JIS  Vol.10 No.4 , October 2019
How Perceived Benefits and Barriers Affect Millennial Professionals’ Online Security Behaviors
Abstract: Over the past decade, there has been an increase in cybersecurity breaches through identity theft, hacking, phishing attacks, and the use of malware such as viruses, worms, or trojans. The breaches have triggered an increase in investment in information security in organizations. As technology continues to improve, the risks of having cybersecurity incidents also increase. Cybersecurity firms reported that in 2016, there were 1209 total breaches with 1.1 billion identities exposed. Most experts agree that human vulnerability is a significant factor in cybersecurity. Most issues related to advanced threats come from human nature and ignorance. For the study, the researcher examined the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors. The study focused on two elements of perception which are perceived benefits and perceived barriers. The researcher administered a survey to 109 participants randomly selected among Survey Monkey audience members. The Spearman’s correlation test performed supported the analysis of the strength of the relationship and the level of significance between each of the independent variables and the dependent variable. The results from the statistical test provided enough evidence to reject each of the null hypothesis tested in this study. There were significant correlations between each of the independent variables, Perceived Benefits (PBE) and Perceived Barriers (PBA) and the dependent variable Online Security Behaviors (OSB).
Cite this paper: Djatsa, F. (2019) How Perceived Benefits and Barriers Affect Millennial Professionals’ Online Security Behaviors. Journal of Information Security, 10, 278-301. doi: 10.4236/jis.2019.104016.

[1]   Barnard-Wills, D. and Ashenden, D. (2012) Securing Virtual Space: Cyber War, Cyber Terror, and Risk. Space and Culture, 15, 110-123.

[2]   Srivastava, S. (2012) Pessimistic Side of Information & Communication Technology: Cyber Bullying & Legislature Laws. International Journal of Advances in Computer Science and Technology, 1, 14-20.

[3]   Jones, C. and Mujtaba, B. (2006) Is Your Information at Risk? Information Technology Leaders’ Thoughts about the Impact of Cybercrime on Competitive Advantage. Review of Business Information Systems, 10, 7.

[4]   Williams, C.D. (2015) The Socialization of Secure Computing Practices for Home Internet Users: A Quantitative Analysis of Individual Perceptions. Doctoral Dissertation.

[5]   Panetta, L. (2012) Sustaining US Global Leadership: Priorities for 21st Century Defense. US Department of Defense, Washington DC.

[6]   Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S. and Combs, B. (1978) How Safe Is Safe Enough? A Psychometric Study of Attitudes towards Technological Risks and Benefits. Policy Sciences, 9, 127-152.

[7]   Hali, S.M. (2000) The Role of Media in War. Defence Journal.

[8]   Parsons, K., McCormac, A., Butavicius, M. and Ferguson, L. (2010) Human Factors and Information Security: Individual, Culture and Security Environment. No. DSTO-TR-2484, Command, Control, Communications and Intelligence Division DSTO Defence Science and Technology Organisation, Edinburgh.

[9]   Pattinson, M. and Anderson, G. (2005) Risk Communication, Risk Perception and Information Security. In: Security Management, Integrity, and Internal Control in Information Systems, Springer, Berlin, 175-184.

[10]   Oswick, C., Fleming, P. and Hanlon, G. (2011) From Borrowing to Blending: Rethinking the Processes of Organizational Theory Building. Academy of Management Review, 36, 318-337.

[11]   Warkentin, M. and Siponen, M. (2015) An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset through Sanctioning Rhetoric. MIS Quarterly, 39, 113-134.

[12]   Boss, S., Galletta, D., Lowry, P.B., Moody, G.D. and Polak, P. (2015) What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors. MIS Quarterly (MISQ), 39, 837-864.

[13]   Claar, C. and Johnson, J. (2012) Analyzing Home PC Security Adoption Behavior. Journal of Computer Information Systems, 52, 20-29.

[14]   Ng, B.-Y., Kankanhalli, A. and Xu, Y.C. (2009) Studying Users’ Computer Security Behavior: A Health Belief Perspective. Decision Support Systems, 46, 815-825.

