RESEARCH METHODOLOGY- CYBER SERCURITY AWARENESS

NAME: ANIKET SINGH

PRN No.: 21020148005

1
 A Study on Cyber Security Awareness, Training & Perception among select Management
Graduates

Aniket Singh
(Student, Symbiosis Institute of Business Management, Lavale)
Dr. Poornima Tapas
(Professor & Faculty In-Charge, Symbiosis Institute of Business Management, Lavale)

Abstract

Over the last few decades there has been tremendous change in human life with rapid change
in technology. It is rightly said that today’s generation lives on the internet and we as users are
generally ignorant as to how those random bits and ones and zeroes securely reach to a
computer. Even though there are a lot of benefits of the technology and it’s has made our life
for comfortable but still there are many risks associated with it. There is a high probability of
information leakage, theft, and other fraudulent practices. The rate of cybercrime has
increased across the whole world and the younger generation is highly affected by the same.
The main purpose of the study is to check the awareness level among the college students and
their attitude towards cyber security. The study also tries to examine the variation in the
attitude towards cyber security based on gender, and family income level. The data is
Management graduates in two select private Universities in Gurgaon. The sample size is 130.
Results are measured using Correlation and multiple regression. The result shows some
interesting finding related to student behaviour about cybersecurity. The behaviour of a
student’s changes according to the level of knowledge they have about cybercrime and
cybersecurity. There is a difference in the attitude towards cyber security after training and
awareness.

Keywords: Cybersecurity, student awareness, student attitude, cyber crime

1. Introduction

In the era of digitalization, the amount of sharing of personal data is growing every day, through
smartphones, social networking sites, online shopping sites or online money transactions.
Attempts of illegal access to personal data of individual usually with some objective of theft or
damage or to carry some unlawful activities can be termed as cyber-attack, as people are
becoming more and more transparent in accordance with data sharing and personal privacy is
at a vulnerable stage. The key issue in cyber security measure is personal data being exploited,
in a university setup where students have to work on various different online platforms often,
they tend to share their passwords with each other or their virtual identity, the lack of
understanding of cyber security issues leads to inefficient utilization of those e-learning tools.

Human factors in the context of information security have begun to gain increased attention,
particularly where the use of security technologies have failed to protect companies from
cyberattacks (Anwar et al., 2016; Herath and Rao, 2009). Research has found that employees
consistently underestimated the probability of falling victim to a cybersecurity breach (Herath
and Rao, 2009a). Herath and Rao (2009b) further argued that organisational, environmental
and behavioural factors all serve to influence the extent to which employees adhere to cyber
security practices. Smith et al. (1996) developed the Concern for Information Privacy (CFIP)
scale which identified and measured four factors (collection, errors, secondary use and

2
unauthorized access to information) as the dimensions of a person’s privacy concern about
organizations. Malhotra et al. (2004) later identified three aspects of information privacy,
namely, attitudes towards the collection of personal information, control over personal
information and awareness of privacy practices. More recently, Hong and Thong (2013),
consolidated existing conceptualization of Internet Privacy Concerns (IPC)including Smith et al.
(1996) and Malhotra et al. (2004) in their study and came up with six first-order factors of IPC
– collection, secondary usage, errors, improper access, control and awareness.

Calluzzo VJ, Cante CJ (2004) examined the uncertainty college students have concerning what
constitutes ethical and unethical behaviour using corporate information systems. The results
are consistent with expectations for the most part; the students identified most unethical
situations correctly. However, they had problems identifying misuse of corporate information
technology assets even when proper polices are in place. As a result, the security policy should
be aligned with the readiness of user state of perception and emotion, as well as observed the
user environment. This study is the continuation of research on implication of roles
responsibility in Information Assurance & Security (Ahlan & Rubis, 2011).

Most of the time students are not aware of the implications of cybercrime. Girls are the most
found victims of the cyber-crime. Many reports Colleges and universities show the cyberattacks
rates, with many of hacking attempts onto the information systems. While social networks and
bank account details are also at higher risk, education institutions are facing risks of losing
valuable intellectual property and their research data such as patents awarded to the
professors and students, and also the personal information about the students, staff and
faculty. Because of the higher frequency of hacking attacks on the institutions of higher
education, the need for cyber awareness has been increased. (Yang et al., 2013).

