<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article  PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article"><front><journal-meta><journal-id journal-id-type="publisher-id">JIS</journal-id><journal-title-group><journal-title>Journal of Information Security</journal-title></journal-title-group><issn pub-type="epub">2153-1234</issn><publisher><publisher-name>Scientific Research Publishing</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.4236/jis.2019.104016</article-id><article-id pub-id-type="publisher-id">JIS-96069</article-id><article-categories><subj-group subj-group-type="heading"><subject>Articles</subject></subj-group><subj-group subj-group-type="Discipline-v2"><subject>Computer Science&amp;Communications</subject></subj-group></article-categories><title-group><article-title>
 
 
  How Perceived Benefits and Barriers Affect Millennial Professionals’ Online Security Behaviors
 
</article-title></title-group><contrib-group><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Fabrice</surname><given-names>Djatsa</given-names></name><xref ref-type="aff" rid="aff1"><sub>1</sub></xref></contrib></contrib-group><aff id="aff1"><label>1</label><addr-line>Research and Development Department, Caelid Technology, Triangle, USA</addr-line></aff><pub-date pub-type="epub"><day>14</day><month>10</month><year>2019</year></pub-date><volume>10</volume><issue>04</issue><fpage>278</fpage><lpage>301</lpage><history><date date-type="received"><day>29,</day>	<month>September</month>	<year>2019</year></date><date date-type="rev-recd"><day>27,</day>	<month>October</month>	<year>2019</year>	</date><date date-type="accepted"><day>30,</day>	<month>October</month>	<year>2019</year></date></history><permissions><copyright-statement>&#169; Copyright  2014 by authors and Scientific Research Publishing Inc. </copyright-statement><copyright-year>2014</copyright-year><license><license-p>This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/</license-p></license></permissions><abstract><p>
 
 
  Over the past decade, there has been an increase in cybersecurity breaches through identity theft, hacking, phishing attacks, and the use of malware such as viruses, worms, or trojans. The breaches have triggered an increase in investment in information security in organizations. As technology continues to improve, the risks of having cybersecurity incidents also increase. Cybersecurity firms reported that in 2016, there were 1209 total breaches with 1.1 billion identities exposed. Most experts agree that human vulnerability is a significant factor in cybersecurity. Most issues related to advanced threats come from human nature and ignorance. For the study, the researcher examined the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors. The study focused on two elements of perception which are perceived benefits and perceived barriers. The researcher administered a survey to 109 participants randomly selected among Survey Monkey audience members. The Spearman’s correlation test performed supported the analysis of the strength of the relationship and the level of significance between each of the independent variables and the dependent variable. The results from the statistical test provided enough evidence to reject each of the null hypothesis tested in this study. There were significant correlations between each of the independent variables, Perceived Benefits (PBE) and Perceived Barriers (PBA) and the dependent variable Online Security Behaviors (OSB).
 
</p></abstract><kwd-group><kwd>Perceptions</kwd><kwd> Barriers</kwd><kwd> Benefits</kwd><kwd> Online Security Behaviors</kwd><kwd> Millennial</kwd></kwd-group></article-meta></front><body><sec id="s1"><title>1. Introduction</title><p>The purpose of the study was to examine the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors. The study focused on Millennial professionals as the target population. A thorough review of the factors influencing the perceptions of cybersecurity risks supported the examination of the relationship between perceived benefits, perceived barriers, and users’ online security behaviors. The health belief model served as the theoretical foundations to develop a model to examine the relationship between perceptions of cybersecurity risks and users’ online security behaviors. The theoretical framework allowed for a better understanding of how computer users perceived the benefits and barriers of using anti-malware software and the correlation between these factors and the online security behaviors that Millennials professionals manifested on the internet. A quantitative approach supported the examination of the problem and the collection of the data. The investigation method was based on a self-reported web-based survey to gather data and test the model adapted from the health belief model. The survey provided insights into Millennial professionals’ online security behaviors.</p><p>The growing interest that researchers have in users’ perceptions of cybersecurity risks is because individuals, as well as organizations, have become more dependent to technology and the internet to accomplish daily operations [<xref ref-type="bibr" rid="scirp.96069-ref1">1</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref2">2</xref>]. The reliance on technology exposes users to various forms of cyber-attack [<xref ref-type="bibr" rid="scirp.96069-ref1">1</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref2">2</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref3">3</xref>]. The increased use of the internet caused by users demanding great service delivery via the internet has made secure computing and cybersecurity a chief concern [<xref ref-type="bibr" rid="scirp.96069-ref4">4</xref>]. The U.S. government has established a cyber command within the military whose mission is to protect against cyber-attacks from adversaries [<xref ref-type="bibr" rid="scirp.96069-ref5">5</xref>]. The public and private sectors seem to pay less attention to secure computing and cybersecurity practices [<xref ref-type="bibr" rid="scirp.96069-ref4">4</xref>]. The public sector relies on observations, friends, and media to assist with cyber defense strategies [<xref ref-type="bibr" rid="scirp.96069-ref6">6</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref7">7</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref8">8</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref9">9</xref>].</p><p>Researchers in information security discipline have leveraged theories from other disciplines to study information security phenomena. The application of the theories in information security has been the subject of a lot of criticism [<xref ref-type="bibr" rid="scirp.96069-ref10">10</xref>]. Scholars have found that the findings based on the protection motivation theory within the information security literature are inconsistent with theoretical expectations [<xref ref-type="bibr" rid="scirp.96069-ref11">11</xref>].</p><p>Researchers used the health belief model to explain phenomena in information security [<xref ref-type="bibr" rid="scirp.96069-ref12">12</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref13">13</xref>] used the health belief model to analyze home personal computer security adoption behavior. Reference [<xref ref-type="bibr" rid="scirp.96069-ref14">14</xref>] used the health belief model to examine user computer security behaviors. Both studies omitted protection motivation, fear appeals, and response efficacy. Reference [<xref ref-type="bibr" rid="scirp.96069-ref15">15</xref>] used the health belief model to examine home computer users’ security awareness, information privacy, and security behaviors. The study solely relied on constructs from the health belief model and did not present any correlation between these constructs and those of the protection motivation theory.</p><p>The study contributed to a better understanding of the relationship between Millennials perceptions of benefits and costs of good cybersecurity practice and users’ online security behaviors. As a significant group of the population, Millennials constitute an essential part of the workforce for most organizations [<xref ref-type="bibr" rid="scirp.96069-ref16">16</xref>]. Millennials are the savviest generation regarding the use of information technology products [<xref ref-type="bibr" rid="scirp.96069-ref17">17</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref18">18</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref19">19</xref>]. The significance of the study was that it addresses security managers’ concerns regarding the lack of studies on Millennial professionals’ security-related perceptions and behaviors [<xref ref-type="bibr" rid="scirp.96069-ref20">20</xref>]. There was a gap of knowledge on the understanding of the relationship between Millennial professionals’ perceptions of the benefits and costs of cybersecurity and online security behaviors. The study can help government agencies, businesses, and scholars understand Millennial professionals’ perception of cybersecurity risks and their online security behaviors. Organizations must understand users’ online security behaviors to develop adequate training and policies materials [<xref ref-type="bibr" rid="scirp.96069-ref21">21</xref>]. The findings of the study can support the development of security tools and training tailored to Millennial professionals. Researchers, scholars, and practitioners can take advantage of the study by using the knowledge gained to implement new measures that promote safe online behaviors. Scholars and researchers can build on the results of the study to develop new tools to improve information security.</p><p>In the following sections, the paper presents a discussion from scholars and researchers on a holistic approach to the importance of understanding perceptions to explain behaviors. The paper examines the role that perceptions of risks played in shaping online security behaviors. The paper presents a description of the methodology used, data analysis, and results.</p></sec><sec id="s2"><title>2. Review of the Literature</title><sec id="s2_1"><title>2.1. Millennial Cybersecurity Posture</title><p>With the excessive number of cyber-attacks, ensuring the security of computer systems continues to be a challenge to organizations as well as to individuals. In the first quarter of 2016 report, the Anti-Phishing Working Group stated that the total number of unique phishing websites observed was 289,371. The number grew steadily from 48,114 in October 2015 to 123,555 observed in March 2016. The increase represents a 250% jump over six months [<xref ref-type="bibr" rid="scirp.96069-ref22">22</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref23">23</xref>] reported that in 2016, there were 1209 total breaches with 1.1 billion identities exposed. Most Millennials have risky online security behaviors [<xref ref-type="bibr" rid="scirp.96069-ref24">24</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref25">25</xref>] reported that as much as 66% of Millennials have connected to a public Wi-Fi network in previous months, and 42% shared a password with a non-family member in 2016. Millennials professionals need to know the type of cyber-attacks they are vulnerable to and how their perceptions of cybersecurity risks affect their security behavior online [<xref ref-type="bibr" rid="scirp.96069-ref26">26</xref>]. Twenty percent of the surveyed participants have never changed the online banking password, and many Millennials use the same password to sign into different accounts/websites. Millennials often skip two-step authentications when they are available and engage in other risky behaviors [<xref ref-type="bibr" rid="scirp.96069-ref25">25</xref>]. It is not clear how the users’ perceptions of cybersecurity risks influence online security behaviors [<xref ref-type="bibr" rid="scirp.96069-ref20">20</xref>].