[15]   Edwards, K. (2015) Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users. Doctoral Dissertation.

[16]   DelCampo, R.G., Haggerty, L.A., Knippel, L.A. and Haney, M.J. (2011) Managing the Multi-Generational Workforce: From the GI Generation to the Millennials. Gower Publishing, Ltd., Burlington.

[17]   Haeger, D.L. and Lingham, T. (2014) A Trend toward Work-Life Fusion: A Multi-Generational Shift in Technology Use at Work. Technological Forecasting and Social Change, 89, 316-325.

[18]   Miller, K. and Murphrey, T.P. (2010) Catching Up with Our Students. Millennials and iGen: Is Agriscience Education Ready? The Agricultural Education Magazine, 83, 20.

[19]   S-O’Brien, L., Read, P., Woolcott, J. and Shah, C. (2011) Understanding Privacy Behaviors of Millennials within Social Networking Sites. Proceedings of the American Society for Information Science and Technology, 48, 1-10.

[20]   Wipawayangkool, K. and Villafranca, E. (2015) Exploring Millennials’ Malware Awareness and Intention to Comply with Information Security Policy. Review of Integrative Business and Economics Research, 4, 153.

[21]   Li, L., He, W., Xu, L., Ivan, A., Anwar, M. and Yuan, X. (2014) Does Explicit Information Security Policy Affect Employees’ Cyber Security Behavior? A Pilot Study. 2014 Enterprise Systems Conference, Shanghai, 2-3 August 2014, 169-173.

[22]   APWG (2016) Phishing Activity Trends Report, 1st Quarter 2016. Anti-Phishing Working Group.

[23]   Symantec (2017) Internet Security Threat Report.

[24]   Furnell, S. (2010) Jumping Security Hurdles. Computer Fraud & Security, 2010, 10-14.

[25]   Raytheon (2017) Securing Our Future: Cybersecurity and the Millennial Workforce.

[26]   Sasse, M.A. and Flechais, I. (2005) Usable Security: Why Do We Need It? How Do We Get It? O’Reilly, Sebastopol.

[27]   Coughlin, T.M. (2017) Cybersecurity Education for Adolescents and Non-Technical Adults. Master’s Thesis.

[28]   Furnell, S.M., Bryant, P. and Phippen, A.D. (2007) Assessing the Security Perceptions of Personal Internet Users. Computers & Security, 26, 410-417.

[29]   Galvan, J.L. (2016) Student Motivations Regarding Online Security Implementation: A Qualitative Case Study. Doctoral Dissertation.

[30]   Chakraborty, R., Lee, J., Bagchi-Sen, S., Upadhyaya, S. and Raghav Rao, H. (2016) Online Shopping Intention in the Context of Data Breach in Online Retail Stores: An Examination of Older and Younger Adults. Decision Support Systems, 83, 47-56.

[31]   Anderson, K.B., Durbin, E. and Salinger, M.A. (2008) Identity Theft. Journal of Economic Perspectives, 22, 171-192.

[32]   Kang, R., Dabbish, L., Fruchter, N. and Kiesler, S. (2015) My Data Just Goes Everywhere: User Mental Models of the Internet and Implications for Privacy and Security. Symposium on Usable Privacy and Security, Pittsburgh, 2015, 39-52.

[33]   de Bruijn, H. and Janssen, M. (2017) Building Cybersecurity Awareness: The Need for Evidence-Based Framing Strategies. Government Information Quarterly, 34, 1-7.

[34]   Siponen, M.T. (2000) A Conceptual Foundation for Organizational Information Security Awareness. Information Management & Computer Security, 8, 31-41.

[35]   Von Solms, B. (2001) Information Security—A Multidimensional Discipline. Computers & Security, 20, 504-508.

[36]   Jones, D. (2007) Low Cost Security Tools: Employee Awareness. Security: Solutions for Enterprise Security Leaders, 44, 90-91.

