Perceived vulnerability as a determinant of increased risk for cyber security risk behavior

There is interest in better understanding people’s cybersecurity (CS)-related attitudes and behaviors, which are ultimately impacted by their perceived vulnerability to CS risks. This study sought to examine the information security attitudes and behaviors that contribute to perceived CS vulnerability. A convenience sample of 612 college students sampled from two public universities in the United States completed a brief demographic survey and the Online Security Behavior and Beliefs Questionnaire. The instrument demonstrated good internal reliability with an index of perceived vulnerability significantly and positively correlating with multiple subscales. Linear regression indicated subscales that tended to focus more on one’s inner belief that he or she is capable and competent enough to understand the nature of CS risks was predictive of perceived vulnerability, potentially resulting from a social desirability response bias which yielded an overly favorable self-report. PMT suggests that knowledge is an essential factor influencing decision making and results of this study suggest that perceived vulnerability may depend upon the appraisal of experience more so than one’s actual knowledge or competence.