</p></sec><sec id="s2_2"><title>2.2. Risk Perception in the Cyberspace</title><p>Media outlets increasingly report cyber-attacks and incidents. Every month, there are reports of significant incidents affecting hundreds of thousands of users [<xref ref-type="bibr" rid="scirp.96069-ref27">27</xref>]. Despite these reports, it is unclear if Millennials have the requisite knowledge to protect themselves [<xref ref-type="bibr" rid="scirp.96069-ref28">28</xref>]. Some users might have a false sense of security and expose themselves to security risks as a result [<xref ref-type="bibr" rid="scirp.96069-ref29">29</xref>]. The increased number of data breaches through hacking incidents has become a phenomenon of interest for internet security researchers [<xref ref-type="bibr" rid="scirp.96069-ref30">30</xref>]. As the breaches are targeting more online shopping sites, it is likely that users’ knowledge and perceptions of the internet have changed over time [<xref ref-type="bibr" rid="scirp.96069-ref31">31</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref32">32</xref>]. Although internet users are conscious of the potential cyber threats, it does not prevent them from connecting their computers and other smart devices to the internet [<xref ref-type="bibr" rid="scirp.96069-ref33">33</xref>].</p><p>Security awareness is one of the essential elements of information security management [<xref ref-type="bibr" rid="scirp.96069-ref34">34</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref35">35</xref>]. Security awareness is the extent to which the members of an organization understand the importance of information security, individual responsibilities, and the minimum security required by the organization and behave accordingly. Today, practitioners and researchers agree that security awareness is critical to a successful and effective information security management and that it will be more cost-effective to invest in security awareness improvement than technology [<xref ref-type="bibr" rid="scirp.96069-ref36">36</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref37">37</xref>]. The current knowledge of security awareness is limited because researchers have not studied the behavioral aspect of security awareness and its operationalization and conceptualization in existing research have been too broad for the most part [<xref ref-type="bibr" rid="scirp.96069-ref34">34</xref>].</p></sec><sec id="s2_3"><title>2.3. Health Belief Model</title><p>In past security behavioral research, the research relies on constructs developed under the health belief model [<xref ref-type="bibr" rid="scirp.96069-ref14">14</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref38">38</xref>]. Perceived severity, perceived susceptibility, perceived benefits, perceived barriers, cues to action, general security orientation, and self-efficacy are all factors in human behaviors. All these constructs have a particular influence on the security behaviors of computer end-users [<xref ref-type="bibr" rid="scirp.96069-ref15">15</xref>]. Cybersecurity awareness of risks influences users’ attitudes and behaviors toward safety [<xref ref-type="bibr" rid="scirp.96069-ref39">39</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref40">40</xref>]. Most of the studies conducted on the use of the internet and users’ risk perceptions focused on scenarios that identified some of the variables in the risk equation as opposed to the type of threat that exists on the internet [<xref ref-type="bibr" rid="scirp.96069-ref41">41</xref>]. Studies that focused on the social impact of cyber-attacks are rare [<xref ref-type="bibr" rid="scirp.96069-ref42">42</xref>]. Below is outlined the two constructs under the health belief model which represent the dependent variables examined in the study.</p><p>Perceived benefits. The construct represents the favorable outcome that the individual perceives in adopting the new behavior that will diminish the risk of acquiring the disease or that of being a victim. An individual will most likely adopt a new behavior if the person thinks that the behavior adopted will decrease the chance of acquiring the disease [<xref ref-type="bibr" rid="scirp.96069-ref43">43</xref>]. If Millennials do not see the benefits of reducing cybersecurity risks, there will be fewer incentives for a change of behavior [<xref ref-type="bibr" rid="scirp.96069-ref44">44</xref>].</p><p>Perceived barriers. The construct represents the individual’s apprehension of the difficulties that one will face to adopt the new behavior. It has a direct correlation with preventive security behaviors [<xref ref-type="bibr" rid="scirp.96069-ref45">45</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref46">46</xref>] implied that from all the constructs in the health belief model, perceived barriers are the most important in assessing a change of behavior.</p><p>Below <xref ref-type="fig" rid="fig1">Figure 1</xref> is a view of the theoretical framework.</p></sec></sec><sec id="s3"><title>3. Methodology and Data Analysis</title><sec id="s3_1"><title>3.1. Methodology</title><p>The quantitative methodology supported the approach of the study. In a quantitative method, applying deductive reasoning with the results and responses allows moving from specific to general [<xref ref-type="bibr" rid="scirp.96069-ref47">47</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref48">48</xref>] developed a survey instrument (see Appendix A) that served as a basis to develop the survey instrument for the study. The researcher had received permission from the authors to use and modify the survey instrument. Validity and reliability are essential elements of a quantitative methodology [<xref ref-type="bibr" rid="scirp.96069-ref49">49</xref>]. A quantitative methodology fits because the variables to measure and the results are numerical data [<xref ref-type="bibr" rid="scirp.96069-ref50">50</xref>]. Quantitative methodology was appropriate as it is evidence-based practice in psychology and used to measure the changes in variables [<xref ref-type="bibr" rid="scirp.96069-ref51">51</xref>].</p><p>Survey research was appropriate because of the examination of the relationship between variables [<xref ref-type="bibr" rid="scirp.96069-ref52">52</xref>]. The objective was to examine the relationship between the perceptions of cybersecurity risks and the users’ online security behavior of Millennial professionals. An analysis of the correlation helped determine the relationship between variables and make predictions [<xref ref-type="bibr" rid="scirp.96069-ref53">53</xref>].</p></sec><sec id="s3_2"><title>3.2. Research Questions and Hypothesis</title><p>The dependent variable was the users’ online security behaviors (OSB). The independent variables were perceived benefits (PBE) and perceived barriers (PBA).</p><sec id="s3_2_1"><title>3.2.1. Research Questions</title><p>RQ1: What is the relationship between Millennial professionals’ perceived benefits and users’ online security behaviors?</p><p>RQ2: What is the relationship between Millennial professionals’ perceived barriers and users’ online security behaviors?</p></sec><sec id="s3_2_2"><title>3.2.2. Hypotheses</title><p>H1o: A correlation does not exist between Millennial professionals’ perceived benefits and users’ online security behaviors.</p><p>H1A: A correlation does exist between Millennial professionals’ perceived benefits and users’ online security behaviors.</p><p>H2o: A correlation does not exist between Millennial professionals’ perceived barriers and users’ online security behaviors.</p><p>H2A: A correlation does exist between Millennial professionals’ perceived barriers and users’ online security behaviors.</p></sec></sec><sec id="s3_3"><title>3.3. Population and Sample</title><p>The population of research represents the group targeted, or the group referred to in the conclusion [<xref ref-type="bibr" rid="scirp.96069-ref54">54</xref>]. The population was Millennial professionals in the United States who met a set of criteria as defined below. Millennials represent the largest generation in the U.S. labor force, with more than one third participating in the labor force. As of 2017, roughly 35% or 35 million of Millennials were looking for work or working [<xref ref-type="bibr" rid="scirp.96069-ref55">55</xref>]. The population included Millennial professionals among Survey Monkey audience, who own a computer and have regular access to the internet. The study did not focus on a specific industry, and the participants had to be employed to meet the professionalism criteria. For the purpose of the study, a professional was defined as someone who uses professional knowledge and skills to address the issues that arise in the workplace [<xref ref-type="bibr" rid="scirp.96069-ref56">56</xref>]. Therefore, the target population criteria included: 1) any Millennials, which refers to individuals born between 1982 and 2000 [<xref ref-type="bibr" rid="scirp.96069-ref57">57</xref>] ; 2) participants must have a current job; 3) participants must own a computer; 4) participants must have regular access to the internet; and 5) participants must be accessible through the SurveyMonkey platform. SurveyMonkey has over 2.5 million daily respondents answering surveys on the platform [<xref ref-type="bibr" rid="scirp.96069-ref58">58</xref>]. The target population represented all the respondents on the platform who met the criteria above. The researcher did not obtain an estimation of the target population since SurveyMonkey could not provide an estimate of how many SurveyMonkey users met criteria a through d. The information collected from each participant during the survey process served as the primary data.</p><p>The sample size was determined by using the ANZMTG Statistical Decision Tree, which is a sample calculator that leverages the power calculation for Pearson’s and Spearman’s correlation method. The ANZMTG Statistical Decision Tree is a tool used to determine the sample size in function of the predefined criteria inputted in the tool. The tool confirmed that a sample size of 38 participants was appropriate with a power of 1 − β = 0.9, a correlation coefficient of ρ = 0.5 for a large effect size, and a significance level of α = 0.05, which are the only criteria relevant to calculating the sample size for the Spearman’s correlation test [<xref ref-type="bibr" rid="scirp.96069-ref59">59</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref60">60</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref61">61</xref>]. With the given parameters, the ANZMTG Statistical Decision Tree analysis tool indicated a 90% confidence of obtaining the correct result if the study was repeated with different random samples. Additionally, the level of significance indicated that there is only a 5% risk of false-positive findings with a total sample size of 38 participants for a Spearman’s correlation test [<xref ref-type="bibr" rid="scirp.96069-ref61">61</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref62">62</xref>]. To ensuring greater reliability of the findings, the author went beyond the recommended sample size and conducted the study with a sample size of 109 participants.</p></sec><sec id="s3_4"><title>3.4. Data Collection</title><p>Participants received a clear and unambiguous statement regarding the voluntary nature of the survey. Also, the statement expressed the researcher’s commitment to ensuring the participants’ anonymity and the protection of PII. SurveyMonkey served as a medium to collect data. The data collection process followed a sequence of ten steps as described below:</p><p>Step 1. The authors of the survey instrument (see Appendix A) leveraged for the study have granted permission to use and potentially modify the survey instrument selected. The instrument (Likert-type scales) was previously validated in previous studies [<xref ref-type="bibr" rid="scirp.96069-ref48">48</xref>]. In several studies, researchers have developed surveys by combining surveys or using questions from previously validated survey instruments [<xref ref-type="bibr" rid="scirp.96069-ref14">14</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref63">63</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref64">64</xref>].