[37]   Kelly, C. (2006) Awareness Trumps New Security Toys. Computerworld-Newton Then Framingham Massachusetts, 40, 44.

[38]   Claar, C.L. (2011) The Adoption of Computer Security: An Analysis of Home Personal Computer User Behavior Using the Health Belief Model. Doctoral Dissertation.

[39]   Bryce, J. and Fraser, J. (2014) The Role of Disclosure of Personal Information in the Evaluation of Risk and Trust in Young Peoples’ Online Interactions. Computers in Human Behavior, 30, 299-306.

[40]   Dinev, T. and Hu, Q. (2007) The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies. Journal of the Association for Information Systems, 8, 23.

[41]   Byrne, Z.S., Dvorak, K.J., Peters, J.M., Ray, I., Howe, A. and Sanchez, D. (2016) From the User’s Perspective: Perceptions of Risk Relative to Benefit Associated with Using the Internet. Computers in Human Behavior, 59, 456-468.

[42]   Riek, M., Bohme, R. and Moore, T. (2016) Measuring the Influence of Perceived Cybercrime Risk on Online Service Avoidance. IEEE Transactions on Dependable and Secure Computing, 13, 261-273.

[43]   Kirscht, J.P., Haefner, D.P., Kegeles, S.S. and Rosenstock, I.M. (1966) A National Study of Health Beliefs. Journal of Health and Human Behavior, 7, 248-254.

[44]   Dreibelbis, R. (2016) It’s More than Just Changing Your Password: Exploring the Nature and Antecedents of Cyber-Security Behaviors. Master’s Thesis.

[45]   Lee, D., Larose, R. and Rifon, N. (2008) Keeping Our Network Safe: A Model of Online Protection Behaviour. Behaviour & Information Technology, 27, 445-454.

[46]   Janz, N.K. and Becker, M.H. (1984) The Health Belief Model: A Decade Later. Health Education Quarterly, 11, 1-47.

[47]   McNabb, D.E. (2010) Research Methods for Political Science: Qualitative and Quantitative Approaches. ME Sharp Inc., New York.

[48]   Liang, H. and Xue, Y. (2010) Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems, 11, 394-413.

[49]   O’Dwyer, L.M. and Bernauer, J.A. (2013) Quantitative Research for the Qualitative Researcher. Sage Publications, Thousand Oaks.

[50]   Nardi, P.M. (2018) Doing Survey Research: A Guide to Quantitative Methods. 4th Edition, Routledge, New York.

[51]   Martin, W.E. and Bridgmon, K.D. (2012) Quantitative and Statistical Research Methods: From Hypothesis to Results (Vol. 42). John Wiley & Sons, Hoboken.

[52]   Punch, K. (2003) Survey Research: The Basics. Sage Publications, Thousand Oaks.

[53]   Gay, L. and Airasian, P. (2000) Educational Research: Competencies for Analysis and Experience. 6th Edition, Prentice-Hall, Upper Saddle River.

[54]   Bethlehem, J. and Biffignandi, S. (2011) Handbook of Web Surveys (Vol. 567). John Wiley & Sons, Hoboken.

[55]   Fry, R. (2018) Millennials Are the Largest Generation in the U.S. Labor Force. Pew Research Center, Washington DC.

[56]   Kane, M.T. (1992) The Assessment of Professional Competence. Evaluation & the Health Professions, 15, 163-182.

[57]   U.S. Census Bureau (2015) Millennials Outnumber Baby Boomers and Are Far More Diverse. US Census Bureau, Suitland.

[58]   Survey Monkey (2018) Diverse Recruitment.

[59]   Lachin, J.M. (1981) Introduction to Sample Size Determination and Power Analysis for Clinical Trials. Controlled Clinical Trials, 2, 93-113.

[60]   Shuster, J.J. (2014) Sample Size Verification for Clinical Trials. Clinical and Translational Science, 7, 60-62.

[61]   Suresh, K. and Chandrashekara, S. (2012) Sample Size Estimation and Power Analysis for Clinical Research Studies. Journal of Human Reproductive Sciences, 5, 7.

