23, 31].
International guidelines such as from the OECD [30] or national cybersecurity strategies target the society and thus include home computer users. It remains difficult though to reach out to those who are in loosely coupled structures [43]. Information provided by the public administration or reports distributed by the mass media can highlight the importance of cybersecurity and deliver security advice [18, 29, 31].
H2a: Family and Friends Influence (FFI) is positively related to the individual’s Cybersecurity Awareness.
H2b: Mass Media Influence (MMI) is positively related to the individual’s Cybersecurity Awareness.
H2c: Public Administration Information (PAI) is positively related to the individual’s Cybersecurity Awareness.
Compared to the work environment, a home user is required to be self-initiative to learn about cybersecurity topics and take security-enhancing actions [2, 29, 39]. Being someone generally showing personal initiative is thus assumed to have a positive effect on awareness. In this context, having previous information systems knowledge is expected to be a strong determinant of cybersecurity awareness [14, 18, 31].
H3a: Personal Initiative (PI) is positively related to the individual’s Cybersecurity Awareness.
H3b: Information Systems Knowledge (ISK) is positively related to the individual’s Cybersecurity Awareness.
Understanding an individual’s behavior or the factors influencing a decision to act are hard to grasp. Behavioral models such as the Theory of Planned Behavior [1] or the Protection Motivation Theory [35, 36] have been developed to investigate the cognitive processes involved. In the Protection Motivation Theory, the threat appraisal and the coping appraisal represent the two sides of the mediating process of an individual’s intention to protect something (or someone) from a threat [36, 44]. Originally used for investigating health-related fears, the components of the model have been used to study cybersecurity fears many times [2, 17, 28, 39, 45]. Perceived vulnerability and perceived severity are elements of the threat appraisal, while perceived self-efficacy, perceived response efficacy and perceived costs constitute the coping appraisal. In the context of cybersecurity, the elements represent the understanding of a threat and the mental process an individual goes through before deciding to behave securely or not and therefore represent the construct of cybersecurity awareness (H5a-e).
H4: Cybersecurity Awareness is positively related to the individual’s Cybersecurity Behavior (CSB).
Figure 1 shows the research model summarizing the organizational, social and personal determinants, the multi-dimensional construct of cybersecurity awareness and cybersecurity behavior (for details, see [40]).
Research model
3 Methodology
This study draws on common methods in the domain of cybersecurity awareness and behavior research [2, 18, 29, 39]. For the data collection, a survey was conducted, while the data analysis was performed with partial least squares structural equation modeling. Details about the analysis are given in Sect. 4.
The data collection process encompassed a self-report online questionnaire that was implemented via SoSci Survey, a Germany-based web tool for conducting online questionnaires [26]. Although using self-reported data can provoke a social desirability bias [8, 9], it allows to capture the respondents’ cognitive process [4] which was essential for this study. By allowing an anonymous completion of the questionnaire for which the respondent was not required to leave his familiar environment, the risk for social desirability bias was reduced [8].
The survey was sent out to employees of various organizations in Switzerland. This mode of distribution was chosen to ensure that participants work, which was necessary for being able to investigate the influence of the workplace. Organizations contacted are located in the French-, German- and Italian-speaking parts of Switzerland and are active in areas such as educational, health and social, IT-related businesses or public transport. The questionnaire was made available in German, English and French.
After a data collection of about five weeks, a total number of 562 participants started the questionnaire. Removing the unfinished cases and the records with more than 15% of missing data, suspicious response patterns and outliers as suggested by [16] results in 456 cases used for further analysis. Mean-value replacement is applied for the remaining missing data. Table 1 shows some demographic characteristics of the participants. A more detailed discussion of the sample can be found in [40].
The survey is organized in eight sections covering the personal, social and organizational determinants, the variables constituting cybersecurity awareness, the construct of cybersecurity behavior as well as additional demographic questions such as age, gender or language region. This results in a total number of 53 items, all constructed as closed questions, corresponding to statements to which respondents indicate their level of agreement on a 5-point Likert scale. For three items, different minimum and maximum values are used.
The measures for the fourteen constructs are all adapted from previously validated constructs. A pretest was conducted to ensure the comprehensibility of the questionnaire. Some items were reworded and others exchanged before being subject of a second pretest. A general approach on cybersecurity actions was chosen to get an all-encompassing point of view and to avoid technology dependency and thus facilitate the repeatability of the study.
