Confident yet Concerned: Inconsistencies in Computing Students' Attitudes on Cybersecurity

📅 2026-06-16
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study investigates the inconsistencies among cybersecurity knowledge, attitudes, and practices among computing students, with a particular focus on their contradictory behaviors in responding to deceptive communications such as phishing. Employing a mixed-methods approach that integrates thematic analysis of open-ended survey responses, quantitative questionnaires, cluster analysis, and correlation statistics, the research identifies four key dimensions of attitudinal tension and delineates two distinct attitudinal profiles. Findings reveal that although students possess basic security awareness, they commonly hold misconceptions, rely heavily on informal learning, perceive inadequate institutional support, and simultaneously experience confidence and anxiety regarding cybersecurity. Self-efficacy emerges as a significant predictor of attitudinal group membership, and objective knowledge is positively associated with preparedness. These insights elucidate the underlying mechanisms of the cognition–behavior gap in cybersecurity education and provide a theoretical foundation for targeted interventions.
📝 Abstract
Today's young adults are most immersed in technology, leading in feelings of powerlessness in managing online privacy across many platforms, and particularly susceptible to phishing attacks. This raises questions about their general, wide-ranging attitudes towards and management of cybersecurity. How do young, tech-savvy adults approach cybersecurity? We seek a better understanding of their cybersecurity knowledge, attitudes and experiences, in particular in addressing deceptive online communications. We surveyed a group of `lead users': computing university students (n = 236). By combining thematic analysis of open-ended responses with quantitative data, we provide insights into their experiences and perceptions. While students demonstrate reasonable cybersecurity awareness, their cybersecurity experiences vary, and inconsistencies exist around their practices, perceptions of responsibility, and support structures. Findings also reveal four key thematic tensions: 1) Computing students are knowledgeable yet have persistent incorrect beliefs, 2) They learn more about keeping safe from sources outside the classroom, 3) They have limited assistance and have fallen victim to cybercrime, and 4) Many are confident, yet others are concerned about their own safety and responsibility. Through cluster analysis of attitudes, we identify two groups, with one feeling less prepared, less confident, yet expressing a desire to learn more. Established measures of intentions and objective knowledge were correlated to preparedness. Self-efficacy correlated to confidence and predicted cluster membership.
Problem

Research questions and friction points this paper is trying to address.

cybersecurity attitudes
young adults
phishing attacks
self-efficacy
online privacy
Innovation

Methods, ideas, or system contributions that make the work stand out.

mixed-methods
cybersecurity attitudes
cluster analysis
self-efficacy
phishing vulnerability
V
Victor Adama
University of Auckland
Robert Biddle
Robert Biddle
Professor of Computer Science and Cognitive Science, Carleton University
Usable SecuritySoftware Design
N
Nalin Arachchilage
The Royal Melbourne Institute of Technology
D
Danielle Lottridge
University of Auckland