COMPREHENSIVE REVIEW OF DEMOGRAPHIC, PHYCHOLOGICAL AND TECHNICAL FACTORS SHAPING INFORMATION SECURITY BEHAVIOUR IN CYBERSPACE

Authors

  • SHUTING HUANG College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UITM), Selangor, Malaysia.
  • LATIF RAHMAN College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UITM) Kedah Branch, Kedah, Malaysia.
  • HASLINDA HUSAINI College of Computing, Informatics and Mathematics, Universiti Teknologi MARA (UITM), Selangor, Malaysia.

DOI:

https://doi.org/10.55197/qjssh.v6i6.923

Keywords:

information security behavior, cybersecurity awareness, demographic and psychological factors, technical proficiency in security, AI-driven literature analysis

Abstract

In this age of cyberspace, the heightened level of cyber threats sophistication and complexity has made information security an issue of paramount concern. Despite the significant advancement in security technology, human factors are the weakest link in cybersecurity. Human security behavior is influenced by various distinct determinants, but existing research is still dispersed, tending to examine demographic, psychological, and technical factors individually rather than in an integrated framework. This paper reviews the interaction of these factors with individual information security behavior. Most importantly, it reviews how demographic (age, gender, education) influences security awareness and compliance, psychological factors (personality, mental health, cognitive skills) affect security decision-making, and technical expertise promotes or inhibits secure practice. The review employs a Scopus artificial intelligence-based literature mining technique for identifying past research and provides data-driven summary of such relationships. Exploration result state that demographic factors have impacts on security behavior. The youth generation, while being technically capable, is more apt to risk behaviors, whereas the elderly act with more caution with lower technical capabilities. Gender differences are also present with women demonstrating less confidence in security technical tasks. Higher education is linked with improved security practices. Conscientiousness and emotional stability are positively related to security policy adherence, while impulsiveness and neuroticism lead to security violations. Additionally, while technical proficiency enhances security behavior, overconfidence in proficiency can lead to complacency.

References

[1] Abdalla, M., Jarrah, M., Abu-Khadrah, A., bin Arshad, Y. (2021): Factors influencing the adoption of cyber security standards among public listed companies in Malaysia. – International Journal of Advanced Computer Science and Applications 12(11): 804-810.

[2] Alam, S.S., Ahsan, N., Kokash, H.A., Alam, S., Ahmed, S. (2025): A students’ behaviors in information security: Extension of Protection Motivation Theory (PMT). – Information Security Journal: A Global Perspective 34(3): 191-213.

[3] Al-Hamad, E.A., Alshakhsi, S., Babiker, A., Erbad, A., Ali, R. (2024): The Impact of Personality Traits and Need for Cognition on Cybersecurity Behavior: A Study Across Arab and European Samples. – In International Conference on Web Information Systems Engineering, Singapore: Springer Nature Singapore 13p.

[4] Alohali, M., Clarke, N., Li, F., Furnell, S. (2018): Identifying and predicting the factors affecting end-users’ risk-taking behavior. – Information & Computer Security 26(3): 306-326.

[5] Berthevas, J.F. (2021): How protection motivation and social bond factors influence information security behavior. – Systèmes D'information & Management 26(2): 77-115.

[6] Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A. (2018): Correlating human traits and cyber security behavior intentions. – Computers & Security 73: 345-358.

[7] Bu, F., Wang, N., Jiang, B., Jiang, Q. (2021): Motivating information system engineers’ acceptance of Privacy by Design in China: An extended UTAUT model. – International Journal of Information Management 60: 18p.

[8] Bu, F., Wang, N., Jiang, B., Liang, H. (2020): “Privacy by Design” implementation: Information system engineers’ perspective. – International Journal of Information Management 53: 16p.

[9] Candiwan, S., Sudirman, B.P., Sari, P.K. (2023): Differences in information security behavior of smartphone users in Indonesia using Pearson’s Chi-square and post hoc test. – International Journal on Advanced Science, Engineering and Information Technology 13(2): 703-717.