Information Security Culture, Friends and Family Influence, Information Systems Knowledge are considered reflective. The remaining constructs, Information Security Policy Provision, Security Training and Awareness Programs, Mass Media Influence, Public Administration Information, Personal Initiative as well as Cybersecurity Behavior are considered formative. Cybersecurity Awareness is constructed as a reflective-formative second-order construct composed of the first-order constructs Perceived Vulnerability, Perceived Severity, Perceived Self-Efficacy, Perceived Response Efficacy and Perceived Costs. All constructs and the corresponding items in their final version can be found in Table 5 in the Appendix.
4 Analysis and Results
The model was analyzed with partial least squares structural equation modeling using the software SmartPLS 3.2.5 [32]. The analysis encompasses a first step of assessing the measurement models and a second step of evaluating the structural model. The analysis was conducted by following the guidelines proposed by [15] and [16]. For significance testing, 5000 bootstrap samples were used. Additionally, a mediation analysis was performed to investigate the awareness’ mediating role.
4.1 Measurement Model Assessment
The proposed research model includes formative and reflective constructs, which require a different assessment. For reflective constructs, internal consistency and indicator reliability and the average variance extracted (AVE) are used to verify convergent validity. A composite reliability (CR) value between 0.7 and 0.9 indicates internal consistency reliability, higher values suggest high item similarity [16]. For the AVE, values above 0.5 are desired. Indicator reliability is assessed with the outer loading (OL) of the items, which indicate the strength of the path and should exhibit values above 0.7. Items with an outer loading between 0.4 and 0.7 can be kept in the model, while indicators with a lower loading should be removed [16]. All values are in the accepted ranges, except for Information Systems Knowledge that exhibits values above the desired values (see Table 2). Discriminant validity is assessed with the HTMT criterion as suggested by [15, 19]. As all values are below 0.85, discriminant validity is established between all latent variables (see Table 3)
Formative constructs are assessed by looking at the variance inflation factor (VIF) for collinearity issues and the relative importance of each indicator. VIF values should be below five for all indicators. The items should exhibit significant outer weight or, if not, manifest outer loadings above 0.5. Indicators should be removed if neither the outer loading nor the outer weight is significant. The values are shown in Table 2. The items MMI3 and PAI3 were removed for further analyses. The reflective-formative second-order construct Cybersecurity Awareness is evaluated in the same manner.
4.2 Structural Model Assessment
The structural model should exhibit no collinearity issues, indicated with VIF values below five, which is the case for all latent variables in the model. Estimated path coefficients that take on values between −1 and +1 indicate positive and negative effects one latent construct has on another. In the proposed model, except for the paths from Information Security Culture and Security Training and Awareness Programs to Cybersecurity Awareness, all coefficients are significant but exhibit great differences in strength. Information Systems Knowledge has the strongest effect on Cybersecurity Awareness, while the other exogenous variables show low to moderate effects (see Fig. 2). The path coefficient from Cybersecurity Awareness to Cybersecurity Behavior exhibits a moderate effect. The \(R^{2}\) values for Cybersecurity Awareness and Cybersecurity Behavior indicate moderate explanation of the endogenous variables through the exogenous constructs. By performing multi-group analyses (PLS-MGA [20]), differences for users of different gender or language groups can be found. While women are influenced by Mass Media but not by Public Administration Information, it is the other way around for men (men: P\(_{\text {PAI}-> \text {CSA}}\) = 0.159, p = 0.008, P\(_{\text {MMI}-> \text {CSA}}\) = 0.003, p = 0.467; women: P\(_{\text {PAI}-> \text {CSA}}\) = −0.005, p = 0.44, P\(_{\text {MMI}-> \text {CSA}}\) = 0.171, p = 0.004). When comparing the German- and French-speaking people’s influences, the German-speaking are influenced by Security Training and Awareness Programs and Public Administration Information, while the French-speaking are not influenced (DE: P\(_{\text {PAI}-> \text {CSA}}\) = 0.180, p = 0.008; FR: P\(_{\text {PAI}-> \text {CSA}}\) = 0.030, p = 0.228; DE: P\(_{\text {SETA}-> \text {CSA}}\) = 0.142, p = 0.041; FR: P\(_{\text {SETA}-> \text {CSA}}\) = −0.072, p = 0.057). Moreover, the awareness of people who have experienced a cybersecurity incident in the past year (NEX) is significantly influenced by Mass Media Influence, whereas people with no bad experiences are not influenced (NEX: P\(_{\text {MMI}-> \text {CSA}}\) = 0.200, p = 0.010; no NEX: P\(_{\text {MMI}-> \text {CSA}}\) = 0.016, p = 0.445).