2. Literature Review

According to the National Crime Records Bureau insights amid the year 2005, 179 cases were
enrolled under the IT Go about when contrasted with 68 cases amid the earlier year, along
these lines revealing a critical increment of 163.2% in 2005 more than 2004. Amid 2005, a sum
of 302 cases were enlisted under IPC segments when contrasted with 279 such cases amid
2004, along these lines announcing an expansion of 8.2% in 2005 more than 2004. While the
quantity of digital violations occasions has been continually becoming in the course of the most
recent couple of years, the previous 18 months, specifically, has seen a fast spurt in the pace of
digital wrongdoing exercises. Digital legal advisors, Pavan Duggal, advocate with the Supreme
Court of India and Karnika Seth, accomplice, Seth Associates, Advocates and Legal Consultants,
vouch for this, pointing out that they have seen a hop in the quantity of digital wrongdoing
cases that they've been dealing with over the most recent one year. One likewise ought to recall
that the term 'Digital Crime' ought to be connected to all offenses submitted with the utilization
of 'Electronic Documents'. Consequently, digital handle the mind-boggling measure of data that
appears to portray our general public. In any case, the issue of security constrains the
uprightness of data and PC frameworks. More individuals need to know the utilization of PCs
furthermore, the assurances that are day by day offered for the protected treatment of data.
(National Crime Records Bureau statistics, 2005)

Ogut, Menon&Ragunathan, (2013) characterize cyber fight as the procedure of country state
to present PCs of different nations or systems to cause harm or devastation. Digital fighting is
a type of fighting that happens on PCs and the Internet, by electronic means as opposed to

3
physical. Additionally, the Internet is a method for simple access, where any individual,
remaining mysterious, can continue with an assault that is hard to relate, basically
imperceptible and hard to deal with. The term organize security alludes to insurance against
assaults and interruptions on corporate assets by interlopers who are not permitted access to
these assets.

Tipton & Krause (2013) explain that hacking is easy to the point that on the off chance that we
are on-line and know how to send and read email, we can begin hacking instantly. Here we can
discover a guide where we can download programs particularly fitting for the programmer on
Windows. Normally, these projects are free. They attempt to clarify some simple programmer
traps that can be utilized without causing purposeful harm. The dangers to the system security
are for associations as well as can be watched everywhere throughout the world in various
nations furthermore, how much every one of them are presented to dangers. Rather, the
principle goal of programmers isn't to wind up culprits, yet "battle against an uncalled-for
framework" utilized as a weapon framework itself.

Wishart (2012) examined an inventive on the web pretend movement went for 9-12-year-
olds. Net Detectives frame some portion of Kid savvy, a web mindfulness program went for
school kids. It was assessed through a different strategy information accumulation utilizing poll
reviews; follow up phone interviews with educators and perceptions being used in three UK
schools amid the summer term of 2012. Saroj Mehta and Vikram Singh’s (2013) examine paper
centres around the attention to cybercrime laws in India. It expresses that despite the fact that
there exist firewalls, antivirus and numerous other powerful measures to control cybercrime,
India is still a long way behind in fighting cybercrime. It was discovered that their untruths a
critical contrast between the mindfulness dimension of male clients and female clients.

Singh (2012) conducted a study on cybercrime mindfulness among XII understudies in Bathinda,
Punjab. It was discovered that the sexual orientation of the understudies does not make a
distinction in the dimension of familiarity with cybercrime. It was discovered that there was a
moderate dimension in regards to cybercrime mindfulness among the understudies. Be that as
it may, a couple of percent of understudies knew and had appropriate learning with respect to
kinds of cybercrime which were recorded under Information Technology Act, 2000.

Sukanya K.P and Raju C.V (2017) look into paper centres around the attention to cybercrime
among youth of Malappuram locale. The young of Malappuram region know about IT Act, 2000.
However, they are unmindful about it. Essential morals and the best possible utilizations on IT
applications must be presented in schools. Additionally, the media must give legitimate data
with respect to cybercrime. The examination discovered that the adolescent has a thought with
respect to the safety efforts for battling cybercrime.

Bhushan (2012) has uncovered that familiarity with artificial intelligence in India is wretchedly
low and accordingly has picked up a notoriety for being where remote speculators can work
together in cybersecurity and have been putting vigorously in cybersecurity. Pandey (2012)
inferred that absence of mindfulness about web and low dimension of web security is quick
making the country a paradise for cybercriminals. There has been an enduring increment in the
quantity of cybercrimes as individuals don't know about the fast improvements in the
cyberworld. Expanding reliance of basic residents on computer science without legitimate
security has made the activity simple for cybercriminals. Without specialists and cybersleuths,
Indore has turned out to be more powerless against cybercriminals, the scientist finished up.

4
According to Dalal (2010) one region that requires uncommon consideration is the cyberlaw
mindfulness in India. Not very many clients, professionals and associations know about debate
emerging out of IT Act, 2000 and its different corrections. Nappinai (2010) found that
cybercrime prosecution is not resorted in many instances due to lack of awareness amongst
both the victims and the enforcement authorities about the applicability of general laws to
cybercrimes. Saxena et al. (2012) have concluded that proactive actions on the part of
Government and enhanced participation of education system in the cybersecurity awareness
approach may lead to a strongly secured nation.