</p><p>Step 2. Modifications to the survey instrument consisted of replacing a word such as spyware with malware. The modifications were limited and did not affect any of the significant elements of each survey instrument. The modifications strengthened the content validity which is considered mandatory [<xref ref-type="bibr" rid="scirp.96069-ref65">65</xref>]. Content validity refers to the level to which inferences are legitimate to operationalize the theoretical constructs in the study [<xref ref-type="bibr" rid="scirp.96069-ref66">66</xref>].</p><p>Step 3. SurveyMonkey was the platform used to conduct the survey. The researcher sent a letter to request permission and received authorization to use the SurveyMonkey website.</p><p>Step 4. A SurveyMonkey account was created to gain access to the products offered on the website. The survey instrument was created using a custom survey creation builder available on the SurveyMonkey website.</p><p>Step 5. Invitations were sent to 155 Millennial professionals who had met the targeting criteria. The invitation included the research topic, instructions on how to complete the survey, and a Uniform Resource Locator (URL) link that redirected participants to the online survey once they clicked on it.</p><p>Step 6. Once the potential participants clicked on the URL link in the invitation, they had to review an informed consent form which explained the nature of the research, the security measures in place to protect their anonymity and PII and the survey expectations. Participants had the choice to continue the survey or to exit the website [<xref ref-type="bibr" rid="scirp.96069-ref67">67</xref>].</p><p>Step 7. Participants who chose to continue with the survey moved on to the next page, where they had to answer four qualifying questions (see Appendix B) to verify their eligibility to participate.</p><p>Step 8. If the participants chose to exit the survey here, the survey did not collect their PII, and they were directed to a thank you page which expresses gratitude for their time. The website also automatically directed the participants who had completed the survey to a thank you page at the end. SurveyMonkey saved the answers.</p><p>Step 9. At the end of the survey period, all data saved on SurveyMonkey databases were downloaded on an external hard drive and analyzed.</p><p>Step 10. The data were encrypted and stored in a secure room. The researcher archived the data contained in the hard drive for 5 years [<xref ref-type="bibr" rid="scirp.96069-ref68">68</xref>]. After 5 years, the researcher will destroy the data.</p></sec></sec><sec id="s4"><title>4. Data Analysis</title><p>A quantitative, non-experimental, correlational design was the best fit because it facilitated the analysis of the relationship between dependent and independent variables [<xref ref-type="bibr" rid="scirp.96069-ref69">69</xref>]. A quantitative, non-experimental, correlational design supported cause-effect and causal relationship analysis [<xref ref-type="bibr" rid="scirp.96069-ref70">70</xref>]. The research design was useful to analyze strategies [<xref ref-type="bibr" rid="scirp.96069-ref71">71</xref>]. Correlation allowed the identification of the relationship that may exist between two or more variables [<xref ref-type="bibr" rid="scirp.96069-ref70">70</xref>]. The data analysis process followed a sequence of five steps as described below:</p><p>Step 1. A valid copy of SPSS (Statistical Package for Social Sciences) was obtained from the university library. SPSS was the statistical tool of choice to analyze the data collected. The data were analyzed using correlation analysis.</p><p>Step 2. All the data were entered into SPSS for non-parametric Spearman correlation analysis. Spearman correlation was appropriate for the study as the variables were measured on scales that were ordinal, and the data were considered non-parametric [<xref ref-type="bibr" rid="scirp.96069-ref72">72</xref>].</p><p>Step 3. The coefficient of correlation indicated the direction and strength of the relationship between the dependent and independent variables. It allowed for a better appreciation of the influence that one variable had on the other when there was a change in value. The measure of the coefficient of correlation supports all appropriate inferences to the general population [<xref ref-type="bibr" rid="scirp.96069-ref73">73</xref>]. The independent variables considered were perceived susceptibility, perceived severity, perceived barriers, perceived benefits, and self-efficacy in cybersecurity. The dependent variable was users’ online security behaviors. The calculation of the coefficient of correlation helped to determine the direction and strength of the relationship between each pair of variables. The determination was based on the following measures: 1) 0.00 - 0.19 is considered as “very weak”; 2) 0.20 - 0.39 is “weak”, 0.40 - 0.59 is “moderate”, 0.60 - 0.79 is “strong”, and 0.80 - 1.0 is “very strong” [<xref ref-type="bibr" rid="scirp.96069-ref74">74</xref>].</p><p>Step 4. An interpretation of the statistical metrics such as median, mean, standard deviation, minimum/maximum values, and count of information presented descriptive statistics of the sample. The non-parametric Spearman correlation analysis supported the decision of whether to reject or fail to reject each null hypothesis using a p-value threshold p &lt; 0.05 to determine the level of significance.</p><p>Step 5. Additional analysis was conducted using the data collected with the second group of demographic questions which inquired about the participant’s: 1) age group; 2) gender; 3) region; 4) household income; and 5) internet experience. The analysis aimed at identifying any trends related to each demographic category and to compare between categories and the independent variables.</p><p>For the purpose of this study, perceived safeguard effectiveness, perceived safeguard cost, and avoidance behavior were relabelled as perceived benefits, perceived barriers, and online security behaviors respectively for data analysis.</p><sec id="s4_1"><title>4.1. Participant Demographics</title><p>The SurveyMonkey website provided the researcher with the platform to administer the survey to the participants of the study. The targeted audience for the study included Millennial Professionals with or without a college degree, 35 job functions from writer to researcher, 19 options for industry from advertising and marketing to utilities/energy/extraction, and five job levels (owner/executive/C-level, senior management, middle management, intermediate, and entry-level). The first page of the survey contained the informed consent form. Participation in the survey required that each participant agreed to the consent form by clicking the “Yes” box to proceed to the next page where the participant had to answer three qualifying questions. The qualifying questions served as a second layer of screening. Participants who met the criteria had to answer “Yes” to each of the three questions to start answering the survey questions. Any selection of the “No” box on either page (informed consent or qualifying criteria) automatically disqualified the participant.</p><p>The demographic question of the survey focused on participants’ number of years of internet experience. All the participants in the survey were Millennial professionals. Participants had a diverse background, as they came from various regions within the United States and represented a broad spectrum of industry sectors. SurveyMonkey website provided the platform through which the survey questions were administered. The participants were all members of the SurveyMonkey pool of active users or panelists. In addition to the demographic question within the survey, SurveyMonkey collected a few demographic data regarding the participants’ age, gender, household income, region, and device type. The additional demographic questions were added to the survey questions for all participants to answer.</p></sec><sec id="s4_2"><title>4.2. Presentation of the Data</title><p>The researcher downloaded and stored the data collected through the SurveyMonkey website on a personal computer. The data was saved in an SPSS format/file and subsequently imported into SPSS Statistics Standard GradPack 24 for descriptive and correlation analysis. Participants’ responses were organized into a demographic section and correlational statistics section. The demographic section presented the data about the participants’ age group, gender, region, household income, and internet experience. The correlational variables section presented the result of the data preparation analysis and the correlation test.</p><p>A total of 155 participants agreed to take the survey study. From the total number of participants, four participants were disqualified because they did not agree to the Informed Consent form, 19 participants were disqualified because they did not meet the qualifying criteria, 23 of the participants who consented and qualified to participate in the study did not complete the survey. The remaining 109 participants who completed the survey represented the sample study. There was no need to consider a larger sample, given that the recommended sample size was determined with a power of 1 − β = 0.9, which indicates a 90% confidence of obtaining the correct result if the study was repeated with different random samples. The power selected is superior to the minimum recommended value. Additionally, the significance level of α = 0.05 met the recommended value for most academic studies [<xref ref-type="bibr" rid="scirp.96069-ref61">61</xref>].</p><p>Before starting the analysis of the data collected for the study, it was essential to measure and assess the reliability of the survey instrument. Cronbach’s alpha test helped verify the survey instrument reliability. Cronbach’s alpha is an appropriate test to measure the internal consistency and reliability of a research instrument [<xref ref-type="bibr" rid="scirp.96069-ref75">75</xref>]. The survey instrument centered around 44 statements which constituted the core questions in the survey. The core questions included: 1) five statements measuring the perceived susceptibility construct on a 7-point Likert scale; 2) ten statements measuring the perceived severity construct with a 7-point Likert scale; 3) six statements measuring the perceived benefits construct with a 7-point Likert; 4) three statement measuring the perceived barriers construct with a 7-point Likert scale; 5) ten statement measuring the self-efficacy in cybersecurity with a 10-point Likert scale; and 6) two statements measuring the online security behaviors construct with a 7-point Likert scale.</p><p>A Cronbach’s alpha test was performed to measure the internal validity and reliability of each variable. Because the study examined several constructs, a test was performed for each variable to avoid inflating the value of alpha [<xref ref-type="bibr" rid="scirp.96069-ref76">76</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref77">77</xref>] agreed that a Cronbach’s alpha value 0.70 or above indicates an acceptable level of internal consistency and reliability. Reference [<xref ref-type="bibr" rid="scirp.96069-ref76">76</xref>] indicated that a Cronbach’s alpha value between 0.70 and 0.95 is desirable to support the internal consistency and reliability of an instrument. A higher value may indicate redundancy in the instrument but is still reliable. Other researchers agreed that to confirm internal consistency reliability, the Cronbach alpha value should be at least 0.60 for exploratory studies and 0.70 for confirmatory studies [<xref ref-type="bibr" rid="scirp.96069-ref62">62</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref78">78</xref>] indicated that 0.70 should be considered as an acceptable reliability coefficient.