Cybersecurity in higher education institutions: An analysis from the perspective of Protection Motivation Theory
DOI:
https://doi.org/10.33010/ie_rie_rediech.v16i0.2271Keywords:
cybersecurity, behavior, higher education, data protection, Protection Motivation TheoryAbstract
The importance of cybersecurity in the education sector lies in protecting sensitive data and information and maintaining a safe and reliable environment for students, faculty, and administrative staff. This research aims to analyze the factors influencing cybersecurity behavior of employees in higher education institutions in Northeastern Mexico. Protection Motivation Theory is used to understand the motivations and decisions related to digital security practices. For the method, 159 surveys were analyzed using Partial Least Squares Structural Equation Modeling (PLS-SEM). Results reveal that cybersecurity awareness positively influences both self-efficacy and response efficacy. Perceived severity and response self-efficacy are significant predictors of cybersecurity behavior. Interestingly, protection habit positively relates to self-efficacy but not to response efficacy. Moreover, no significant relationship was found between response efficacy and cybersecurity behavior. The findings emphasize the need for a holistic approach that considers individual and organizational factors to promote effective security practices within the Mexican educational context.
References
Alhelaly, Y., Dhillon, G., y Oliviera, T. (2024). Mobile identity protection: The moderation role of self-efficacy. Australasian Journal of Information Systems, 28. https://doi.org/10.3127/ajis.v28.4397
Alsharida, R. A., Al-rimy, B. A. S., Al-Emran, M., y Zainal, A. (2023). A systematic review of multi perspectives on human cybersecurity behavior. Technology in Society, 73, 102258. https://doi.org/10.1016/j.techsoc.2023.102258
Alsharif, M., Mishra, S., y AlSheri, M. (2022). Impact of human vulnerabilities on cybersecurity. Computer Systems Science and Engineering, 40(3), 1153-1116. https://doi.org/10.32604/csse.2022.019938
Arriaza, R. E., Mutch, C., y Mutch, N. T. (2021). When Covid-19 is only part of the picture: Caring pedagogy in higher education in Guatemala. Pastoral Care in Education, 39(3), 236-249. https://doi.org/10.1080/02643944.2021.1938648
Atta, A., Zaman, N. U., y Khan, H. H. (2021). Battling the threat of workplace harassment: An appraisal based on Protection Motivation Theory. Journal of Asian Finance Economics and Business, 8(6), 491-504. https://doi.org/10.13106/jafeb.2021.vol8.no6.0491
Bezbaruah, K. (2022). Information, communication and technology and its application in teaching learning process of philosophy. International Journal of Early Childhood Special Education, 14(3), 3143-3146. https://doi.org/10.1207/s15566935eed1703_1
Caldarulo, M., Welch, E. W., y Freeney, M. K. (2022). Determinants of cyber-incidents amog small and medium US cities. Government Information Quarterly, 39(3), 101703. https://doi.org/10.1016/j.giq.2022.101703
Chin, W. W. (1998). The partial least squares approach to structural equation modeling. Modern Methods for Business Research, 295(2), 295-336.
CUDI [Corporación Universitaria para el Desarrollo de Internet] (2021, jul. 1). Resultados de la Encuesta de Ciberseguridad en IES Miembros CUDI. http://repositorio.cudi.edu.mx/handle/11305/2186
Cummings, C. L., Rosenthal, S., y Kong, W. Y. (2021). Secondary Risk Theory: Validation of a novel model of protection motivation. Risk Analysis, 41(1), 204-220. https://doi.org/10.1111/risa.13573
Dawadi, S., Giri, R. A., y Simkhada, P. (2020). Impact of COVID-19 on the education sector in Nepal: Challenges and coping strategies [Prepint]. Sage Submissions. https://doi.org/10.31124/advance.12344336.v1
Dijkstra, T. K., y Henseler, J. (2015). Consistent and asymptotically normal PLS estimators forlinear structural equations. Computational Statistics & Data Analysis, 81(1), 10-23.
Domínguez, R. A. (2021). Ciberdelitos, alarma mundial y políticas de información en ciberseguridad: un acercamiento al contexto de Tamaulipas. En R. A. Domínguez, Problemas sociales de información, comunicación e interacción en espacios digitales: panorama expuesto en una sociedad pandémica (pp. 12-37). El Colegio de Tamaulipas.
