Quantitative Analysis of the Key Factors Driving Cybersecurity Awareness Among Information Systems Users

Muhammad Agreindra Helmiawan; Esa Firmansyah; Dody Herdiana; Yopi Hidayatul Akbar; A’ang Subiyakto; Titik Khawa Abdul Rahman

doi:10.52436/1.jutif.2025.6.4.4861

Authors

Muhammad Agreindra Helmiawan Informatics, Faculty of Information Technology, Sebelas April University, Sumedang, Indonesia
Esa Firmansyah Informatics, Faculty of Information Technology, Sebelas April University, Sumedang, Indonesia
Dody Herdiana Informatics, Faculty of Information Technology, Sebelas April University, Sumedang, Indonesia
Yopi Hidayatul Akbar Informatics, Faculty of Information Technology, Sebelas April University, Sumedang, Indonesia
A’ang Subiyakto Information System, Faculty of Science and Technology, Syarif Hidayatullah State Islamic University, Jakarta, Indonesia
Titik Khawa Abdul Rahman Information and Communication Technology, Asia e University, Subang Jaya, Malaysia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.4.4861

Keywords:

Cybersecurity Awareness, Digital Resilience, Organizational Policies, Risk Perception, User Behaviour

Abstract

Cybersecurity threats are increasingly complex and widespread, posing significant risks to individuals and organizations. However, many studies tend to address the technological or behavioral aspects separately. The study uses a survey-based quantitative approach using PLS-SEM to analyze key factors that influence cybersecurity awareness, including demographics, training, psychological bias, and organizational culture. The findings suggest that several constructs-such as threat awareness, perceived risk, and education-significantly predict cybersecurity awareness and behaviour. Notably, the model yields an R² value of up to 0.703 with a strong path significance (p < 0.05), which underscores the robustness of the relationship. This study offers an integrated perspective on cybersecurity by bridging the psychological, educational, and organizational dimensions. It highlights cybersecurity awareness as a mediating construct that links upstream factors to secure user behavior-a relational structure that has not been explored in previous research.

Downloads

Download data is not yet available.

References

F. Djatsa, “Threat Perceptions, Avoidance Motivation and Security Behaviors Correlations,” Journal of Information Security, vol. 11, no. 1, pp. 19–45, Jun. 2019, doi: 10.4236/jis.2020.111002.

C. Macabante, S. Wei, and D. Schuster, “Elements of Cyber-Cognitive Situation Awareness in Organizations,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 63, no. 1, pp. 1624–1628, Jun. 2019, doi: 10.1177/1071181319631483.

S. Kalhoro, M. Rehman, V. Ponnusamy, and F. B. Shaikh, “Extracting Key Factors of Cyber Hygiene Behaviour Among Software Engineers: A Systematic Literature Review,” IEEE Access, vol. 9, pp. 99339–99363, Jun. 2021, doi: 10.1109/access.2021.3097144.

M. A. Helmiawan, E. Firmansyah, I. Fadil, Y. Sofivan, F. Mahardika, and A. Guntara, “Analysis of web security using open web application security project 10,” 2020 8th International Conference on Cyber and IT Service Management (CITSM …, 2020.

I. Lee, “Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management,” Future Internet, vol. 12, no. 9, p. 157, Jun. 2020, doi: 10.3390/fi12090157.

C. Aksoy, “BUILDING A CYBER SECURITY CULTURE FOR RESILIENT ORGANIZATIONS AGAINST CYBER ATTACKS,” İşletme Ekonomi ve Yönetim Araştırmaları Dergisi, vol. 7, no. 1, pp. 96–110, Jun. 2024, doi: 10.33416/baybem.1374001.

S. N. S. Nasir, “Exploring the Effectiveness of Cybersecurity Training Programs: Factors, Best Practices, and Future Directions,” Advances in Multidisciplinary & Scientific Research Journal Publication, vol. 2, no. 1, pp. 151–160, Jun. 2023, doi: 10.22624/aims/csean-smart2023p18.

B. Uchendu, J. R. C. Nurse, M. Bada, and S. Furnell, “Developing a cyber security culture: Current practices and future needs,” Comput Secur, vol. 109, p. 102387, Jun. 2021, doi: 10.1016/j.cose.2021.102387.

A. Georgiadou, S. Mouzakitis, and D. Askounis, “Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework,” Sensors, vol. 21, no. 9, p. 3267, Jun. 2021, doi: 10.3390/s21093267.