[62]   QFAB (2019) Statistical Decision Tree.

[63]   Ifinedo, P. (2014) Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialisation, Influence, and Cognition. Information & Management, 51, 69-79.

[64]   Lebek, B., Uffen, J., Neumann, M., Hohler, B. and Breitner, M.H. (2014) Information Security Awareness and Behavior: A Theory-Based Literature Review. Management Research Review, 37, 1049-1092.

[65]   Straub, D., Boudreau, M. and Gefen, D. (2004) Validation Guidelines for Is Positivist Research. Communications of the Association for Information Systems, 13, 380-427.

[66]   Trochim, W.M.K. and Donnelly, J.P. (2008) The Research Methods Knowledge Base. 3rd Edition, Atomic Dog, Mason, 56-65.

[67]   U.S. Department of Health and Human Services (1979) The Belmont Report. New York.

[68]   Coulehan, M.B. and Well, J.F. (2006) Guidelines for Responsible Data Management in Scientific Research. Clinical Tools, Incorporated, Chapel Hill.

[69]   Gall, M., Gall, J. and Borg, W. (2007) Nonexperimental Research: Descriptive and Causal-Comparative Designs. In: Gall, M.D., Gall, J.P. and Borg, W.R., Eds., Educational Research: An Introduction, Pearson/Allyn & Bacon, Boston, 298-330.

[70]   Bless, C., Higson-Smith, C. and Kagee, A. (2006) Fundamentals of Social Research Methods: An African Perspective. Juta and Company Ltd., Cape Town.

[71]   Belli, G. (2008) Nonexperimental Quantitative Research. Lapan, 1, 59.

[72]   Newson, R. (2001) Somersd-Confidence Intervals for Nonparametric Statistics and Their Differences. Stata Technical Bulletin, 10, 47-55.

[73]   Faul, F., Erdfelder, E., Lang, A.-G. and Buchner, A. (2007) G* Power 3: A Flexible Statistical Power Analysis Program for the Social, Behavioral, and Biomedical Sciences. Behavior Research Methods, 39, 175-191.

[74]   Field, A. (2009) Discovering Statistics Using SPSS. Sage Publications, Thousand Oaks.

[75]   Matkar, A. (2012) Cronbach’s Alpha Reliability Coefficient for Standard of Customer Services in Maharashtra State Cooperative Bank. IUP Journal of Bank Management, 11, 89-95.

[76]   Tavakol, M. and Dennick, R. (2011) Making Sense of Cronbach’s Alpha. International Journal of Medical Education, 2, 53.

[77]   Hair, J.F., Anderson, R.E., Black, W.C., Tatham, R.L. and Babin, B.J. (2006) Multivariatedata Analysis (Vol. 6). Pearson Prentice Hall, Upper Saddle River.

[78]   Nunnally, J.C. (1978) Psychometric Theory. 2nd Edition, McGraw-Hill, New York.

[79]   George, D. and Mallery, P. (2003) SPSS for Windows Step by Step: A Simple Guide and Reference. 11.0 Update, 4th Edition, Allyn & Bacon, Boston.

[80]   Gliem, J.A. and Gliem, R.R. (2003) Calculating, Interpreting, and Reporting Cronbach’s Alpha Reliability Coefficient for Likert-Type Scales.

[81]   Santos, J.R.A. (1999) Cronbach’s Alpha: A Tool for Assessing the Reliability of Scales. Journal of Extension, 37, 1-5.

[82]   Young, D.K., Carpenter, D. and McLeod, A. (2016) Malware Avoidance Motivations and Behaviors: A Technology Threat Avoidance Replication. AIS Transactions on Replication Research, 2, 1-17.

[83]   Fornell, C. and Larcker, D.F. (1981) Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, 18, 39-50.

[84]   Dodel, M. and Mesch, G. (2017) Cyber-Victimization Preventive Behavior: A Health Belief Model Approach. Computers in Human Behavior, 68, 359-367.

[85]   Ifinedo, P. (2012) Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers & Security, 31, 83-95.