An empirical study on differences between self-assessed and measured real risk in online behaviour

Authors

  • Krešimir Šolić J. J. Strossmayer University of Osijek, Faculty of Medicine, Department of Medical Statistics and Medical Informatics Josipa Huttlera 4, Osijek, Croatia
  • Robert Idlbek J. J. Strossmayer University of Osijek, Faculty of Tourism and Rural Development, Department of Computer Science Vukovarska 17, Požega, Croatia
  • Tena Velki J. J. Strossmayer University of Osijek, Faculty of Education, Department of Social Sciences Ul. Cara Hadrijana 10, Osijek, Croatia

DOI:

https://doi.org/10.32985/ijeces.15.3.8

Keywords:

information security, information system, security awareness, user behaviour

Abstract

As the leading cause of security breaches is human susceptibility to hackers' deception, the riskiness of an individual's online behaviour and low awareness regarding privacy protection significantly influence the overall security of an information system. Thus, this study aimed to compare self-assessed and measured real risk in online behaviour among online users. The additional aim was to modify the questionnaire by replacing the existing trick question about password quality with the new questions on accepting the terms and conditions. An international online Behavioral Cognitive Internet Security Questionnaire (BCISQ), validated in previous studies, was used for data collection. The examinees involved in this study were 278 students from different faculties. The results showed a relatively high level of risk in online behaviour, as 22.7% of examinees revealed their passwords. In comparison, only 10.8% read the consent statement. Students who behave in a riskier manner self-assess themselves as being significantly safer in online behaviour, which is contradictory. They also performed worse in all other examined variables. The new version of the simulation subscale, with improved internal consistency and reliability (Cronbach's Alfa=0.810), consists of only three items, which are questions used in the previous version, without adding any of the two tested trick questions. Generally, this study concludes that, on average, information security awareness is still low among online users and that even the ones realistically acting riskier believe they are acting more safely.

Downloads

Published

2024-03-19

How to Cite

[1]
K. Šolić, R. Idlbek, and T. Velki, “An empirical study on differences between self-assessed and measured real risk in online behaviour”, IJECES, vol. 15, no. 3, pp. 297-304, Mar. 2024.

Issue

Section

Original Scientific Papers