W. A. Cram, J. G. Proudfoot, and J. D’Arcy, “Organizational information security policies: a review and research framework,” Jun. 2017, Palgrave Macmillan. doi: 10.1057/s41303-017-0059-9.

G. Özaslan et al., “EVALUATION OF THE EFFECTS OF INFORMATION SECURITY TRAINING ON EMPLOYEES: A STUDY FROM A PRIVATE HOSPITAL,” International Journal of Health Management and Tourism, Jun. 2020, doi: 10.31201/ijhmt.791913.

A. Sopandi, N. A. Yahaya, and A. Subiyakto, “Developing the Readiness and Success Model of Information System Implementation in the Indonesian Equestrian Industry,” Journal of Applied Data Sciences, vol. 5, no. 1, pp. 133–145, 2024.

A. D. K. Acquaye, “A Study of the Awareness of Security and Safety Culture Among Employees Across Organizations,” Texila international journal of management, pp. 115–128, Jun. 2020, doi: 10.21522/tijmg.2015.se.19.02.art013.

A. Tolah, S. Furnell, and M. Papadaki, “A Comprehensive Framework for Understanding Security Culture in Organizations,” in IFIP advances in information and communication technology, Springer Science+Business Media, 2019, pp. 143–156. doi: 10.1007/978-3-030-23451-5_11.

M. A. Helmiawan, I. Fadil, Y. Sofiyan, and E. Firmansyah, “Security model using intrusion detection system on cloud computing security management,” 2021 9th International Conference on Cyber and IT Service Management (CITSM …, 2021.

A. P. Diman and T. K. A. Rahman, “Examining individual tendency to respond to phishing e-mails from the perspective of protection motivation theory,” Journal of Education and Social Sciences, vol. 25, no. 1, pp. 40–51, 2023.

I. Musirin, S. I. Sulaiman, T. K. A. Rahman, S. Shaari, A. M. Omar, and ..., “Computational performance of artificial immune system-based sizing technique for grid-connected photovoltaic system,” Research Management Institute (RMI), 2012.

M. S. Hasan, R. A. Rahman, S. F. H. B. T. Abdillah, and N. Omar, “Perception and Awareness of Young Internet Users towards Cybercrime: Evidence from Malaysia,” Journal of Social Sciences, vol. 11, no. 4, pp. 395–404, Jun. 2015, doi: 10.3844/jssp.2015.395.404.

T. Alharbi and A. Tassaddiq, “Assessment of Cybersecurity Awareness among Students of Majmaah University,” Big Data and Cognitive Computing, vol. 5, no. 2, p. 23, Jun. 2021, doi: 10.3390/bdcc5020023.

C. G. Blackwood-Brown, Y. Levy, and J. D’Arcy, “Cybersecurity Awareness and Skills of Senior Citizens: A Motivation Perspective,” Journal of Computer Information Systems, vol. 61, no. 3, pp. 195–206, Jun. 2019, doi: 10.1080/08874417.2019.1579076.

V. Karagiannopoulos, A. Kirby, S. Oftadeh-Moghadam, and L. Sugiura, “Cybercrime awareness and victimisation in individuals over 60 years: A Portsmouth case study,” Computer Law & Security Review, vol. 43, p. 105615, Jun. 2021, doi: 10.1016/j.clsr.2021.105615.

P. van Schaik, K. Renaud, C. Wilson, J. Jansen, and J. Onibokun, “Risk as affect: The affect heuristic in cybersecurity,” Comput Secur, vol. 90, p. 101651, Jun. 2019, doi: 10.1016/j.cose.2019.101651.

A. R. Neigel, V. L. Claypoole, G. E. Waldfogle, S. Acharya, and G. M. Hancock, “Holistic cyber hygiene education: Accounting for the human factors,” Comput Secur, vol. 92, p. 101731, Jun. 2020, doi: 10.1016/j.cose.2020.101731.

F. L. Greitzer, W. Li, K. B. Laskey, J. Lee, and J. Purl, “Experimental Investigation of Technical and Human Factors Related to Phishing Susceptibility,” ACM Transactions on Social Computing, vol. 4, no. 2, pp. 1–48, Jun. 2021, doi: 10.1145/3461672.

Y. Chen, I. YeckehZaare, and A. F. Zhang, “Real or bogus: Predicting susceptibility to phishing with economic experiments,” PLoS One, vol. 13, no. 6, Jun. 2018, doi: 10.1371/journal.pone.0198213.

