Measuring Cybersecurity Awareness of Students: a Study of State College Students
DOI:
https://doi.org/10.70715/jitcai.2025.v2.i3.030Keywords:
Cybersecurity Awareness (CSA), Cybersecurity, Awareness, behaviorAbstract
This study investigates the level of cybersecurity awareness and online security behavior among State College students, utilizing a 54-item structured questionnaire. The survey was administered online via Microsoft Forms over a period of 204 days, yielding 135 responses, of which 128 were retained after data cleaning and processing. The instrument captures four dimensions: demographic characteristics, conceptual knowledge of cybersecurity, self-reported security practices, and behavioral responses to realistic digital scenarios. A descriptive analysis of the responses reveals that students possess a relatively strong conceptual understanding of the selected security principles. For example, more than 95% correctly identified the characteristics of a strong password, and 83.7% reported maintaining an active and regularly updated antivirus program. However, behavioral data reveal inconsistent application of this knowledge in practice. Many students continue to reuse passwords, connect to unsecured Wi-Fi networks, or rely on public devices and unverified software sources when under pressure for convenience or time. An overall awareness score computed from the behavioral items averaged 77.28% on the adopted awareness scale, indicating that a substantial proportion of students exhibit risk-prone habits despite their baseline knowledge of cybersecurity. These findings highlight a persistent knowledge–behavior gap and underscore the need for targeted educational interventions. The study recommends scenario-based awareness training, integration of cybersecurity content across curricula, and institutional policies that reinforce secure digital habits among students.
Downloads
References
N. M. Campara, System Assurance: Beyond Detecting Vulnerabilities. Burlington, MA, USA: Morgan Kaufmann, 2010. URL: https://www.elsevier.com/books/system-assurance/campara/978-0-12-373583-6
P. W. Singer and A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford, U.K.: Oxford Univ. Press, 2013. URL: https://global.oup.com/academic/product/cybersecurity-and-cyberwar-9780199918096 DOI: https://doi.org/10.1093/wentk/9780199918096.001.0001
P. V. Kessel and K. Allan, "Get ahead of cybercrime," EY Global Information Security Survey, 2014. URL: https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/topics/advisory/ey-global-information-security-survey-2014.pdf
D. Willson, Cybersecurity Awareness for CEOs and Management. Elsevier, 2016. URL: https://www.elsevier.com/books/cybersecurity-awareness/willson/978-0-12-802469-0
M. Rouse, "Bot (software robot)," Techopedia, 2021. URL: https://www.techopedia.com/definition/10459/bot-software-robot
P. Potgieter, "The awareness behaviour of students on cybersecurity awareness by using social media platforms," Kalpa Publications in Computing, vol. 12, pp. 272–280, 2019. URL: https://easychair.org/publications/paper/2G9C DOI: https://doi.org/10.29007/gprf
P. Lif, M. Granåsen, and T. Sommestad, "Development and validation of technique to measure cyber situation awareness," in Proc. CyberSA, 2017. DOI: https://doi.org/10.1109/CyberSA.2017.8068647 DOI: https://doi.org/10.1109/CyberSA.2017.8073388
URL: https://ieeexplore.ieee.org/document/8068647
R. Xi, Y. Xiaochun, and H. Zhiyu, "Framework for risk assessment in cyber situational awareness," IET Information Security, vol. 13, no. 2, pp. 119–128, 2019. DOI: https://doi.org/10.1049/iet-ifs.2018.5189 DOI: https://doi.org/10.1049/iet-ifs.2018.5189
URL: https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2018.5189
S. Al-Janabi and I. AlShourbaji, "A study of cybersecurity awareness in educational environment in the Middle East," J. Inf. Knowl. Manag., vol. 15, no. 1, 2016. DOI: https://doi.org/10.1142/S0219649216500076 DOI: https://doi.org/10.1142/S0219649216500076
URL: https://www.worldscientific.com/doi/abs/10.1142/S0219649216500076
