An Exploration of the Factors Influencing Home Users' Cybersecurity Behaviours
Cybersecurity has been a concern for businesses and governments since their initial uptake of the Internet in the 1970s. As more and more people started using the internet for personal use, cybersecurity has become an important concern for home users as well. However, most research on cybersecurity has been undertaken at an organisational rather than at the individual level. Individual behaviours online have became increasingly important as the line between home and business use has blurred and users’ actions on their home computers has begun to have more wide ranging implications. There appears to be a lack of agreement on how to approach the topic of internet security outside of an organisational perspective. This research focuses on the individual home user perspective and seeks to (1) identify factors relate to users’ cybersecurity behaviours, and (2) examine how the identified factors relate to users' cybersecurity behaviours. A conceptual framework was developed based on the literature to guide the data collection. To identify the relevant factors relating to home users’ security behaviours, a qualitative study comprised of three focus groups and 20 individual interviews was carried out. From the data, a revised model was developed. In the revised model, awareness threats was identified as a necessary first cybersecurity step before users can form opinions about the danger of threats. Awareness of threats was influenced by users' characteristics, opinions, and experiences as well as by factors in their external environments. The combination of internal factors, external factors, and awareness led to users’ perceptions about the danger of threats online. This perception of danger led to users’ intentions to engage in protective behaviours. However, these intentions were strengthened or weakened based on users’ perceptions about the barriers to and enablers of security. By applying the revised model, it was possible to identify different types of security users. Through the identification of these user types, eight factors emerged as being particularly important in influencing users' perceptions of threats and dangers: knowledge, perceived self-efficacy, trust, threat awareness, safeguard awareness, prior experience, reliance, and security orientation. These factors from the model are used as a starting point to understanding how users make decisions about what they will do to protect themselves online. Further, through the identification of these user types suggestions are made about how to promote security for different types of individuals.