</p><p>An alpha value of 0.930 was measured for the six original questions for perceived benefits (see <xref ref-type="table" rid="table1">Table 1</xref>). A coefficient greater than 0.9 is considered as excellent. This value indicates that there is an excellent internal consistency of the items in the scale measuring the perceived benefits variable [<xref ref-type="bibr" rid="scirp.96069-ref79">79</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref80">80</xref>].</p><table-wrap id="table1" ><label><xref ref-type="table" rid="table1">Table 1</xref></label><caption><title> Perceived benefits reliability statistics</title></caption><table><tbody><thead><tr><th align="center" valign="middle" >Cronbach’s Alpha</th><th align="center" valign="middle" >Cronbach’s Alpha Based on Standardized Items</th><th align="center" valign="middle" >N of Items</th></tr></thead><tr><td align="center" valign="middle" >0.930</td><td align="center" valign="middle" >0.934</td><td align="center" valign="middle" >6</td></tr></tbody></table></table-wrap><p>An alpha value of 0.695 was measured for the three original questions for perceived barriers (see <xref ref-type="table" rid="table2">Table 2</xref>). An alpha value between 0.60 and 0.70 is considered as questionable and indicates questionable internal consistency within the survey instrument measuring PBA [<xref ref-type="bibr" rid="scirp.96069-ref80">80</xref>]. The alpha value calculated here could be due to the low number of statements [<xref ref-type="bibr" rid="scirp.96069-ref76">76</xref>]. A lower threshold (&lt;0.70) of the reliability coefficient is sometimes used in studies [<xref ref-type="bibr" rid="scirp.96069-ref81">81</xref>].</p><p>A second test was performed for PBA to determine the effect on the alpha value when each statement measuring this variable is removed. After dropping PBA2, the Cronbach’s alpha increased to 0.710 (see <xref ref-type="table" rid="table3">Table 3</xref>). The researcher decided to keep all items measuring PBA in the analysis given that the instrument validity has been tested in previous studies [<xref ref-type="bibr" rid="scirp.96069-ref48">48</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref82">82</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref48">48</xref>] used two criteria to assess convergent and discriminant validity of the measurements. Their assessment verified that each item had a higher loading on its hypothesized construct than other constructs and that each construct’s Average Variance Extracted (AVE) was higher than the correlations with other constructs [<xref ref-type="bibr" rid="scirp.96069-ref83">83</xref>]. The results met the pre-defined criteria (each item had higher self-loadings than cross-loadings, and each AVE’s square root was higher than the construct’s cross-correlation with other constructs). The researchers also determined the composite reliability coefficient for each construct. All coefficients were greater than 0.70, which suggested an adequate measurement of reliability [<xref ref-type="bibr" rid="scirp.96069-ref48">48</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref82">82</xref>].</p><p>In addition to the two independent variables, a Cronbach’s alpha test was also performed on the dependent variable. An alpha value of 0.926 was measured for the two original questions for online security behaviors. A coefficient greater than 0.9 is considered as excellent. This value indicates that there is an excellent internal consistency of the items in the scale measuring the online security behaviors variable [<xref ref-type="bibr" rid="scirp.96069-ref80">80</xref>].</p></sec><sec id="s4_3"><title>4.3. Descriptive Analysis and Demographic Results</title><p><xref ref-type="table" rid="table4">Table 4</xref> presents the frequency distribution of the participants’ number of years of internet experience. The table shows the different ranges under which each participant identified. Most participants had over 20 years of internet experience representing 45.0% of the sample. Participants representing 42.2% of the sample had between 11 and 20 years of internet experience, followed by 12.8% with 6 to 10 years of internet experience (see <xref ref-type="table" rid="table4">Table 4</xref>).</p><p><xref ref-type="table" rid="table5">Table 5</xref> presents the frequency distribution of all the participants’ age. Given that the sample only included Millennial professionals, the age range could only vary between 19 to 37. The table shows that only two age groups were represented in the sample. Participants between the age of 25 to 29 had the highest percentage with 56.9% while the remaining of participants identified between 19 to 24 with 43.1% (see <xref ref-type="table" rid="table5">Table 5</xref>).</p><table-wrap id="table2" ><label><xref ref-type="table" rid="table2">Table 2</xref></label><caption><title> Perceived barriers reliability statistics</title></caption><table><tbody><thead><tr><th align="center" valign="middle" >Cronbach’s Alpha</th><th align="center" valign="middle" >Cronbach’s Alpha Based on Standardized Items</th><th align="center" valign="middle" >N of Items</th></tr></thead><tr><td align="center" valign="middle" >0.695</td><td align="center" valign="middle" >0.695</td><td align="center" valign="middle" >3</td></tr></tbody></table></table-wrap><table-wrap id="table3" ><label><xref ref-type="table" rid="table3">Table 3</xref></label><caption><title> Item-total statistics</title></caption><table><tbody><thead><tr><th align="center" valign="middle" ></th><th align="center" valign="middle" >Scale Mean if Item Deleted</th><th align="center" valign="middle" >Scale Variance if Item Deleted</th><th align="center" valign="middle" >Cronbach’s Alpha if Item Deleted</th></tr></thead><tr><td align="center" valign="middle" >… I don’t know how to get an anti-malware software (PBA1).</td><td align="center" valign="middle" >6.06</td><td align="center" valign="middle" >8.293</td><td align="center" valign="middle" >0.545</td></tr><tr><td align="center" valign="middle" >… Anti-malware software may cause problems to other programs on my computer (PBA2).</td><td align="center" valign="middle" >5.50</td><td align="center" valign="middle" >9.400</td><td align="center" valign="middle" >0.710</td></tr><tr><td align="center" valign="middle" >… Installing anti-malware software is too much trouble (PBA3).</td><td align="center" valign="middle" >5.77</td><td align="center" valign="middle" >8.493</td><td align="center" valign="middle" >0.541</td></tr></tbody></table></table-wrap><table-wrap id="table4" ><label><xref ref-type="table" rid="table4">Table 4</xref></label><caption><title> Internet experience</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Frequency</th><th align="center" valign="middle" >Percent</th><th align="center" valign="middle" >Valid Percent</th><th align="center" valign="middle" >Cumulative Percent</th></tr></thead><tr><td align="center" valign="middle"  rowspan="4"  >Valid</td><td align="center" valign="middle" >6 - 10 years</td><td align="center" valign="middle" >14</td><td align="center" valign="middle" >12.8</td><td align="center" valign="middle" >12.8</td><td align="center" valign="middle" >12.8</td></tr><tr><td align="center" valign="middle" >11 - 20 years</td><td align="center" valign="middle" >46</td><td align="center" valign="middle" >42.2</td><td align="center" valign="middle" >42.2</td><td align="center" valign="middle" >55.0</td></tr><tr><td align="center" valign="middle" >&gt;20 years</td><td align="center" valign="middle" >49</td><td align="center" valign="middle" >45.0</td><td align="center" valign="middle" >45.0</td><td align="center" valign="middle" >100.0</td></tr><tr><td align="center" valign="middle" >Total</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" ></td></tr></tbody></table></table-wrap><table-wrap id="table5" ><label><xref ref-type="table" rid="table5">Table 5</xref></label><caption><title> Age</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Frequency</th><th align="center" valign="middle" >Percent</th><th align="center" valign="middle" >Valid Percent</th><th align="center" valign="middle" >Cumulative Percent</th></tr></thead><tr><td align="center" valign="middle"  rowspan="3"  >Valid</td><td align="center" valign="middle" >19 - 24</td><td align="center" valign="middle" >47</td><td align="center" valign="middle" >43.1</td><td align="center" valign="middle" >43.1</td><td align="center" valign="middle" >43.1</td></tr><tr><td align="center" valign="middle" >25 - 29</td><td align="center" valign="middle" >62</td><td align="center" valign="middle" >56.9</td><td align="center" valign="middle" >56.9</td><td align="center" valign="middle" >100.0</td></tr><tr><td align="center" valign="middle" >Total</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" ></td></tr></tbody></table></table-wrap><p><xref ref-type="table" rid="table6">Table 6</xref> presents the frequency distribution of the gender of all the participants. The table shows that the majority of participants were female representing 67.9 % of the sample. Male represented 32.1% of the participants (see <xref ref-type="table" rid="table6">Table 6</xref>).</p><p><xref ref-type="table" rid="table7">Table 7</xref> presents the frequency distribution that provides an insight into the income range of the participants. The table represents the household income of participants. Most participants earned from $50,000 - $74,999 representing 32.1%, while 21.1% earned from $25,000 - $49,999, and 18.3% earned from $75,000 - $99,999 (see <xref ref-type="table" rid="table7">Table 7</xref>).</p></sec><sec id="s4_4"><title>4.4. Data Preparation and Screening Analysis</title><p><xref ref-type="table" rid="table8">Table 8</xref> presents the frequency distribution related to participants’ perceived benefits to using anti-virus software. The result included a total of 109 values corresponding to the sample size. There was no missing value, as each participant answered all the questions.</p><table-wrap id="table6" ><label><xref ref-type="table" rid="table6">Table 6</xref></label><caption><title> Gender</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Frequency</th><th align="center" valign="middle" >Percent</th><th align="center" valign="middle" >Valid Percent</th><th align="center" valign="middle" >Cumulative Percent</th></tr></thead><tr><td align="center" valign="middle"  rowspan="3"  >Valid</td><td align="center" valign="middle" >Male</td><td align="center" valign="middle" >35</td><td align="center" valign="middle" >32.1</td><td align="center" valign="middle" >32.1</td><td align="center" valign="middle" >32.1</td></tr><tr><td align="center" valign="middle" >Female</td><td align="center" valign="middle" >74</td><td align="center" valign="middle" >67.9</td><td align="center" valign="middle" >67.9</td><td align="center" valign="middle" >100.0</td></tr><tr><td align="center" valign="middle" >Total</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" ></td></tr></tbody></table></table-wrap><table-wrap id="table7" ><label><xref ref-type="table" rid="table7">Table 7</xref></label><caption><title> Household income</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Frequency</th><th align="center" valign="middle" >Percent</th><th align="center" valign="middle" >Valid Percent</th><th align="center" valign="middle" >Cumulative Percent</th></tr></thead><tr><td align="center" valign="middle"  rowspan="9"  >Valid</td><td align="center" valign="middle" >$25,000 - $49,999</td><td align="center" valign="middle" >23</td><td align="center" valign="middle" >21.1</td><td align="center" valign="middle" >21.1</td><td align="center" valign="middle" >21.1</td></tr><tr><td align="center" valign="middle" >$50,000 - $74,999</td><td align="center" valign="middle" >35</td><td align="center" valign="middle" >32.1</td><td align="center" valign="middle" >32.1</td><td align="center" valign="middle" >53.2</td></tr><tr><td