Jamil and Khan (2011) while contrasting the information assurance act in India with that of
European nations have inferred that the Indian cyberlaws are exceptionally poor and it is
extremely important to really get the suitable cyberlaw and mindfulness about them. There
isn't quite a bit of mindfulness with respect to ensuring the information. There is a consistent
ascent in cybercrime as there is gigantic populace yet lesser assets to deal with the populace
and the cybercrimes that happen. Seth (2007) has seen that with expanding mindfulness and
arrangement of preparing regarding the matter of cybercrime, upgraded innovative and
administrative advances being taken to additionally fortify the IT laws and authorization
system, India will viably prevail with regards to fighting the issue of cybercrimes.

3. Methodology

Objectives of the Study:

1. To study the relationship between cyber security training, cyber security perception,
and cyber security awareness.
2. To study the impact of cyber security awareness and training on cyber security
perception.

Hypotheses:

H1: There is a significant relationship between cyber security perception, training & cyber
security awareness.

H2: There is a significant impact of cyber security awareness and training on cyber security
perception.

Sample Size: 130 management graduates from 2 leading Universities in Haryana.

Sample Design:

1. Location: Gurgaon being an educational hub in Delhi NCR region

2. Universities: 2 Top private Business Schools with Wi Fi facility & cyber security courses
3. Sampling Technique: Convenience Sampling

A questionnaire on 5-point Likert scale with some questions on Nominal scale was designed to
check the awareness level, perception and training on cyber security among students.

5
 4. Analysis

Reliability Test

A pilot study was conducted on 40 management graduates. The Cronbach alpha was measured
for the questionnaire which is .79. Hence, the questionnaire is reliable

Demographic profiling: Participants in the research comprises of 67 males and 63 females of

the age group 17- 28 years. Figure 1 depicts the gender distribution of our study and Figure 2
depicts the distribution of respondents on the basis of their age

Figure 1

Figure 2

70% of total respondents agree that they use internet mostly for social media, online shopping and
banking transaction. The study shows that in the field of cybersecurity the cybersecurity awareness,
cybersecurity training and knowledge of cybercrime can be directly linked with cybersecurity
perception. Since training is directly attributable to improving the perception of user better
perception can highly affect the training requirement and demand. Awareness of the available and

6
possible security measure can improve the perception regarding improvement of securing oneself as
well recommending same to others thus perception has a high impact on pursing and spreading
awareness. Table 1 show the correlations between the cybersecurity perception, cybersecurity
training, cybersecurity awareness and knowledge on cybercrime.

The succeeding table1 shows the following findings. There is positive significant correlation
between the cybersecurity perception and cybersecurity training. There is positive weak but
significant correlation between the cybersecurity perception and cybersecurity awareness and
knowledge of cybercrime. The analysis of the data also shows that there is positive significant
correlation between cybersecurity training and cybersecurity awareness and knowledge of
cybercrime

Table 1: Correlations

Cybersecurity Cybersecurity Cybersecurity

Perception Training Awareness
Cybersecurity Perception Pearson Correlation 1 .145* .187*

Sig. (1-tailed) .050 .017

N 130 130 130

Cybersecurity Training Pearson Correlation .145* 1 .283**
Sig. (1-tailed) .050 .001
N 130 130 130
Cybersecurity Awareness Pearson Correlation .187* .283** 1
Sig. (1-tailed) .017 .001
N 130 130 130
N 130 130 130
*. Correlation is significant at the 0.05 level (1-tailed).
**. Correlation is significant at the 0.01 level (1-tailed).

Overall, there is a positive correlation between cyber security perception, cybersecurity training and
cyber security awareness with p<.05. With cyber security training provided to the students the
awareness level increases and there is a significant change in the perception.

Model Summary

Std. Error of
Adjusted R the
Model R R Square Square Estimate

1 .210a .44 .29 .586

a. Predictors: (Constant), Cybersecurity Awareness and Training

7
Table 1
ANOVAa
Sum of
Model Squares df Mean Square F Sig.
1
Regression 2.011 2 1.006 2.932 .002b

Residual 43.566 127 .343

Total 45.577 129

a. Dependent Variable: Cybersecurity Perception

b. Predictors: (Constant), Cybersecurity Awareness and Training

c. Coefficients

Standardized
Unstandardized Coefficients Coefficients

Model B Std. Error Beta t Sig.