E. B. Kim, "Cybersecurity awareness status of business college undergraduate students," Information Security Journal, vol. 22, no. 4, pp. 171–179, 2013. DOI: https://doi.org/10.1080/19393555.2013.828803 DOI: https://doi.org/10.1080/19393555.2013.828803
URL: https://www.tandfonline.com/doi/abs/10.1080/19393555.2013.828803
Y. K. Peker et al., "Raising cybersecurity awareness among college students," CISSE Journal, 2016. URL: https://cisse.info/journal/index.php/cisse/article/view/66
K. Senthilkumar and S. Easwaramoorthy, "A survey on cybersecurity awareness among college students in Tamil Nadu," IOP Conf. Ser. Mater. Sci. Eng., vol. 263, no. 4, 2017. DOI: https://doi.org/10.1088/1757-899X/263/4/042043 DOI: https://doi.org/10.1088/1757-899X/263/4/042043
URL: https://iopscience.iop.org/article/10.1088/1757-899X/263/4/042043
N. Ahmad et al., "Cybersecurity situational awareness among parents," in Proc. Cyber Resilience Conf., 2018. DOI: https://doi.org/10.1109/CR.2018.8626830 URL: https://ieeexplore.ieee.org/document/8626830 DOI: https://doi.org/10.1109/CR.2018.8626830
A. H. Khan et al., "SartCybersecurity Awareness Measurement Model (APAT)," in Proc. PARC, 2020. DOI: https://doi.org/10.1109/PARC49193.2020.236622 URL: https://ieeexplore.ieee.org/document/9087075 DOI: https://doi.org/10.1109/PARC49193.2020.236614
G. Kemper, "Improving employees' cybersecurity awareness," Computers & Security, vol. 2019, no. 8, pp. 11–14. DOI: https://doi.org/10.1016/S1361-3723(19)30085-5 URL: https://www.sciencedirect.com/science/article/pii/S1361372319300855 DOI: https://doi.org/10.1016/S1361-3723(19)30085-5
T. Gundu, "Big data, big security and privacy risks: Bridging employee knowledge and actions gap," Int. J. Cyber Warfare Terrorism, vol. 9, no. 1, pp. 1–16, 2019. DOI: https://doi.org/10.4018/IJCWT.2019010101 URL: https://www.igi-global.com/article/big-data-big-security-and-privacy-risks/231549
L. Hadlington, Employees' attitudes towards cybersecurity and risky online behaviours: An empirical assessment in the United Kingdom" Int. J. Cyber Criminol., vol. 12, no. 1, pp. 1–20, 2018. URL: http://www.cybercrimejournal.com/hadlingtonijcc2018vol12issue1.pdf
F. Alotaibi, S. Furnell, I. Stengel, and M. Papadaki,"A survey of cybersecurity awareness in Saudi Arabia" in Proc. ICITST, 2016. DOI: https://doi.org/10.1109/ICITST.2016.7856687 DOI: https://doi.org/10.1109/ICITST.2016.7856687
URL: https://ieeexplore.ieee.org/document/7856687
F. A. Aloul,"Cybersecurity awareness in UAE: A survey paper" in Proc. Int. Conf. Internet Technology and Secured Transactions, 2010. URL: https://ieeexplore.ieee.org/document/5599842
M. Zwilling, G. Klein, D. Lesjak, Ł. Wiechetek, F. Cetin, and H. N. Basim,"Cybersecurity awareness, knowledge and behavior: A comparative study" J. Comput. Inf. Syst., vol. 60, no. 1, pp. 1–10, 2020. DOI: https://doi.org/10.1080/08874417.2020.1712269 URL: https://www.tandfonline.com/doi/full/10.1080/08874417.2020.1712269
M. Evangelopoulou and C. W. Johnson,"Empirical framework for situation awareness measurement techniques in network defense" in Proc. CyberSA, 2015. DOI: https://doi.org/10.1109/CyberSA.2015.7166132 DOI: https://doi.org/10.1109/CyberSA.2015.7166132
URL: https://ieeexplore.ieee.org/document/7166132
S. E. Erol and S. Sagiroglu,"Awareness qualification level measurement model" in Proc. IBIGDELFT, 2018. URL: https://ieeexplore.ieee.org/document/8627342 DOI: https://doi.org/10.1109/IBIGDELFT.2018.8625305
S. S. Tirumala, M. R. Valluri, and G. A. Babu,"A survey on cybersecurity awareness concerns, practices and conceptual measures" in Proc. ICCCI, 2019. DOI: https://doi.org/10.1109/ICCCI.2019.8821951 DOI: https://doi.org/10.1109/ICCCI.2019.8821951
URL: https://ieeexplore.ieee.org/document/8821951
S. T. Human,"Security awareness survey" SANS Institute, 2012. URL: https://www.sans.org/sites/default/files/2018-01/security-awareness-survey.pdf
W. Aljohani et al.,"Cybersecurity awareness among university students" Int. J. Comput. Sci. Mobile Comput., vol. 9, no. 6, pp. 141–155, Jun. 2020. URL: https://www.ijcsmc.com/docs/papers/June2020/V9I6202014.pdf