align="center" valign="middle" >$75,000 - $99,999</td><td align="center" valign="middle" >20</td><td align="center" valign="middle" >18.3</td><td align="center" valign="middle" >18.3</td><td align="center" valign="middle" >71.6</td></tr><tr><td align="center" valign="middle" >$100,000 - $124,999</td><td align="center" valign="middle" >11</td><td align="center" valign="middle" >10.1</td><td align="center" valign="middle" >10.1</td><td align="center" valign="middle" >81.7</td></tr><tr><td align="center" valign="middle" >$125,000 - $149,999</td><td align="center" valign="middle" >9</td><td align="center" valign="middle" >8.3</td><td align="center" valign="middle" >8.3</td><td align="center" valign="middle" >89.9</td></tr><tr><td align="center" valign="middle" >$150,000 - $174,999</td><td align="center" valign="middle" >5</td><td align="center" valign="middle" >4.6</td><td align="center" valign="middle" >4.6</td><td align="center" valign="middle" >94.5</td></tr><tr><td align="center" valign="middle" >$175,000 - $199,999</td><td align="center" valign="middle" >5</td><td align="center" valign="middle" >4.6</td><td align="center" valign="middle" >4.6</td><td align="center" valign="middle" >99.1</td></tr><tr><td align="center" valign="middle" >$200,000+</td><td align="center" valign="middle" >1</td><td align="center" valign="middle" >.9</td><td align="center" valign="middle" >.9</td><td align="center" valign="middle" >100.0</td></tr><tr><td align="center" valign="middle" >Total</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" ></td></tr></tbody></table></table-wrap><table-wrap id="table8" ><label><xref ref-type="table" rid="table8">Table 8</xref></label><caption><title> Perceived benefits</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Frequency</th><th align="center" valign="middle" >Percent</th><th align="center" valign="middle" >Valid Percent</th><th align="center" valign="middle" >Cumulative Percent</th></tr></thead><tr><td align="center" valign="middle"  rowspan="6"  >Valid</td><td align="center" valign="middle" >Somewhat disagree</td><td align="center" valign="middle" >2</td><td align="center" valign="middle" >1.8</td><td align="center" valign="middle" >1.8</td><td align="center" valign="middle" >1.8</td></tr><tr><td align="center" valign="middle" >Neither agree nor disagree</td><td align="center" valign="middle" >8</td><td align="center" valign="middle" >7.3</td><td align="center" valign="middle" >7.3</td><td align="center" valign="middle" >9.2</td></tr><tr><td align="center" valign="middle" >Somewhat agree</td><td align="center" valign="middle" >20</td><td align="center" valign="middle" >18.3</td><td align="center" valign="middle" >18.3</td><td align="center" valign="middle" >27.5</td></tr><tr><td align="center" valign="middle" >Agree</td><td align="center" valign="middle" >53</td><td align="center" valign="middle" >48.6</td><td align="center" valign="middle" >48.6</td><td align="center" valign="middle" >76.1</td></tr><tr><td align="center" valign="middle" >Strongly agree</td><td align="center" valign="middle" >26</td><td align="center" valign="middle" >23.9</td><td align="center" valign="middle" >23.9</td><td align="center" valign="middle" >100.0</td></tr><tr><td align="center" valign="middle" >Total</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" ></td></tr></tbody></table></table-wrap><p><xref ref-type="table" rid="table9">Table 9</xref> presents the frequency distribution related to participants’ perceived barriers to using anti-virus software. The result included a total of 109 values corresponding to the sample size. There was no missing value, as each participant answered all the questions.</p><p>The researcher performed calculations to determine the mean, median, mode standard variation, and variance to determine the level of each variable in examining the relationship between Millennial professionals’ perception of cybersecurity risks and users’ online security behaviors. The survey questions were assessed using Likert scale ordinal variables with the following weighted formats: 1 = “strongly disagree”, 2 = “disagree”, 3 = “somewhat disagree”, 4 = “neither agree nor disagree”, 5 = “somewhat agree”, 6 = “agree”, and 7 = “strongly agree”. <xref ref-type="table" rid="table1">Table 1</xref>0 presents the result of the analysis, which indicates that perceived benefits have the highest mean score (M = 5.85) of all the variables measured with a</p><table-wrap id="table9" ><label><xref ref-type="table" rid="table9">Table 9</xref></label><caption><title> Perceived barriers</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Frequency</th><th align="center" valign="middle" >Percent</th><th align="center" valign="middle" >Valid Percent</th><th align="center" valign="middle" >Cumulative Percent</th></tr></thead><tr><td align="center" valign="middle"  rowspan="7"  >Valid</td><td align="center" valign="middle" >Strongly disagree</td><td align="center" valign="middle" >26</td><td align="center" valign="middle" >23.9</td><td align="center" valign="middle" >23.9</td><td align="center" valign="middle" >23.9</td></tr><tr><td align="center" valign="middle" >Disagree</td><td align="center" valign="middle" >20</td><td align="center" valign="middle" >18.3</td><td align="center" valign="middle" >18.3</td><td align="center" valign="middle" >42.2</td></tr><tr><td align="center" valign="middle" >Somewhat disagree</td><td align="center" valign="middle" >24</td><td align="center" valign="middle" >22.0</td><td align="center" valign="middle" >22.0</td><td align="center" valign="middle" >64.2</td></tr><tr><td align="center" valign="middle" >Neither agree nor disagree</td><td align="center" valign="middle" >27</td><td align="center" valign="middle" >24.8</td><td align="center" valign="middle" >24.8</td><td align="center" valign="middle" >89.0</td></tr><tr><td align="center" valign="middle" >Somewhat agree</td><td align="center" valign="middle" >9</td><td align="center" valign="middle" >8.3</td><td align="center" valign="middle" >8.3</td><td align="center" valign="middle" >97.2</td></tr><tr><td align="center" valign="middle" >Agree</td><td align="center" valign="middle" >3</td><td align="center" valign="middle" >2.8</td><td align="center" valign="middle" >2.8</td><td align="center" valign="middle" >100.0</td></tr><tr><td align="center" valign="middle" >Total</td><td align="center" valign="middle" >38</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" >100.0</td><td align="center" valign="middle" ></td></tr></tbody></table></table-wrap><table-wrap id="table10" ><label><xref ref-type="table" rid="table1">Table 1</xref>0</label><caption><title> Statistics</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="2"  ></th><th align="center" valign="middle" >Perceived Benefits</th><th align="center" valign="middle" >Perceived Barriers</th><th align="center" valign="middle" >Online Security Behaviors</th></tr></thead><tr><td align="center" valign="middle"  rowspan="2"  >N</td><td align="center" valign="middle" >Valid</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >109</td></tr><tr><td align="center" valign="middle" >Missing</td><td align="center" valign="middle" >0</td><td align="center" valign="middle" >0</td><td align="center" valign="middle" >0</td></tr><tr><td align="center" valign="middle"  colspan="2"  >Mean</td><td align="center" valign="middle" >5.85</td><td align="center" valign="middle" >2.83</td><td align="center" valign="middle" >4.36</td></tr><tr><td align="center" valign="middle"  colspan="2"  >Median</td><td align="center" valign="middle" >6.00</td><td align="center" valign="middle" >3.00</td><td align="center" valign="middle" >5.00</td></tr><tr><td align="center" valign="middle"  colspan="2"  >Mode</td><td align="center" valign="middle" >6</td><td align="center" valign="middle" >4</td><td align="center" valign="middle" >6<sup>a</sup></td></tr><tr><td align="center" valign="middle"  colspan="2"  >Std. Deviation</td><td align="center" valign="middle" >0.931</td><td align="center" valign="middle" >1.398</td><td align="center" valign="middle" >2.053</td></tr><tr><td align="center" valign="middle"  colspan="2"  >Variance</td><td align="center" valign="middle" >0.867</td><td align="center" valign="middle" >1.954</td><td align="center" valign="middle" >4.213</td></tr></tbody></table></table-wrap><p>7-point Likert scale. The mean indicates a substantial degree of likelihood that users may be more influenced by the perceived benefits in adopting good online security behaviors. An assessment of the standard deviation indicates that users’ online security behavior had the highest average distance from the mean (M = 4.36) with σ = 2.053, which indicates that participant online security behaviors were more spread out.</p></sec><sec id="s4_5"><title>4.5. Research Questions</title><p>The central research question for the study was what is the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors? The dependent variable was the users’ online security behaviors (OSB). The independent variables were the perceptions of cybersecurity risks operationalized into the following independent variables for the research: perceived benefits (PBE) and perceived barriers (PBA). In the study, the researchers defined two hypotheses. A test of the two hypotheses helped determine if there was a significant relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors. The central research question takes into consideration the independent variables which produce the following research questions and hypotheses:</p><p>The first question and corresponding hypotheses developed in the study were the followings:</p><p>RQ1: What is the relationship between Millennial professionals’ perceived benefits and users’ online security behaviors?</p><p>H1<sub>o</sub>: A correlation does not exist between Millennial professionals’ perceived benefits and users’ online security behaviors.</p><p>H1<sub>A</sub>: A correlation does exist between Millennial professionals’ perceived benefits and users’ online security behaviors.</p><p><xref ref-type="table" rid="table1">Table 1</xref>1 presents the result of the Spearman’s correlation test, which showed that the coefficient correlation was 0.330, and the two-tailed significance level was 0.000. The finding showed that a weak positive correlation existed between perceived benefits and online security behaviors, and there was a statistically significant relationship (ρ = 0.330, 0.000 &lt; 0.05). The result from the statistical test provided enough evidence to reject the null hypothesis (H1<sub>o</sub>) in support of the study.</p><p>The second question and corresponding hypotheses developed in the study were the followings:</p><p>RQ2: What is the relationship between Millennial professionals’ perceived barriers and users’ online security behaviors?</p><p>H2<sub>o</sub>: A correlation does not exist between Millennial professionals’ perceived barriers and users’ online security behaviors.</p><p>H2<sub>A</sub>: A correlation does exist between Millennial professionals’ perceived barriers and users’ online security behaviors.</p><p><xref ref-type="table" rid="table1">Table 1</xref>2 presents the result of the Spearman’s correlation test, which showed that the coefficient correlation was −0.471, and the two-tailed significance level was 0.000. The finding showed that a moderate negative correlation existed between perceived barriers and online security behaviors, and there was a statistically significant relationship (ρ = −0.471, 0.000 &lt; 0.05). The result from the statistical test provided enough evidence to reject the null hypothesis (H2<sub>o</sub>) in support of the study.