1 (Constant) 2.614 .276 9.485 .000
Cybersecurity Training .066 .059 .100 1.109 .001
Cybersecurity
Awareness .127 .073 .158 1.751 .002

a. Dependent Variable: Cybersecurity Perception

The square value is 44 % and the adjusted r square value is 29% as there are other variables which
have a strong impact on cyber security perception. The regression model is significant as the p value
<.05. There is a positive impact of cyber security training on cyber security perception with β = .100,
p value <.05. There is a positive impact of cyber security awareness on cyber security perception β =
.158, p<.05. By providing proper training on cyber security and its measures awareness levels
increase and the perception about cyber security changes.

B-schools must provide cyber security training as the current perception about cyber security is that
the younger generation is ignorant. They are not aware about the consequences and hence land up
in either cybercrimes, cyber theft or loss of information. Cyber security should be seen as a serious
measure.

Major Findings
• The study shows that approximately 70% of the students use internet mainly for social media,
online shopping and online transaction.

• The study shows that most of the student’s know that it is important to have password on
personal devices like mobile, laptop and computers and also make changes on them regularly.

8
 • As most of the students belong to non-technical background so they agree to the fact they do
have proper training on cybersecurity and awareness about increase in cybercrime.
• Since, the training is directly linked with the perception it helps in improving the perception of
the user and if the user has better perception, then the training requirement and demand also
gets highly affected by it. So, the training which required for the cybersecurity can be provided
by the university. (Hadlington, 2017)
• Many of the students are also aware about the risk which is associated while using public WiFi
for online transactions.
• The degree to which students take part in risky cybersecurity practices gives us an impression
that the students are highly addictive to the Internet and this addictive behaviour goes all
above and rules the student behaviour, thoughts and feelings. (Griffiths, 2010)
• The study shows that in the field of cybersecurity the cybersecurity awareness, cybersecurity
training and knowledge of cybercrime can be directly linked with cybersecurity perception.

Conclusion:
Cybersecurity, training, awareness and the knowledge of cybercrime can be directly linked with
perception. Knowing about cybersecurity and knowing about the crime committed there in are
affected by one another but not highly intensive note. by the gather data it can be said that better
perception leads to more knowledge of cybercrime activity taking place around the user however if
the user is preceptive of self-sufficiency in own security measure the awareness of crime is
minimalized however the lack of knowledge can also be attributed to a regular development in
cyberspace both on positive and negative scale for instance, antivirus definition are updated regularly,
but zero day market for viruses have been more rigorously active. Moreover, the students with
nontechnical background should also be trained and made aware on cybersecurity because in today
life where technology plays an important role, they need to be more aware of the cybersecurity laws,
measures and risks of cybercrime that should not be ignored. As the battle against the cybercrime and
other digital attack have moved the emphasis from the technology towards the human elements
therefore the research of this nature turns out to be increasingly vital. (Hadlington, 2017). Awareness
of the available and possible security measure can improve the perception regarding improvement of
securing oneself as well recommending same to others thus perception has a high impact on pursing
and spreading awareness. Thinking about cybersecurity and thinking about the wrongdoing submitted
there in are influenced by each other however not exceptionally concentrated note. From the gather
data it can be said that better perception leads to more knowledge of cybercrime activity taking place
around the user however if the user is preceptive of self-sufficiency in own security measure the
awareness of crime is minimalized however the lack of knowledge can also be attributed to a regular

9
development in cyberspace both on positive and negative scale for instance, antivirus definition is
updated regularly.

References

Anwar, M. (2016). Gender difference and employees’ cybersecurity behaviors Computer Human
Behavior. Elsevier.

Cante, V. J. (2004). Ethics in Information Technology and Software Use. Journal of Business Ethics.

Dwight D. Eisenhower. (2016). https://www.mindtools.com/pages/article/newLDR_41.htm.

Retrieved from https://www.mindtools.com.

Griffiths, M. (2010). Internet abuse and internet addiction in the workplace. Retrieved from Emerald
Group Publishing Limited:
https://www.emeraldinsight.com/doi/abs/10.1108/13665621011071127

NATIONAL CRIME RECORDS BUREAU, India. (2005). Crimes in India. Retrieved from NATIONAL
CRIME RECORDS BUREAU:
http://ncrb.gov.in/StatPublications/CII/CII2005/home.htm

Ogut, R. &. (2013). Information Security Risk Management through Self-Protection and Insurance.
Retrieved from Research Gate:
https://www.researchgate.net/publication/229014862_Information_security_risk_manage
me nt_through_self-protection_and_insurance

Ridho, A. R. (2015). Information Security Awareness at the Knowledge-Based Institution: Its

Antecedents and Measures. Procedia Computer Science, elsevier.

Sreehari A, K. A. (2018). A STUDY OF AWARENESS OF CYBER CRIME AMONG COLLEGE STUDENTS

WITH SPECIAL REFERENCE TO KOCHI. International Journal of Pure and Applied
Mathematics.

10