Cyber Security Behaviours

What is the problem/issue being addressed? Why is it important for society?

A recent wave of cyberattacks has made it evident that cybercrime is a growing global concern. Numerous threats such as malware infections, phishing attempts and identity thefts can have disastrous consequences for citizens, firms and nations. Cybercrime, defined as crimes where expertise about cyberspace is used to violate the law , is an increasing threat due to criminals’ creativity, faster digitization, growing dependence on technologies and huge data accumulation . The growing social and economic impact of cybercrimes has urged international organizations, businesses, and universities to develop strategies in order to expand our current understanding of the phenomenon . The first research undertaken in this field focused on technical forms of cybercrime, measures, and their economic consequences.

However, despite using state-of-the-art technical security systems, people and organizations continue to experience security breaches . Whatever the quality of the technical layer of security, the ultimate security depends on appropriate end user behaviour .
While many people recognize the importance of safe practice on the internet, many do not engage in proper safeguarding behaviours . In such context, our research question is: what are the determinants of individual cyber security behaviours?

What are the overall objectives?

We aim to understand the range of cyber security behaviours, using the example of students in France and the UK. Cyber security behaviour is defined here as the individuals’ security risk management behaviour involving two aspects: the adoption of security technology and personal cyber security awareness related to computer and internet usage

1. General presentation
During the fellowship, I have followed the research plan submitted to the EU. Thus, I worked on the literature review, prepared and organized the data collection. However, during the project, some adjustments were made according to the events. Thus, Agent-Modelling was not done since this type of modelling was not considered relevant for the research. In addition, the covid-19 crisis implied that since March 2020, I have been working from home and will do so until the end of the project.

2. Qualitative Phase. The qualitative phase is done in the France and in the UK.
2.1 UK empirical research
The total number of interviews is 75 (with written consent), including:
58 interviews of students.
17 interviews with IT specialists.
All interviews are transcribed.

2.2 France empirical research
Due to the structure of higher education in France, the objective is to do interviews with Grandes Ecoles students and State University students.
State University: 49 interviews of students in social sciences (of course all interviews with the written consent).
Grandes Ecoles: 60 interviews of students in the management field and the engineering field in 2020. Since this last data collection is very recent, new questions were added in the questionnaire about privacy protection, after the CUREC approval.

2.3 Total number of interviews
At the end of June 2020, I have 184 interviews (with consent form signed): 75 in the UK + 109 in France. The target in the EU proposal was 60 interviews. I have 3 times more interviews than forecasted.

I have decided to increase the number of interviews, especially to get a good balance of female / male respondents.

3. Quantitative Phase

Based on early results (UK and French State University), I worked on the next quantitative phase, which is a survey questionnaire among students in France and the UK.
A questionnaire was built in March / April. The questionnaire is based on previous academic research and covers key concepts to explain the determinants of the cybersecurity behaviours. After ethics approval (CUREC), the questionnaire was tested in May. A new version was submitted and approved by CUREC. The quantitative phase has been done in France and the UK in June and July 2020.
An English and a French version of the questionnaire were done.

I am now collecting answers using a link the website SurveyMonkey in France and in the UK.

4. Results
The project has had interesting results for the fellow and for the creation of knowledge. Thus, the fellowship to the University of Oxford has allowed me to increase my expertise in different fields: internet studies, cyber security, research methods.
The budget of the project was used for the data collection, coding, transcription, travel expenses to conferences or meetings.
I have done several presentations about the research project to academic communities regarding different concepts of the theoretical framework and the research project. I also engaged the public (especially students) about cyber security behaviours. I had some contacts with the industry. I am already thinking of the next research project after CYBERSECURITY.

The CYBERSECURITY research project will be beneficial for society in providing a deep analysis of the cyber security behaviours of students in France and the UK. The final aim will be increased the security behaviours of students. In addition, we will be able to make recommendations to Higher Education institutions.