Dzyana, H., Pasichnyk, V., Garmash, Y., Naumko, M., y Didych, O. (2022). The system for ensuring the information security of the organization in the context of Covid-19 based on Public. Private partnership. IJCSNS International Journal of Computer Science and Network Security, 22(6), 19-24. https://doi.org/10.22937/IJCSNS.2022.22.6.4
ENISA [European Union Agency for Cybersecurity] (2018, feb. 6). Cyber security culture in organisations. https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations
FBI [Federal Bureau of Investigation] (2022). Internet Crime Report 2022. https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
Fornell, C., y Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50. https://doi.org/10.2307/3151312
Fouad, N. S. (2022). The security economics of EdTech: Vendors’ responsibility and the cybersecurity challenge in the education sector. Digital Policy Regulation and Governance, 24(3), 259-273. https://doi.org/10.1108/DPRG-07-2021-0090
Furnell, S., Haney, J., y Theofanos, M. (2021). Pandemic parallels: What can cybersecurity learn from COVID-19? Computer, 54(3). https://doi.org/10.1109/MC.2020.3046888
Geil, A., Sagers, G., Spaulding, A. D., y Wolf, J. R. (2018). Cyber security on the farm: an assessment of cyber security practices in the United States agriculture industry. International Food and Agribusiness Management Review, 21(3), 317-334. https://doi.org/10.22434/IFAMR2017.0045
GOV.UK (2022, jul. 11). Official Statistics: Educational institutions findings annex - Cyber Security Breaches Survey 2022. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/educational-institutions-findings-annex-cyber-security-breaches-survey-2022#appendix-a-further-information
Hair, J., Hult, T., Ringle, C., Sarstedt, M., Castillo, J., Cepeda, G., y Roldán, J. (2019). Manual de Partial Least Squares Structural Equation Modeling (PLS-SEM). Sage.
Hasan, S., Ali, M., Kurnia, S., y Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and it influence on performance. Journal of Information Security and Applications, 58, 102726. https://doi.org/10.1016/j.jisa.2020.102726
Hernández, A. (2021, mar. 31). Policía de Tamaulipas recibe 2 mil 300 denuncias por delitos cibernéticos. Milenio. https://www.milenio.com/policia/tamaulipas-policia-recibe-2-mil-300-denuncias-delitos-internet
Hina, S., Selvam, D. D., y Lowry, P. B. (2019). Institutional governance and protection motivation: Theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Computers & Security, 87, 101594. https://doi.org/10.1016/j.cose.2019.101594
Holgeid, K. K., Krogstie, J., Mikalef, P., Saur, E. E., y Sjoberg, D. (2022). Benefits management and information technology work distribution. IET Software, 16(4), 438-454. https://doi.org/10.1049/sfw2.12062
Hong, Y., y Furnell, S. (2021). Understanding cybersecurity behavioral habits: Insights from situational support. Journal of Information Security and Applications, 57, 102710. https://doi.org/10.1016/j.jisa.2020.102710
Ivari, N., Sharma, S., y Ventä-Olkkonen, L. (2020). Digital transformation of everyday life – How COVID-19 pandemic transformed the basic education of the young generation and why information management research should care? International Journal of Informacion Management, 55, 102183. https://doi.org/10.1016/j.ijinfomgt.2020.102183
Jansen, J., y Van Schaik, P. (2018). Testing a model of precautionary online behaviour: The case of online banking. Computers in Human Behavior, 87, 371-383. https://doi.org/10.1016/j.chb.2018.05.010
Kennison, S. M., y Chan-Tin, E. (2020). Taking risk with cybersecurity: Using knowledge and personal characteristics to predict self-reported cybersecurity behaviors. Frontiers in Psychology, 11, 546546. https://doi.org/10.3389/fpsyg.2020.546546
Khando, K., Gao, S., Islam, S. M., y Salman, A. (2021). Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Society, 106, 102267. https://doi.org/10.1016/j.cose.2021.102267
Kim, B. J., Kim, M. J., y Lee, J. (2024). Examining the impact of work overload on cybersecurity behavior: highlighting self-efficacy in the realm of artificial intelligence. Current Psychology, 43, 17146-17162. https://doi.org/10.1007/s12144-024-05692-4
Kondruss, B. (2023). Cyber attacks on universities. University ransomware attacks & data breaches worldwide. KonBriefing. https://konbriefing.com/en-topics/cyber-attacks-universities.html
Koohang, A., Anderson, J., Nord, J. H., y Paliszkiewicz, J. (2020). Building an awareness-centered information security policy compliance model. Industrial Management & Data Systems, 120(1), 231-247. https://doi.org/10.1108/IMDS-07-2019-0412
