Finding the weakest links in the weakest link: how well do undergraduate students make cyber security judgment?

It has been widely recognised in the psychology of cyber security literature that ordinary users rather than technology systems are the weakest link in cyber security. The present study focused on assessing the cyber security judgment of 462 college students as a specific group of ordinary users in order to further identify specific weakest links of the weakest link. It was found that (1) the average percentage correct for cybersecurity judgement among the 462 students was 65%, (2) 104 (23%) students showed the lowest correct judgements (below 50%), (3) two of 16 cyber security items received the lowest correct judgement (below 50%), and (4) students’ correct rational judgment (64%) was not significantly higher than their correct intuitive judgement (66%).