4.3 Mediation Analysis
In order to evaluate the role of cybersecurity awareness as a mediator between the determinants and cybersecurity behavior, a mediation analysis was performed following the guidelines proposed by [46]. The evaluation includes looking at direct and indirect effects from the exogenous variables to the endogenous variable. Table 4 shows the results of the analysis. The results suggest Cybersecurity Awareness is only a full or partial mediator for Information Security Policy Provision, Friends and Family Influence, Personal Initiative and Information Systems Knowledge, while other variables only have a direct (SETA, MMI) or no effect (ISC, PAI) on Cybersecurity Behavior.
Results - structural model evaluation
5 Discussion and Implications
The results of this study show diverse levels of impact of organizational, social and personal determinants on a user’s cybersecurity awareness in his home environment. The main findings are:
-
Weak influence of the workplace
-
Weak to moderate social influences
-
Personal initiative has a significant effect
-
Strongest effect of information systems knowledge
-
No significant contribution of threat appraisal to cybersecurity awareness
The limited workplace effects are in line with other studies [31, 39]. It is not evident if security training and the information security culture are prevalent but not transferrable to the home environment or if they cannot be found. Mass media and public administration information exhibit disparate effects for men and women and for people who have experienced cybersecurity incidents in the past year. People from the different language groups react differently to various sources of information, emphasizing a potential cultural gap in how cybersecurity topics are handled and perceived in different cultural regions. The strong influence of information systems skills as well as the fact that the threat appraisal does not significantly contribute to cybersecurity awareness highlight the need for campaigns focusing in improving skills and understanding, confirming results of similar studies [17, 39, 45].
As with other studies, there are some limitations. The study relies on self-report data, which might contain a social desirability bias [10]. Additionally, the PLS-SEM method allows no goodness-of-fit measure for evaluating the fit of the model and the path estimation contains a measurement error resulting in a bias [16]. Although the sample exhibits a good balance of gender and age, works in diverse job areas, most participants work in the public sector. The influence of the workplace could be different in the private or voluntary sector.
While this study kept a generalized approach on most variables to ensure a holistic view, different types of mass media or the form of security information provided at the workplace should also be researched individually as they might lead to distinct user reactions as shown in [29, 39]. Moreover, in order to create individualized and adapted campaigns, cultural differences should be investigated more closely. Considering the high potential in reaching broad masses of people, future research should investigate the reasons that inhibit a transfer of work-provided cybersecurity information to the private environment.
6 Conclusion
The human interaction with computer systems becomes increasingly important considering current trends in digitalization. This study investigates organizational, social and personal determinants of a home computer user’s cybersecurity awareness and the factors impacting behavior. By providing valuable insights about cybersecurity awareness and behavior creation, the study contributes to research in the field of cybersecurity behavior and can act as a support for security practitioners while reviewing security strategies.
References
Ajzen, I.: From intentions to actions: a theory of planned behavior. In: Kuhl, J., Beckmann, J. (eds.) Action Control. SSSSP, pp. 11–39. Springer, Heidelberg (1985). https://doi.org/10.1007/978-3-642-69746-3_2
Anderson, C.L., Agarwal, R.: Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS Q. 34(3), 613–643 (2010). https://doi.org/10.2307/25750694
Anwar, M., He, W., Ash, I., Yuan, X., Li, L., Xu, L.: Gender difference and employees’ cybersecurity behaviors. Comput. Hum. Behav. 69, 437–443 (2017). https://doi.org/10.1016/j.chb.2016.12.040
Baldwin, W.: Information no one else knows: the value of self-report. In: Stone, A., Bachrach, C., Jobe, J., Kurtzman, H., Cain, V. (eds.) The Science of Self-report, 1st edn, pp. 15–20. Psychology Press, Mahwah (1999)
