An empirical study on differences between self-assessed and measured real risk in online behaviour

Abstract

As the leading cause of security breaches is human susceptibility to hackers' deception, the riskiness of an individual's online behaviour and low awareness regarding privacy protection significantly influence the overall security of an information system. Thus, this study aimed to compare self-assessed and measured real risk in online behaviour among online users. The additional aim was to modify the questionnaire by replacing the existing trick question about password quality with the new questions on accepting the terms and conditions. An international online Behavioral Cognitive Internet Security Questionnaire (BCISQ), validated in previous studies, was used for data collection. The examinees involved in this study were 278 students from different faculties. The results showed a relatively high level of risk in online behaviour, as 22.7% of examinees revealed their passwords. In comparison, only 10.8% read the consent statement. Students who behave in a riskier manner self-assess themselves as being significantly safer in online behaviour, which is contradictory. They also performed worse in all other examined variables. The new version of the simulation subscale, with improved internal consistency and reliability (Cronbach's Alfa=0.810), consists of only three items, which are questions used in the previous version, without adding any of the two tested trick questions. Generally, this study concludes that, on average, information security awareness is still low among online users and that even the ones realistically acting riskier believe they are acting more safely.