</p><table-wrap id="table11" ><label><xref ref-type="table" rid="table1">Table 1</xref>1</label><caption><title> Spearman’s correlation between PBE and OSB</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="3"  ></th><th align="center" valign="middle" >Online security Behaviors</th><th align="center" valign="middle" >Perceived Benefits</th></tr></thead><tr><td align="center" valign="middle"  rowspan="6"  >Spearman’s rho</td><td align="center" valign="middle"  rowspan="3"  >Online security Behaviors</td><td align="center" valign="middle" >Correlation Coefficient</td><td align="center" valign="middle" >1.000</td><td align="center" valign="middle" >0.330**</td></tr><tr><td align="center" valign="middle" >Sig. (2-tailed)</td><td align="center" valign="middle" ></td><td align="center" valign="middle" >0.000</td></tr><tr><td align="center" valign="middle" >N</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >109</td></tr><tr><td align="center" valign="middle"  rowspan="3"  >Perceived Benefits</td><td align="center" valign="middle" >Correlation Coefficient</td><td align="center" valign="middle" >0.330**</td><td align="center" valign="middle" >1.000</td></tr><tr><td align="center" valign="middle" >Sig. (2-tailed)</td><td align="center" valign="middle" >0.000</td><td align="center" valign="middle" ></td></tr><tr><td align="center" valign="middle" >N</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >109</td></tr></tbody></table></table-wrap><p>**Correlation is significant at the 0.01 level (2-tailed).</p><table-wrap id="table12" ><label><xref ref-type="table" rid="table1">Table 1</xref>2</label><caption><title> Spearman’s correlation between PBA and OSB</title></caption><table><tbody><thead><tr><th align="center" valign="middle"  colspan="3"  ></th><th align="center" valign="middle" >Online security Behaviors</th><th align="center" valign="middle" >Perceived Barriers</th></tr></thead><tr><td align="center" valign="middle"  rowspan="6"  >Spearman’s rho</td><td align="center" valign="middle"  rowspan="3"  >Online security Behaviors</td><td align="center" valign="middle" >Correlation Coefficient</td><td align="center" valign="middle" >1.000</td><td align="center" valign="middle" >−0.471**</td></tr><tr><td align="center" valign="middle" >Sig. (2-tailed)</td><td align="center" valign="middle" ></td><td align="center" valign="middle" >0.000</td></tr><tr><td align="center" valign="middle" >N</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >109</td></tr><tr><td align="center" valign="middle"  rowspan="3"  >Perceived Barriers</td><td align="center" valign="middle" >Correlation Coefficient</td><td align="center" valign="middle" >−0.471**</td><td align="center" valign="middle" >1.000</td></tr><tr><td align="center" valign="middle" >Sig. (2-tailed)</td><td align="center" valign="middle" >0.000</td><td align="center" valign="middle" ></td></tr><tr><td align="center" valign="middle" >N</td><td align="center" valign="middle" >109</td><td align="center" valign="middle" >109</td></tr></tbody></table></table-wrap><p>**Correlation is significant at the 0.01 level (2-tailed).</p></sec></sec><sec id="s5"><title>5. Findings and Conclusions</title><sec id="s5_1"><title>5.1. Implications for Practice</title><p>The problem addressed in the study was that the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors had not been identified [<xref ref-type="bibr" rid="scirp.96069-ref20">20</xref>]. There was a gap of knowledge on the understanding of the relationship between Millennial professionals’ perceptions of cybersecurity risks and online security behaviors. The findings of the study showed that a statistically significant correlation does exist between each of the two independent variables (PBE and PBA) and the dependent variable (OSB). The results of the correlation analysis indicated that Millennial professionals’ perceived benefits of using anti-malware software; perceived barriers to acquiring, installing, and using anti-malware; and ability to install and use anti-malware have a significant relationship with their online security behaviors. Enterprise leaders can leverage these findings and consider how they impact their organization’s security posture. The study provides valuable insight into the Millennial professionals’ perceptions of cybersecurity risks. The knowledge gained from the study can help enterprise leaders tailor information assurance training for their Millennial staff as 76% of the participants agreed on the benefits of using anti-malware software.</p></sec><sec id="s5_2"><title>5.2. Conclusions</title><p>A Spearman’s correlation analysis was performed to determine the strength of the relationship between each of the two variables associated with cybersecurity risk perceptions and users’ online security behaviors. Spearman’s correlation was selected as the best statistical test because the study met the three assumptions necessary for the use of Spearman’s correlation test. All the variables for the study were measured on an ordinal scale, the observation values for the variables were paired, and there was a monotonic relationship in variables.</p><p>The research questions for the study inquired about the relationship between each of the constructs associated with Millennial professionals’ perceptions and users’ online security behaviors. To answer these questions, the researcher developed two research questions based on each independent variable: perceived benefits (PBE), perceived barriers (PBA); and the dependent variable which was online security behaviors (OSB).</p><p>The first research question examined the relationship between Millennial professionals’ perceived benefits and users’ online security behaviors. The corresponding hypotheses were as follow: The null hypothesis (H1<sub>o</sub>): A correlation does not exist between Millennial professionals’ perceived benefits and users’ online security behaviors. The alternative hypothesis (H1<sub>A</sub>): A correlation does exist between Millennial professionals’ perceived benefits and users’ online security behaviors. <xref ref-type="table" rid="table1">Table 1</xref>1 presented the result of the Spearman’s correlation test, which showed that the coefficient correlation was 0.330, and the two-tailed significance level was 0.000. The finding showed that a weak positive correlation existed between perceived benefits and online security behaviors, and there was a statistically significant relationship (ρ = 0.330, 0.000 &lt; 0.05). The result from the statistical test provided enough evidence to reject the null hypothesis (H1<sub>o</sub>). This finding is consistent with findings elsewhere [<xref ref-type="bibr" rid="scirp.96069-ref14">14</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref84">84</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref85">85</xref>]. Reference [<xref ref-type="bibr" rid="scirp.96069-ref14">14</xref>] found that perceived benefit is a significant factor that influences computer security behavior. This can inform policies and cybersecurity awareness campaigns aimed at improving users’ cyber threat awareness.</p><p>The second research question examined the relationship between Millennial professionals’ perceived barriers and users’ online security behaviors. The corresponding hypotheses were as follow: The null hypothesis (H2<sub>o</sub>): A correlation does not exist between Millennial professionals’ perceived barriers and users’ online security behaviors. The alternative hypothesis (H2<sub>A</sub>): A correlation does exist between Millennial professionals’ perceived barriers and users’ online security behaviors. <xref ref-type="table" rid="table1">Table 1</xref>2 presented the result of the Spearman’s correlation test, which showed that the coefficient correlation was −0.471, and the two-tailed significance level was 0.000. The finding showed that a moderate negative correlation existed between perceived barriers and online security behaviors, and there was a statistically significant relationship (ρ = −0.471, 0.000 &lt; 0.05). The result from the statistical test provided enough evidence to reject the null hypothesis (H2<sub>o</sub>). This finding is consistent with findings elsewhere [<xref ref-type="bibr" rid="scirp.96069-ref14">14</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref84">84</xref>] [<xref ref-type="bibr" rid="scirp.96069-ref85">85</xref>]. This can inform businesses looking to sell anti-malware software to potential users. Executives and IT managers can rely on the findings when developing policies and cybersecurity awareness campaigns aimed at improving users’ cyber threat awareness.</p></sec></sec><sec id="s6"><title>Acknowledgements</title><p>This study has benefited from the teachings and insights of many faculty whose advice was essential in my education. I specially acknowledged the support received from Dr. Schmitt; whose guidance was instrumental in the completion of this study. As a student, I could not be more grateful to have her as my research supervisor. Dr. Schmitt’s availability, comments, and suggestions contributed to the realization of this study!</p></sec><sec id="s7"><title>Conflicts of Interest</title><p>The author has no conflicts of interest regarding the publication of this article.</p></sec><sec id="s8"><title>Cite this paper</title><p>Djatsa, F. (2019) How Perceived Benefits and Barriers Affect Millennial Professionals’ Online Security Behaviors. Journal of Information Security, 10, 278-301. https://doi.org/10.4236/jis.2019.104016</p></sec><sec id="s9"><title>Appendix A</title><p>Survey Instrument</p><disp-formula id="scirp.96069-formula4"><graphic  xlink:href="//html.scirp.org/file/5-7800615x3.png"  xlink:type="simple"/></disp-formula></sec><sec id="s10"><title>Appendix B</title><p>Survey Questions</p><p>Qualifying Questions</p><p>1) Were you born between 1982 and 2000?</p><p>Yes</p><p>No</p><p>2) Are you currently employed?</p><p>Yes</p><p>No</p><p>3) Do you own a computer?</p><p>Yes</p><p>No</p><p>4) Do you have regular access to the internet?</p><p>Yes</p><p>No</p></sec></body><back><ref-list><title>References</title><ref id="scirp.96069-ref1"><label>1</label><mixed-citation publication-type="other" xlink:type="simple">Barnard-Wills, D. and Ashenden, D. (2012) Securing Virtual Space: Cyber War, Cyber Terror, and Risk. Space and Culture, 15, 110-123. https://doi.org/10.1177/1206331211430016</mixed-citation></ref><ref id="scirp.96069-ref2"><label>2</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Srivastava</surname><given-names> S. </given-names></name>,<etal>et al</etal>. (<year>2012</year>)<article-title>Pessimistic Side of Information &amp; Communication Technology: Cyber Bullying &amp; Legislature Laws</article-title><source> International Journal of Advances in Computer Science and Technology</source><volume> 1</volume>,<fpage> 14</fpage>-<lpage>20</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.96069-ref3"><label>3</label><mixed-citation publication-type="other" xlink:type="simple">Jones, C. and Mujtaba, B. (2006) Is Your Information at Risk? Information Technology Leaders’ Thoughts about the Impact of Cybercrime on Competitive Advantage. Review of Business Information Systems, 10, 7. https://doi.org/10.19030/rbis.v10i2.5320</mixed-citation></ref><ref id="scirp.96069-ref4"><label>4</label><mixed-citation publication-type="other" xlink:type="simple">Williams, C.D. (2015) The Socialization of Secure Computing Practices for Home Internet Users: A Quantitative Analysis of Individual Perceptions. Doctoral Dissertation.</mixed-citation></ref><ref id="scirp.96069-ref5"><label>5</label><mixed-citation publication-type="other" xlink:type="simple">Panetta, L. (2012) Sustaining US Global Leadership: Priorities for 21st Century Defense. US Department of Defense, Washington DC.</mixed-citation></ref><ref id="scirp.96069-ref6"><label>6</label><mixed-citation publication-type="other" xlink:type="simple">Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S. and Combs, B. (1978) How Safe Is Safe Enough? A Psychometric Study of Attitudes towards Technological Risks and Benefits. Policy Sciences, 9, 127-152. https://doi.org/10.1007/BF00143739</mixed-citation></ref><ref id="scirp.96069-ref7"><label>7</label><mixed-citation publication-type="other" xlink:type="simple">Hali, S.M. (2000) The Role of Media in War. Defence Journal. http://www.defencejournal.com/2000/aug/role-media-war.htm</mixed-citation></ref><ref id="scirp.96069-ref8"><label>8</label><mixed-citation publication-type="other" xlink:type="simple">Parsons, K., McCormac, A., Butavicius, M. and Ferguson, L. (2010) Human Factors and Information Security: Individual, Culture and Security Environment. No. DSTO-TR-2484, Command, Control, Communications and Intelligence Division DSTO Defence Science and Technology Organisation, Edinburgh.