N. Beu et al., “Falling for phishing attempts: An investigation of individual differences that are associated with behavior in a naturalistic phishing simulation,” Comput Secur, vol. 131, p. 103313, Jun. 2023, doi: 10.1016/j.cose.2023.103313.

H. J. Parker and S. Flowerday, “Contributing factors to increased susceptibility to social media phishing attacks,” S Afr J Inf Manag, vol. 22, no. 1, Jun. 2020, doi: 10.4102/sajim.v22i1.1176.

T. Lin et al., “Susceptibility to Spear-Phishing Emails,” ACM Transactions on Computer-Human Interaction, vol. 26, no. 5, pp. 1–28, Jun. 2019, doi: 10.1145/3336141.

W. J. Triplett, “Addressing Cybersecurity Challenges in Education,” International Journal of STEM Education for Sustainability, vol. 3, no. 1, pp. 47–67, Jun. 2023, doi: 10.53889/ijses.v3i1.132.

R. Shillair, P. Esteve‐González, W. H. Dutton, S. Creese, E. Nagyfejeo, and B. von Solms, “Cybersecurity education, awareness raising, and training initiatives: National level evidence-based results, challenges, and promise,” Comput Secur, vol. 119, p. 102756, Jun. 2022, doi: 10.1016/j.cose.2022.102756.

W. Aljohni, N. Elfadil, M. A. Jarajreh, and M. Gasmelsied, “Cybersecurity Awareness Level: The Case of Saudi Arabia University Students,” International Journal of Advanced Computer Science and Applications, vol. 12, no. 3, Jun. 2021, doi: 10.14569/ijacsa.2021.0120334.

A. Alzahrani, “Assessing and Proposing Countermeasures for Cyber-Security Attacks,” International Journal of Advanced Computer Science and Applications, vol. 13, no. 1, Jun. 2022, doi: 10.14569/ijacsa.2022.01301102.

H. Taherdoost, “Towards an Innovative Model for Cybersecurity Awareness Training,” Information, vol. 15, no. 9, p. 512, Jun. 2024, doi: 10.3390/info15090512.

E. Stavrou and andriani Piki, “Cultivating self-efficacy to empower professionals’ re-up skilling in cybersecurity,” Information and Computer Security, vol. 32, no. 4, pp. 523–541, Jun. 2024, doi: 10.1108/ics-02-2024-0038.

L. S. Setianingsih, R. Pulungan, A. E. Putra, M. E. Wibowo, and S. Syarip, “Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements,” International Journal of Advanced Computer Science and Applications, vol. 12, no. 9, Jun. 2021, doi: 10.14569/ijacsa.2021.0120979.

M. Mukherjee, N. T. Le, Y.-W. Chow, and W. Susilo, “Strategic Approaches to Cybersecurity Learning: A Study of Educational Models and Outcomes,” Information, vol. 15, no. 2, p. 117, Jun. 2024, doi: 10.3390/info15020117.

D. Patole, P. Ahirao, and Y. Borse, “Novel Teaching Learning and Evaluation Activities for Imbibing the Concepts of Cyber Security as Perennial Thought-Process in the Learners’ Digital Life,” Journal of Engineering Education/Journal of engineering education transformations/Journal of engineering education transformation, vol. 33, p. 376, Jun. 2020, doi: 10.16920/jeet/2020/v33i0/150204.

J. Hajný, S. Ricci, E. Piesarskas, O. Levillain, L. Galletta, and R. De Nicola, “Framework, Tools and Good Practices for Cybersecurity Curricula,” IEEE Access, vol. 9, pp. 94723–94747, Jun. 2021, doi: 10.1109/access.2021.3093952.

J. Dawson and R. Thomson, “The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance,” Jun. 2018, Frontiers Media. doi: 10.3389/fpsyg.2018.00744.

V. Švábenský, J. Vykopal, M. Čermák, and M. Laštovička, “Enhancing cybersecurity skills by creating serious games,” Jun. 2018, doi: 10.1145/3197091.3197123.

S. M. Redman, K. J. Yaxley, and K. Joiner, “Improving General Undergraduate Cyber Security Education: A Responsibility for All Universities?,” Creat Educ, vol. 11, no. 12, pp. 2541–2558, Jun. 2020, doi: 10.4236/ce.2020.1112187.