Bandura, A.: Social Learning Theory. General Learning Press, New York, NY (1971)
Belanche Gracia, D., Casaló Ariño, L., Flavián Blanco, C.: Understanding the influence of social information sources on e-government adoption. Inf. Res. 17(3) (2012)
Blythe, J.: Cyber security in the workplace: Understanding and promoting behaviour change. In: Proceedings of CHItaly 2013 Doctoral Consortium, vol. 1065, pp. 92–101 (2013)
Bortz, J., Döring, N.: Forschungsmethoden und Evaluation für Human-und Sozialwissenschaftler, 4th edn. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-540-33306-7
Crossler, R.E.: Protection motivation theory: understanding determinants to backing up personal data. In: 2010 43rd Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2010). https://doi.org/10.1109/HICSS.2010.311
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90–101 (2013). https://doi.org/10.1016/j.cose.2012.09.010, http://www.sciencedirect.com/science/article/pii/S0167404812001460
Da Veiga, A., Eloff, J.H.: A framework and assessment instrument for information security culture. Comput. Secur. 29(2), 196–207 (2010). https://doi.org/10.1016/j.cose.2009.09.002
D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20(1), 79–98 (2009). https://doi.org/10.1287/isre.1070.0160
Frese, M., Fay, D., Hilburger, T., Leng, K., Tag, A.: The concept of personal initiative: operationalization, reliability and validity in two German samples. J. Occup. Organ. Psychol. 70(2), 139–161 (1997). https://doi.org/10.1111/j.2044-8325.1997.tb00639.x
Furnell, S., Bryant, P., Phippen, A.: Assessing the security perceptions of personal internet users. Comput. Secur. 26(5), 410–417 (2007). https://doi.org/10.1016/j.cose.2007.03.001
Hair, J., Hollingsworth, C.L., Randolph, A.B., Chong, A.Y.L.: An updated and expanded assessment of PLS-SEM in information systems research. Ind. Manag. Data Syst. 117(3), 442–458 (2017). https://doi.org/10.1108/IMDS-04-2016-0130
Hair, J.F., Hult, T., Ringle, C., Sarstedt, M.: A Primer on Partial Least Squares Structural Equation Modeling, 2nd edn. Sage, Thousand Oaks (2017)
Hanus, B., Wu, Y.A.: Impact of users’ security awareness on desktop security behavior: a protection motivation theory perspective. Inf. Syst. Manag. 33(1), 2–16 (2016). https://doi.org/10.1080/10580530.2015.1117842
Häussinger, F.J., Kranz, J.J.: Information security awareness: its antecedents and mediating effects on security compliant behavior. In: International Conference on Information Systems (ICIS) (2013)
Henseler, J., Ringle, C.M., Sarstedt, M.: A new criterion for assessing discriminant validity in variance-based structural equation modeling. J. Acad. Mark. Sci. 43(1), 115–135 (2015). https://doi.org/10.1007/s11747-014-0403-8
Henseler, J., Ringle, C.M., Sinkovics, R.R.: The use of partial least squares path modeling in international marketing. In: Sinkovics, R.R., Ghauri, P.N. (eds.) New Challenges to International Marketing, vol. 20, pp. 277–319. Emerald Group Publishing Limited (2009). https://doi.org/10.1108/S1474-7979(2009)0000020014
Hertig, Y., Teufel, S.: Prosumer communities: electricity as an interpersonal construct. In: 2016 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE), pp. 89–94. IEEE (2016). https://doi.org/10.1109/ICSGCE.2016.7876032
Hickmann Klein, R., Mezzomo Luciano, E.: What influences information security behavior? A study with Brazilian users. JISTEM - J. Inf. Syst. Technol. Manag. 13(3), 479–496 (2016). https://doi.org/10.4301/s1807-17752016000300007
Howe, A.E., Ray, I., Roberts, M., Urbanska, M., Byrne, Z.: The psychology of security for the home computer user. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 209–223. IEEE (2012). https://doi.org/10.1109/SP.2012.23
Kajtazi, M., Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Assessing sunk cost effect on employees’ intentions to violate information security policies in organizations. In: 2014 47th Hawaii International Conference on System Sciences (HICSS), pp. 3169–3177. IEEE (2014). https://doi.org/10.1109/HICSS.2014.393
Ki-Aries, D., Faily, S.: Persona-centred information security awareness. Comput. Secur. 70, 663–674 (2017). https://doi.org/10.1016/j.cose.2017.08.001
Leiner, D.J.: Sosci survey (version 3.1.01-i) [computer software] (2018). http://www.soscisurvey.com
Muhirwe, J., White, N.: Cybersecurity awareness and practice of next generation corporate technology users. Issues Inf. Syst. 17(2), 183–192 (2016)
