DOI: 10.7717/peerj-cs.3910 ISSN: 2376-5992

Influence of the fear of cyberattack and privacy concerns on cybersecurity behavior: an analysis using cIPMA

Felipe A. Lopez, Pedro R. Palos-Sanchez, Pedro Brazo, Jose Antonio Molina-Toucedo

This article examines the impact of fear of cyberattacks and privacy concerns on cybersecurity behavior among university students in Mexico City (predominantly Generation Z). It investigates whether these components are necessary conditions for the adoption of cybersecurity practices beyond mere intentions. A combined importance-performance map analysis (cIPMA) is used to assess the relationships between fear of cyberattacks, privacy concerns, and the use of cybersecurity practices, based on protection motivation theory. Protection Motivation Theory (PMT) is used to conceptualize fear of cyberattacks and privacy concerns, and the Unified Theory of Acceptance and Use of Technology (UTAUT) is used to model the intention–behavior link; together, these frameworks support the combined importance–performance map analysis (cIPMA) examining associations among privacy concerns, fear of cyberattacks, behavioral intention, and usage behavior. Data for this analysis was obtained from 340 completed surveys. After data selection, nine outliers were removed from the data for the sensitivity of necessary condition analysis to outliers (final analytic sample size n = 331). Namely, the measure consisted of 17 Likert-type (five-point) scale responses on the fear of cyberattacks, privacy concerns, intention to use cybersecurity behavior, reported behavioral engagement with respect to the usage of cybersecurity practices (self-reported), and direct and indirect victimization (fraud, data breach). A distinction is made between users who have been directly and indirectly victimized by fraud or data breaches. The findings reveal a ‘cybersecurity paradox’ in which fear and privacy concerns increase intentions to protect oneself but are not translated into concrete actions. Although intention is an important predictor, prior experience has a strong relevance in cybersecurity behavior. The findings highlight that cybersecurity is not simply a technical practice but an ongoing process that responds to the user experience. The findings indicate that awareness programs should be customized to align with users’ prior experiences, particularly through hands-on simulations, to address risks in a controlled environment. The study emphasizes the importance of incorporating personal experiences into the design of cybersecurity awareness programs and advocates for public dialogue about the risks and prevention of cyberattacks.

More from our Archive