A. Al Zaidy,"Cybersecurity and personal privacy: Protecting yourself in the digital age" Open Access Research Journal of Science and Technology, vol. 12, no. 1, pp. 131–135, Oct. 2024. DOI: https://doi.org/10.53022/oarjst.2024.12.1.0122 DOI: https://doi.org/10.53022/oarjst.2024.12.1.0122
URL: https://oarjst.com/index.php/oarjst/article/view/122
ENISA, Cybersecurity Awareness and Education Report, 2023. URL: https://www.enisa.europa.eu/publications/cybersecurity-awareness-and-education
SANS Institute, Security Awareness Report: Managing Human Risk, 2022. URL: https://www.sans.org/u/1x13
J. Blythe and L. Coventry,"Cyber security behaviours in university students" Journal of Cybersecurity, vol. 6, no. 1, 2020. DOI: https://doi.org/10.1093/cybsec/tyaa003 URL: https://academic.oup.com/cybersecurity/article/6/1/tyaa003/5838120
Yeo, L. H., & Banfield, J. (2022). Human Factors in Electronic Health Records Cybersecurity Breach: An Exploratory Analysis. Perspectives in health information managemen, 19(Spring), 1i. URL: https://pmc.ncbi.nlm.nih.gov/articles/PMC9123525/
[31] National Institute of Standards and Technology (NIST), Digital Identity Guidelines, NIST Special Publication 800-63B, 2020. URL (PDF): https://pages.nist.gov/800-63-3/sp800-63b.html
Microsoft Security Team,"Password guidance: Simplifying your approach" Microsoft, 2021. URL: https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations
Verizon, 2023 Data Breach Investigations Report (DBIR). URL: https://www.verizon.com/business/resources/reports/dbir/
A. Rahman, M. Rahman, and L. Khan,"Security risks associated with public Wi-Fi: A survey" IEEE Access, vol. 9, pp. 87630–87649, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3089803
URL: https://ieeexplore.ieee.org/document/9443358
Kaspersky Lab, The Dark Side of Public Wi-Fi, 2022. URL: https://usa.kaspersky.com/resource-center/threats/public-wifi-risks
Proofpoint, State of the Phish Report, 2023. URL: https://www.proofpoint.com/us/resources/threat-reports/state-of-phish
R. Ferreira, M. Cruz, and D. Cabral,"Cybersecurity education and phishing susceptibility: An empirical study" Computers & Security, vol. 113, 2022. DOI: https://doi.org/10.1016/j.cose.2021.102570 URL: https://www.sciencedirect.com/science/article/pii/S0167404821002885
[38] UNESCO, Digital Citizenship Education Report, 2022. URL: https://unesdoc.unesco.org/ark:/48223/pf0000377078
S. Hinduja and J. Patchin, Cyberbullying Research Center Annual Report, 2023. URL: https://cyberbullying.org/research
National Initiative for Cybersecurity Education (NICE), Cybersecurity Workforce Framework, NIST, 2020. URL: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center
T. Sommestad, L. Hallberg, A. Lundholm, and J. Bengtsson,"Training effectiveness to reduce user risk: A systematic review" Computers & Security, vol. 87, 2019. DOI: https://doi.org/10.1016/j.cose.2019.101588 URL: https://www.sciencedirect.com/science/article/pii/S0167404819301131
A. Parsons, R. McCormac, N. Butavicius, M. Pattinson, and K. Jerram,"Phishing susceptibility and the impact of repeated training" Behaviour & Information Technology, vol. 41, no. 6, 2022. DOI: https://doi.org/10.1080/0144929X.2020.1855299 URL: https://www.tandfonline.com/doi/full/10.1080/0144929X.2020.1855299
R. W. Rogers,"A protection motivation theory of fear appeals and attitude change" Journal of Psychology, vol. 91, pp. 93–114, 1975. DOI: https://doi.org/10.1080/00223980.1975.9915803 URL: https://www.tandfonline.com/doi/abs/10.1080/00223980.1975.9915803 DOI: https://doi.org/10.1080/00223980.1975.9915803
M. Workman, W. H. Jones, and D. McCoy,"Human factors in cybersecurity: Examining the role of psychological traits" Computers in Human Behavior, vol. 115, 2021. DOI: https://doi.org/10.1016/j.chb.2020.106621 URL: https://www.sciencedirect.com/science/article/pii/S0747563220302895
Downloads
Published
Data Availability Statement
upon request
Issue
Section
License
Copyright (c) 2025 Ahmed Al Zaidy (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