Lahiri, A., Jha, S. S., Chakraborty, A., Dobe, M., y Dey, A. (2021). Role of threat and coping appraisal in protection motivation for adoption of preventive behavior during COVID-19 pandemic. Frontiers in Public Healt, 9, 678566. https://doi.org/10.3389/fpubh.2021.678566
Li, L., He, W., Xu, L., Ash, I., Anwar, M., y Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13-24. https://doi.org/10.1016/j.ijinfomgt.2018.10.017
Li, L., Xu, L., y He, W. (2022). The effects of antecedents and mediating factors on cybersecurity protection behavior. Computers in Human Behavior Reports, 5, 100165. https://doi.org/10.1016/j.chbr.2021.100165
Microsoft (2023). Microsoft Security Intelligence. https://www.microsoft.com/en-us/wdsi/threats
Morales-Sáenz, F. I., Medina-Quintero, J. M., y Rodríguez, F. O. (2024a). Seguridad digital y violencias estructurales: perspectivas y desafíos contemporáneos. Dilemas Contemporáneos: Educación, Política y Valores, 12(esp.). https://doi.org/10.46377/dilemas.v12i.4486
Morales-Sáenz, F. I., Medina-Quintero, J. M., y Reyna-Castillo, M. (2024b). Beyond data protection: Exploring the convergence between cybersecurity and sustainable development in business. Sustainability, 16(14), 5884. https://doi.org/10.3390/su16145884
Pranggono, B., y Arabo, A. (2020). COVID-19 pandemic cybersecurity issues. Internet Technology Letters, 4(2). https://doi.org/10.1002/itl2.247
Priestman, W., Anstis, T., Sebire, I. G., Sridharan, S., y Sebire, N. J. (2019). Phishing in healthcare organisations: Threats, mitigation and approaches. BMJ Health & Care Informatics, 26(1), e100031. https://doi.org/10.1136/bmjhci-2019-100031
Rajab, M., y Eydgahi, A. (2019). Evaluating the explanatory power of theoretical frameworks on intention to comply with information security policies in higher education. Computers & Security, 80, 211-223. https://doi.org/10.1016/j.cose.2018.09.016
Rhee, H., Cheongtag, K., y Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users’ information security practice behavior. Computers & Security, 28(8), 816-826. https://doi.org/10.1016/j.cose.2009.05.008
Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised Theory of Protection Motivation. En J. Cacioppo y R. Petty, Social psychophysiology (pp. 153-177). Guildford Press.
Saeed, S. (2023). Education, online presence and cybersecurity implications: A study of information security practices of computing students in Saudi Arabia. Sustainability, 15(12), 9426. https://doi.org/10.3390/su15129426
Shahbaznezhad, H., Kolini, F., y Radhidirad, M. (2021). Employees’ behavior in phishing attacks: What individual, organizational, and technological factors matter? Journal of Computer Information Systems, 61(6), 539-550. https://doi.org/10.1080/08874417.2020.1812134
Siponen, M., Mahmood, M. A., y Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224. https://doi.org/10.1016/j.im.2013.08.006
SmartPLS (2022). SmartPLS 4. https://www.smartpls.com
Sulaiman, N. S., Fauzi, M. A., Hussain, S., y Wider, W. (2022). Cybersecurity behavior among government employees: The role of Protection Motivation Theory and responsibility in mitigating cyberattacks. Information, 13(17), 9528. https://doi.org/10.3390/su13179528
Taborda, M. A., Collazos, F. A., Marulanda, C. A., y Villalba, K. M. (2021). Dynamic cybersecurity model based on ISO standards for higher education institutions in Colombia. Ingeniería Solidaria, 17(3). https://doi.org/10.16925/2357-6014.2021.03.05
Torten, R., Reaiche, C., y Boyle S. (2018). The impact of security awareness on information technology professionals’ behavior. Computers & Security, 79, 68-79. https://doi.org/10.1016/j.cose.2018.08.007
Tsai, H. Y., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., y Cotten , S. R. (2016). Understanding online safety behaviors: A Protection Motivation Theory perspective. Computers & Security, 59, 138-150. https://doi.org/10.1016/j.cose.2016.02.009
Ulven, J. B., y Wangen, G. (2021). A systematic review of cybersecurity risks in higher education. Future Internet, 13(2). https://doi.org/10.3390/fi13020039
Valiente-Lopez, N., y Tejera-Reyte, C. C. (2022). Information and communication technologies as teaching- learning means. Luz, 21(1), 28-37.
Vance, A., Siponen, M., y Pahnila, S. (2012). Motivating is security compliance: Insights from Habit and Protection Motivation Theory. Information & Management, 49(3-4), 190-198. https://doi.org/10.1016/j.im.2012.04.002
Vrhovec, S., y Mihelic, A. (2021). Redefining threat appraisals of organizational insiders and exploring the moderating role of fear in cyberattack protection motivation. Computer & Security, 106, 102309. https://doi.org/10.1016/j.cose.2021.102309
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Francisco Isaí Morales Sáenz, José Melchor Medina Quintero , Demian Abrego Almazan
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