Ng, B.Y., Kankanhalli, A., Xu, Y.C.: Studying users’ computer security behavior: a health belief perspective. Decis. Support. Syst. 46(4), 815–825 (2009). https://doi.org/10.1016/j.dss.2008.11.010
Ng, B.Y., Rahim, M.: A socio-behavioral study of home computer users’ intention to practice security. In: PACIS 2005 Proceedings, pp. 234–247 (2005)
Organisation for Economic Co-operation and Development: OECD guidelines for the security of information systems and networks: Towards a culture of security (2002). http://www.oecd.org/sti/ieconomy/15582260.pdf
Rader, E., Wash, R.: Identifying patterns in informal sources of security information. J. Cybersecur. 1(1), 121–144 (2015). https://doi.org/10.1093/cybsec/tyv008
Ringle, C.M., Wende, S., Becker, J.M.: Smartpls 3 (version 3.2.5) [computer software] (2015). http://www.smartpls.com
Rocha Flores, W., Antonsen, E., Ekstedt, M.: Information security knowledge sharing in organizations: investigating the effect of behavioral information security governance and national culture. Comput. Secur. 43, 90–110 (2014). https://doi.org/10.1016/j.cose.2014.03.004
Rocha Flores, W., Ekstedt, M.: Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Comput. Secur. 59, 26–44 (2016). https://doi.org/10.1016/j.cose.2016.01.004
Rogers, R.W.: A protection motivation theory of fear appeals and attitude change1. J. Psychol.: Interdiscip. Appl. 91(1), 93–114 (1975). https://doi.org/10.1080/00223980.1975.9915803
Rogers, R.W.: Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation. In: Cacioppo, J.T., Petty, R. (eds.) Social Psychophysiology: A Sourcebook, chap. 6, pp. 153–177. Guilford, New York (1983)
Schlienger, T., Teufel, S.: Information security culture. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the Information Society. IAICT, vol. 86, pp. 191–201. Springer, Boston, MA (2002). https://doi.org/10.1007/978-0-387-35586-3_15
Sherif, E., Furnell, S., Clarke, N.: Awareness, behaviour and culture: the ABC in cultivating security compliance. In: The 10th International Conference for Internet Technology and Secured Transactions (ICITST-2015), pp. 90–94. IEEE (2015). https://doi.org/10.1109/ICITST.2015.7412064
Shillair, R., Dutton, W.H.: Supporting a cybersecurity mindset: getting internet users into the cat and mouse game. SSRN Electron. J. (2016). https://doi.org/10.2139/ssrn.2756736
Simonet, J.: The Influence of Organizational, Social and Personal Factors on Cybersecurity Awareness and Behavior of Home Computer Users. Master’s thesis, iimt, University of Fribourg (2018)
Talib, S., Clarke, N.L., Furnell, S.M.: An analysis of information security awareness within home and work environments. In: ARES 2010 International Conference on Availability, Reliability, and Security, pp. 196–203. IEEE (2010). https://doi.org/10.1109/ARES.2010.27
Taylor, S., Todd, P.A.: Understanding information technology usage: a test of competing models. Inf. Syst. Res. 6(2), 144–176 (1995). https://doi.org/10.1287/isre.6.2.144
Teufel, S., Teufel, B.: Crowd energy information security culture - security guidelines for smart environments. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity), pp. 123–128 (2015). https://doi.org/10.1109/SmartCity.2015.58
Weinstein, N.D.: Testing four competing theories of health-protective behavior. Health Psychol. 12(4), 324–333 (1993). https://doi.org/10.1037//0278-6133.12.4.324
Woon, I., Tan, G., Low, R.: A protection motivation theory approach to home wireless security. In: Proceedings of the Twenty-Sixth International Conference on Information Systems (ICIS), pp. 367–380 (2005)
Zhao, X., Lynch, J., Chen, Q.: Reconsidering Baron and Kenny: myths and truths about mediation analysis. J. Consum. Res. 37(2), 197–206 (2010). https://doi.org/10.1086/651257
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2019 IFIP International Federation for Information Processing
About this paper
Cite this paper
Simonet, J., Teufel, S. (2019). The Influence of Organizational, Social and Personal Factors on Cybersecurity Awareness and Behavior of Home Computer Users. In: Dhillon, G., Karlsson, F., Hedström, K., Zúquete, A. (eds) ICT Systems Security and Privacy Protection. SEC 2019. IFIP Advances in Information and Communication Technology, vol 562. Springer, Cham. https://doi.org/10.1007/978-3-030-22312-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-22312-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22311-3
Online ISBN: 978-3-030-22312-0
eBook Packages: Computer ScienceComputer Science (R0)