</mixed-citation></ref><ref id="scirp.96069-ref9"><label>9</label><mixed-citation publication-type="other" xlink:type="simple">Pattinson, M. and Anderson, G. (2005) Risk Communication, Risk Perception and Information Security. In: Security Management, Integrity, and Internal Control in Information Systems, Springer, Berlin, 175-184. https://doi.org/10.1007/0-387-31167-X_11</mixed-citation></ref><ref id="scirp.96069-ref10"><label>10</label><mixed-citation publication-type="other" xlink:type="simple">Oswick, C., Fleming, P. and Hanlon, G. (2011) From Borrowing to Blending: Rethinking the Processes of Organizational Theory Building. Academy of Management Review, 36, 318-337. https://doi.org/10.5465/AMR.2011.59330932</mixed-citation></ref><ref id="scirp.96069-ref11"><label>11</label><mixed-citation publication-type="other" xlink:type="simple">Warkentin, M. and Siponen, M. (2015) An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset through Sanctioning Rhetoric. MIS Quarterly, 39, 113-134. https://doi.org/10.25300/MISQ/2015/39.1.06</mixed-citation></ref><ref id="scirp.96069-ref12"><label>12</label><mixed-citation publication-type="other" xlink:type="simple">Boss, S., Galletta, D., Lowry, P.B., Moody, G.D. and Polak, P. (2015) What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors. MIS Quarterly (MISQ), 39, 837-864. https://doi.org/10.25300/MISQ/2015/39.4.5</mixed-citation></ref><ref id="scirp.96069-ref13"><label>13</label><mixed-citation publication-type="other" xlink:type="simple">Claar, C. and Johnson, J. (2012) Analyzing Home PC Security Adoption Behavior. Journal of Computer Information Systems, 52, 20-29. https://doi.org/10.1108/09685221211235599</mixed-citation></ref><ref id="scirp.96069-ref14"><label>14</label><mixed-citation publication-type="other" xlink:type="simple">Ng, B.-Y., Kankanhalli, A. and Xu, Y.C. (2009) Studying Users’ Computer Security Behavior: A Health Belief Perspective. Decision Support Systems, 46, 815-825. https://doi.org/10.1016/j.dss.2008.11.010</mixed-citation></ref><ref id="scirp.96069-ref15"><label>15</label><mixed-citation publication-type="other" xlink:type="simple">Edwards, K. (2015) Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users. Doctoral Dissertation.</mixed-citation></ref><ref id="scirp.96069-ref16"><label>16</label><mixed-citation publication-type="other" xlink:type="simple">DelCampo, R.G., Haggerty, L.A., Knippel, L.A. and Haney, M.J. (2011) Managing the Multi-Generational Workforce: From the GI Generation to the Millennials. Gower Publishing, Ltd., Burlington.</mixed-citation></ref><ref id="scirp.96069-ref17"><label>17</label><mixed-citation publication-type="other" xlink:type="simple">Haeger, D.L. and Lingham, T. (2014) A Trend toward Work-Life Fusion: A Multi-Generational Shift in Technology Use at Work. Technological Forecasting and Social Change, 89, 316-325. https://doi.org/10.1016/j.techfore.2014.08.009</mixed-citation></ref><ref id="scirp.96069-ref18"><label>18</label><mixed-citation publication-type="other" xlink:type="simple">Miller, K. and Murphrey, T.P. (2010) Catching Up with Our Students. Millennials and iGen: Is Agriscience Education Ready? The Agricultural Education Magazine, 83, 20.</mixed-citation></ref><ref id="scirp.96069-ref19"><label>19</label><mixed-citation publication-type="other" xlink:type="simple">S-O’Brien, L., Read, P., Woolcott, J. and Shah, C. (2011) Understanding Privacy Behaviors of Millennials within Social Networking Sites. Proceedings of the American Society for Information Science and Technology, 48, 1-10. https://doi.org/10.1002/meet.2011.14504801198</mixed-citation></ref><ref id="scirp.96069-ref20"><label>20</label><mixed-citation publication-type="other" xlink:type="simple">Wipawayangkool, K. and Villafranca, E. (2015) Exploring Millennials’ Malware Awareness and Intention to Comply with Information Security Policy. Review of Integrative Business and Economics Research, 4, 153.</mixed-citation></ref><ref id="scirp.96069-ref21"><label>21</label><mixed-citation publication-type="other" xlink:type="simple">Li, L., He, W., Xu, L., Ivan, A., Anwar, M. and Yuan, X. (2014) Does Explicit Information Security Policy Affect Employees’ Cyber Security Behavior? A Pilot Study. 2014 Enterprise Systems Conference, Shanghai, 2-3 August 2014, 169-173. https://doi.org/10.1109/ES.2014.66</mixed-citation></ref><ref id="scirp.96069-ref22"><label>22</label><mixed-citation publication-type="other" xlink:type="simple">APWG (2016) Phishing Activity Trends Report, 1st Quarter 2016. Anti-Phishing Working Group. https://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf</mixed-citation></ref><ref id="scirp.96069-ref23"><label>23</label><mixed-citation publication-type="other" xlink:type="simple">Symantec (2017) Internet Security Threat Report. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf</mixed-citation></ref><ref id="scirp.96069-ref24"><label>24</label><mixed-citation publication-type="other" xlink:type="simple">Furnell, S. (2010) Jumping Security Hurdles. Computer Fraud &amp; Security, 2010, 10-14. https://doi.org/10.1016/S1361-3723(10)70067-1</mixed-citation></ref><ref id="scirp.96069-ref25"><label>25</label><mixed-citation publication-type="other" xlink:type="simple">Raytheon (2017) Securing Our Future: Cybersecurity and the Millennial Workforce. https://www.raytheon.com/sites/default/files/2017-12/2017_cyber_report_rev1.pdf</mixed-citation></ref><ref id="scirp.96069-ref26"><label>26</label><mixed-citation publication-type="other" xlink:type="simple">Sasse, M.A. and Flechais, I. (2005) Usable Security: Why Do We Need It? How Do We Get It? O’Reilly, Sebastopol.</mixed-citation></ref><ref id="scirp.96069-ref27"><label>27</label><mixed-citation publication-type="other" xlink:type="simple">Coughlin, T.M. (2017) Cybersecurity Education for Adolescents and Non-Technical Adults. Master’s Thesis.</mixed-citation></ref><ref id="scirp.96069-ref28"><label>28</label><mixed-citation publication-type="other" xlink:type="simple">Furnell, S.M., Bryant, P. and Phippen, A.D. (2007) Assessing the Security Perceptions of Personal Internet Users. Computers &amp; Security, 26, 410-417. https://doi.org/10.1016/j.cose.2007.03.001</mixed-citation></ref><ref id="scirp.96069-ref29"><label>29</label><mixed-citation publication-type="other" xlink:type="simple">Galvan, J.L. (2016) Student Motivations Regarding Online Security Implementation: A Qualitative Case Study. Doctoral Dissertation.</mixed-citation></ref><ref id="scirp.96069-ref30"><label>30</label><mixed-citation publication-type="other" xlink:type="simple">Chakraborty, R., Lee, J., Bagchi-Sen, S., Upadhyaya, S. and Raghav Rao, H. (2016) Online Shopping Intention in the Context of Data Breach in Online Retail Stores: An Examination of Older and Younger Adults. Decision Support Systems, 83, 47-56. https://doi.org/10.1016/j.dss.2015.12.007</mixed-citation></ref><ref id="scirp.96069-ref31"><label>31</label><mixed-citation publication-type="other" xlink:type="simple">Anderson, K.B., Durbin, E. and Salinger, M.A. (2008) Identity Theft. Journal of Economic Perspectives, 22, 171-192. https://doi.org/10.1257/jep.22.2.171</mixed-citation></ref><ref id="scirp.96069-ref32"><label>32</label><mixed-citation publication-type="other" xlink:type="simple">Kang, R., Dabbish, L., Fruchter, N. and Kiesler, S. (2015) My Data Just Goes Everywhere: User Mental Models of the Internet and Implications for Privacy and Security. Symposium on Usable Privacy and Security, Pittsburgh, 2015, 39-52.</mixed-citation></ref><ref id="scirp.96069-ref33"><label>33</label><mixed-citation publication-type="other" xlink:type="simple">de Bruijn, H. and Janssen, M. (2017) Building Cybersecurity Awareness: The Need for Evidence-Based Framing Strategies. Government Information Quarterly, 34, 1-7. https://doi.org/10.1016/j.giq.2017.02.007</mixed-citation></ref><ref id="scirp.96069-ref34"><label>34</label><mixed-citation publication-type="other" xlink:type="simple">Siponen, M.T. (2000) A Conceptual Foundation for Organizational Information Security Awareness. Information Management &amp; Computer Security, 8, 31-41. https://doi.org/10.1108/09685220010371394</mixed-citation></ref><ref id="scirp.96069-ref35"><label>35</label><mixed-citation publication-type="other" xlink:type="simple">Von Solms, B. (2001) Information Security—A Multidimensional Discipline. Computers &amp; Security, 20, 504-508. https://doi.org/10.1016/S0167-4048(01)00608-3</mixed-citation></ref><ref id="scirp.96069-ref36"><label>36</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Jones</surname><given-names> D. </given-names></name>,<etal>et al</etal>. (<year>2007</year>)<article-title>Low Cost Security Tools: Employee Awareness</article-title><source> Security: Solutions for Enterprise Security Leaders</source><volume> 44</volume>,<fpage> 90</fpage>-<lpage>91</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.96069-ref37"><label>37</label><mixed-citation publication-type="other" xlink:type="simple">Kelly, C. (2006) Awareness Trumps New Security Toys. Computerworld-Newton Then Framingham Massachusetts, 40, 44.</mixed-citation></ref><ref id="scirp.96069-ref38"><label>38</label><mixed-citation publication-type="other" xlink:type="simple">Claar, C.L. (2011) The Adoption of Computer Security: An Analysis of Home Personal Computer User Behavior Using the Health Belief Model. Doctoral Dissertation.</mixed-citation></ref><ref id="scirp.96069-ref39"><label>39</label><mixed-citation publication-type="other" xlink:type="simple">Bryce, J. and Fraser, J. (2014) The Role of Disclosure of Personal Information in the Evaluation of Risk and Trust in Young Peoples’ Online Interactions. Computers in Human Behavior, 30, 299-306. https://doi.org/10.1016/j.chb.2013.09.012</mixed-citation></ref><ref id="scirp.96069-ref40"><label>40</label><mixed-citation publication-type="other" xlink:type="simple">Dinev, T. and Hu, Q. (2007) The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies. Journal of the Association for Information Systems, 8, 23. https://doi.org/10.17705/1jais.00133</mixed-citation></ref><ref id="scirp.96069-ref41"><label>41</label><mixed-citation publication-type="other" xlink:type="simple">Byrne, Z.S., Dvorak, K.J., Peters, J.M., Ray, I., Howe, A. and Sanchez, D. (2016) From the User’s Perspective: Perceptions of Risk Relative to Benefit Associated with Using the Internet. Computers in Human Behavior, 59, 456-468. https://doi.org/10.1016/j.chb.2016.02.024</mixed-citation></ref><ref id="scirp.96069-ref42"><label>42</label><mixed-citation publication-type="other" xlink:type="simple">Riek, M., Bohme, R. and Moore, T. (2016) Measuring the Influence of Perceived Cybercrime Risk on Online Service Avoidance. IEEE Transactions on Dependable and Secure Computing, 13, 261-273. https://doi.org/10.1109/TDSC.2015.2410795</mixed-citation></ref><ref id="scirp.96069-ref43"><label>43</label><mixed-citation publication-type="other" xlink:type="simple">Kirscht, J.P., Haefner, D.P., Kegeles, S.S. and Rosenstock, I.M. (1966) A National Study of Health Beliefs. Journal of Health and Human Behavior, 7, 248-254. https://doi.org/10.2307/2948771</mixed-citation></ref><ref id="scirp.96069-ref44"><label>44</label><mixed-citation publication-type="other" xlink:type="simple">Dreibelbis, R. (2016) It’s More than Just Changing Your Password: Exploring the Nature and Antecedents of Cyber-Security Behaviors. Master’s Thesis.</mixed-citation></ref><ref id="scirp.96069-ref45"><label>45</label><mixed-citation publication-type="other" xlink:type="simple">Lee, D., Larose, R. and Rifon, N. (2008) Keeping Our Network Safe: A Model of Online Protection Behaviour. Behaviour &amp; Information Technology, 27, 445-454. https://doi.org/10.1080/01449290600879344</mixed-citation></ref><ref id="scirp.96069-ref46"><label>46</label><mixed-citation publication-type="other" xlink:type="simple">Janz, N.K. and Becker, M.H. (1984) The Health Belief Model: A Decade Later. Health Education Quarterly, 11, 1-47. https://doi.org/10.1177/109019818401100101</mixed-citation></ref><ref id="scirp.96069-ref47"><label>47</label><mixed-citation publication-type="other" xlink:type="simple">McNabb, D.E. (2010) Research Methods for Political Science: Qualitative and Quantitative Approaches. ME Sharp Inc., New York.</mixed-citation></ref><ref id="scirp.96069-ref48"><label>48</label><mixed-citation publication-type="other" xlink:type="simple">Liang, H. and Xue, Y. (2010) Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems, 11, 394-413. https://doi.org/10.17705/1jais.00232</mixed-citation></ref><ref id="scirp.96069-ref49"><label>49</label><mixed-citation publication-type="other" xlink:type="simple">O’Dwyer, L.M. and Bernauer, J.A. (2013) Quantitative Research for the Qualitative Researcher. Sage Publications, Thousand Oaks. https://doi.org/10.4135/9781506335674</mixed-citation></ref><ref id="scirp.96069-ref50"><label>50</label><mixed-citation publication-type="other" xlink:type="simple">Nardi, P.M. (2018) Doing Survey Research: A Guide to Quantitative Methods. 4th Edition, Routledge, New York. https://doi.org/10.4324/9781315172231</mixed-citation></ref><ref id="scirp.96069-ref51"><label>51</label><mixed-citation publication-type="other" xlink:type="simple">Martin, W.E. and Bridgmon, K.D. (2012) Quantitative and Statistical Research Methods: From Hypothesis to Results (Vol. 42). John Wiley &amp; Sons, Hoboken.</mixed-citation></ref><ref id="scirp.96069-ref52"><label>52</label><mixed-citation publication-type="other" xlink:type="simple">Punch, K. (2003) Survey Research: The Basics. Sage Publications, Thousand Oaks. https://doi.org/10.4135/9781849209984</mixed-citation></ref><ref id="scirp.96069-ref53"><label>53</label><mixed-citation publication-type="other" xlink:type="simple">Gay, L. and Airasian, P. (2000) Educational Research: Competencies for Analysis and Experience. 6th Edition, Prentice-Hall, Upper Saddle River.</mixed-citation></ref><ref id="scirp.96069-ref54"><label>54</label><mixed-citation publication-type="other" xlink:type="simple">Bethlehem, J. and Biffignandi, S. (2011) Handbook of Web Surveys (Vol. 567). John Wiley &amp; Sons, Hoboken. https://doi.org/10.1002/9781118121757</mixed-citation></ref><ref id="scirp.96069-ref55"><label>55</label><mixed-citation publication-type="other" xlink:type="simple">Fry, R. (2018) Millennials Are the Largest Generation in the U.S. Labor Force. Pew Research Center, Washington DC. https://www.pewresearch.org/fact-tank/2018/2004/2011/millennials-largest-generation-us-labor-force</mixed-citation></ref><ref id="scirp.96069-ref56"><label>56</label><mixed-citation publication-type="other" xlink:type="simple">Kane, M.T. (1992) The Assessment of Professional Competence. Evaluation &amp; the Health Professions, 15, 163-182. https://doi.org/10.1177/016327879201500203</mixed-citation></ref><ref id="scirp.96069-ref57"><label>57</label><mixed-citation publication-type="other" xlink:type="simple">U.S. Census Bureau (2015) Millennials Outnumber Baby Boomers and Are Far More Diverse. US Census Bureau, Suitland. https://www.census.gov/newsroom/press-releases/2015/cb15-113.html</mixed-citation></ref><ref id="scirp.96069-ref58"><label>58</label><mixed-citation publication-type="other" xlink:type="simple">Survey Monkey (2018) Diverse Recruitment. https://www.surveymonkey.com/collect/audience/?collector_id=232820799</mixed-citation></ref><ref id="scirp.96069-ref59"><label>59</label><mixed-citation publication-type="other" xlink:type="simple">Lachin, J.M. (1981) Introduction to Sample Size Determination and Power Analysis for Clinical Trials. Controlled Clinical Trials, 2, 93-113. https://doi.org/10.1016/0197-2456(81)90001-5</mixed-citation></ref><ref id="scirp.96069-ref60"><label>60</label><mixed-citation publication-type="other" xlink:type="simple">Shuster, J.J. (2014) Sample Size Verification for Clinical Trials. Clinical and Translational Science, 7, 60-62. https://doi.org/10.1111/cts.12115</mixed-citation></ref><ref id="scirp.96069-ref61"><label>61</label><mixed-citation publication-type="other" xlink:type="simple">Suresh, K. and Chandrashekara, S. (2012) Sample Size Estimation and Power Analysis for Clinical Research Studies. Journal of Human Reproductive Sciences, 5, 7. https://doi.org/10.4103/0974-1208.97779</mixed-citation></ref><ref id="scirp.96069-ref62"><label>62</label><mixed-citation publication-type="other" xlink:type="simple">QFAB (2019) Statistical Decision Tree. https://www.anzmtg.org/stats/PowerCalculator/PowerCorrelation</mixed-citation></ref><ref id="scirp.96069-ref63"><label>63</label><mixed-citation publication-type="other" xlink:type="simple">Ifinedo, P. (2014) Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialisation, Influence, and Cognition. Information &amp; Management, 51, 69-79.https://doi.org/10.1016/j.im.2013.10.001</mixed-citation></ref><ref id="scirp.96069-ref64"><label>64</label><mixed-citation publication-type="other" xlink:type="simple">Lebek, B., Uffen, J., Neumann, M., Hohler, B. and Breitner, M.H. (2014) Information Security Awareness and Behavior: A Theory-Based Literature Review. Management Research Review, 37, 1049-1092. https://doi.org/10.1108/MRR-04-2013-0085</mixed-citation></ref><ref id="scirp.96069-ref65"><label>65</label><mixed-citation publication-type="other" xlink:type="simple">Straub, D., Boudreau, M. and Gefen, D. (2004) Validation Guidelines for Is Positivist Research. Communications of the Association for Information Systems, 13, 380-427. https://doi.org/10.17705/1CAIS.01324</mixed-citation></ref><ref id="scirp.96069-ref66"><label>66</label><mixed-citation publication-type="other" xlink:type="simple">Trochim, W.M.K. and Donnelly, J.P. (2008) The Research Methods Knowledge Base. 3rd Edition, Atomic Dog, Mason, 56-65.</mixed-citation></ref><ref id="scirp.96069-ref67"><label>67</label><mixed-citation publication-type="other" xlink:type="simple">U.S. Department of Health and Human Services (1979) The Belmont Report. New York.</mixed-citation></ref><ref id="scirp.96069-ref68"><label>68</label><mixed-citation publication-type="other" xlink:type="simple">Coulehan, M.B. and Well, J.F. (2006) Guidelines for Responsible Data Management in Scientific Research. Clinical Tools, Incorporated, Chapel Hill.</mixed-citation></ref><ref id="scirp.96069-ref69"><label>69</label><mixed-citation publication-type="book" xlink:type="simple">Gall, M., Gall, J. and Borg, W. (2007) Nonexperimental Research: Descriptive and Causal-Comparative Designs. In: Gall, M.D., Gall, J.P. and Borg, W.R., Eds., Educational Research: An Introduction, Pearson/Allyn &amp; Bacon, Boston, 298-330.</mixed-citation></ref><ref id="scirp.96069-ref70"><label>70</label><mixed-citation publication-type="other" xlink:type="simple">Bless, C., Higson-Smith, C. and Kagee, A. (2006) Fundamentals of Social Research Methods: An African Perspective. Juta and Company Ltd., Cape Town.</mixed-citation></ref><ref id="scirp.96069-ref71"><label>71</label><mixed-citation publication-type="other" xlink:type="simple">Belli, G. (2008) Nonexperimental Quantitative Research. Lapan, 1, 59.</mixed-citation></ref><ref id="scirp.96069-ref72"><label>72</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Newson</surname><given-names> R. </given-names></name>,<etal>et al</etal>. (<year>2001</year>)<article-title>Somersd-Confidence Intervals for Nonparametric Statistics and Their Differences</article-title><source> Stata Technical Bulletin</source><volume> 10</volume>,<fpage> 47</fpage>-<lpage>55</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.96069-ref73"><label>73</label><mixed-citation publication-type="other" xlink:type="simple">Faul, F., Erdfelder, E., Lang, A.-G. and Buchner, A. (2007) G* Power 3: A Flexible Statistical Power Analysis Program for the Social, Behavioral, and Biomedical Sciences. Behavior Research Methods, 39, 175-191. https://doi.org/10.3758/BF03193146</mixed-citation></ref><ref id="scirp.96069-ref74"><label>74</label><mixed-citation publication-type="other" xlink:type="simple">Field, A. (2009) Discovering Statistics Using SPSS. Sage Publications, Thousand Oaks.</mixed-citation></ref><ref id="scirp.96069-ref75"><label>75</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Matkar</surname><given-names> A. </given-names></name>,<etal>et al</etal>. (<year>2012</year>)<article-title>Cronbach’s Alpha Reliability Coefficient for Standard of Customer Services in Maharashtra State Cooperative Bank</article-title><source> IUP Journal of Bank Management</source><volume> 11</volume>,<fpage> 89</fpage>-<lpage>95</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.96069-ref76"><label>76</label><mixed-citation publication-type="other" xlink:type="simple">Tavakol, M. and Dennick, R. (2011) Making Sense of Cronbach’s Alpha. International Journal of Medical Education, 2, 53. https://doi.org/10.5116/ijme.4dfb.8dfd</mixed-citation></ref><ref id="scirp.96069-ref77"><label>77</label><mixed-citation publication-type="other" xlink:type="simple">Hair, J.F., Anderson, R.E., Black, W.C., Tatham, R.L. and Babin, B.J. (2006) Multivariatedata Analysis (Vol. 6). Pearson Prentice Hall, Upper Saddle River.</mixed-citation></ref><ref id="scirp.96069-ref78"><label>78</label><mixed-citation publication-type="other" xlink:type="simple">Nunnally, J.C. (1978) Psychometric Theory. 2nd Edition, McGraw-Hill, New York.</mixed-citation></ref><ref id="scirp.96069-ref79"><label>79</label><mixed-citation publication-type="other" xlink:type="simple">George, D. and Mallery, P. (2003) SPSS for Windows Step by Step: A Simple Guide and Reference. 11.0 Update, 4th Edition, Allyn &amp; Bacon, Boston.</mixed-citation></ref><ref id="scirp.96069-ref80"><label>80</label><mixed-citation publication-type="other" xlink:type="simple">Gliem, J.A. and Gliem, R.R. (2003) Calculating, Interpreting, and Reporting Cronbach’s Alpha Reliability Coefficient for Likert-Type Scales.</mixed-citation></ref><ref id="scirp.96069-ref81"><label>81</label><mixed-citation publication-type="journal" xlink:type="simple"><name name-style="western"><surname>Santos</surname><given-names> J.R.A. </given-names></name>,<etal>et al</etal>. (<year>1999</year>)<article-title>Cronbach’s Alpha: A Tool for Assessing the Reliability of Scales</article-title><source> Journal of Extension</source><volume> 37</volume>,<fpage> 1</fpage>-<lpage>5</lpage>.<pub-id pub-id-type="doi"></pub-id></mixed-citation></ref><ref id="scirp.96069-ref82"><label>82</label><mixed-citation publication-type="other" xlink:type="simple">Young, D.K., Carpenter, D. and McLeod, A. (2016) Malware Avoidance Motivations and Behaviors: A Technology Threat Avoidance Replication. AIS Transactions on Replication Research, 2, 1-17. https://doi.org/10.17705/1atrr.00015</mixed-citation></ref><ref id="scirp.96069-ref83"><label>83</label><mixed-citation publication-type="other" xlink:type="simple">Fornell, C. and Larcker, D.F. (1981) Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, 18, 39-50. https://doi.org/10.1177/002224378101800104</mixed-citation></ref><ref id="scirp.96069-ref84"><label>84</label><mixed-citation publication-type="other" xlink:type="simple">Dodel, M. and Mesch, G. (2017) Cyber-Victimization Preventive Behavior: A Health Belief Model Approach. Computers in Human Behavior, 68, 359-367. https://doi.org/10.1016/j.chb.2016.11.044</mixed-citation></ref><ref id="scirp.96069-ref85"><label>85</label><mixed-citation publication-type="other" xlink:type="simple">Ifinedo, P. (2012) Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers &amp; Security, 31, 83-95. https://doi.org/10.1016/j.cose.2011.10.007</mixed-citation></ref></ref-list></back></article>