[10] Cavoukian, A. (2012): Privacy by design: leadership, methods, and results. – In European Data Protection: Coming of Age, Dordrecht: Springer Netherlands 27p.

[11] Chongrui, L., Yan, L., Cong, W., Hongjie, W. (2021): Exploring the impact of information security climate and information security training on cybersecurity behavior: Based on protection motivation theory. – In 2021 6th International Symposium on Computer and Information Processing Technology (ISCIPT), IEEE 4p.

[12] Dontamsetti, M., Narayanan, A. (2009): Impact of the human element on information security. In Social and Human Elements of Information Security: Emerging Trends and Countermeasures, IGI Global Scientific Publishing 15p.

[13] Farooq, A., Isoaho, J., Virtanen, S., Isoaho, J. (2015): Information security awareness in educational institution: An analysis of students' individual factors. – In 2015 IEEE 1: 352-359.

[14] Flores, W.R., Ekstedt, M. (2015): Exploring the Link Between Behavioural Information Security Governance and Employee Information Security Awareness. – In HAISA 12p.

[15] Haeussinger, F.J., Kranz, J.J. (2013): Information security awareness: Its antecedents and mediating effects on security compliant behavior. – International Conference on Information Systems (ICIS 2013): Reshaping Society Through Information Systems Design 3: 2222-2237.

[16] Hassanzadeh, M., Jahangiri, N., Brewster, B. (2014): A conceptual framework for information security awareness, assessment, and training. – In Emerging Trends in ICT Security, Morgan Kaufmann 12p.

[17] He, W., Zhang, Z. (2019): Enterprise cybersecurity training and awareness programs: Recommendations for success. – Journal of Organizational Computing and Electronic Commerce 29(4): 249-257.

[18] Kießling, S., Hanka, T., Merli, D. (2021): Salt&Pepper: spice up security behavior with cognitive triggers. – In Proceedings of the 2021 European Interdisciplinary Cybersecurity Conference 6p.

[19] Kruger, H.A., Drevin, L., Flowerday, S., Steyn, T. (2011): An assessment of the role of cultural factors in information security awareness. – In 2011 Information Security for South Africa, IEEE 7p.

[20] Latih, R., Zin, A.M. (2024): Cybersecurity Behavior in the West Sumatra Universities. – JOIV: International Journal on Informatics Visualization 8(3-2): 1976-1986.

[21] Mabece, T., Futcher, L., Thomson, K.L. (2017): South African Computing Educators’ Perspectives on Information Security Behaviour. – In IFIP World Conference on Information Security Education, Cham: Springer International Publishing 11p.

[22] McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M. (2017): Individual differences and information security awareness. – Computers in Human Behavior 69: 151-156.

[23] McGill, T., Thompson, N. (2021): Exploring potential gender differences in information security and privacy. – Information & Computer Security 29(5): 850-865.

[24] Park, M., Chai, S. (2020): Comparing the effects of two methods of education (online versus offline) and gender on information security behaviors. – Asia Pacific Journal of Information Systems 30(2): 308-327.

[25] Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C. (2014): Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). – Computers & Security 42: 165-176.

[26] Pattinson, M., Jerram, C., Parsons, K., McCormac, A., Butavicius, M. (2015): Why do some people manage phishing e-mails better than others? – Information Management & Computer Security 23(4): 318-337.

[27] Pattinson, M.R., Anderson, G. (2007): How well are information risks being communicated to your computer end‐users? – Information Management & Computer Security 15(5): 362-371.

[28] Stewart, G., Lacey, D. (2012): Death by a thousand facts: Criticising the technocratic approach to information security awareness. – Information Management & Computer Security 20(1): 29-38.

[29] Tanrıverdi, N., Metin, B. (2017): Evaluation of IT security perception. – In Twenty-third Americas Conference on Information Systems 3p.

[30] Uffen, J., Guhr, N., Breitner, M.H. (2012): Personality traits and information security management: An empirical study of information security executives. – Business & Information Systems Engineering 57(6): 401-413.

[31] Vedadi, A., Warkentin, M. (2018): Secure behavior over time: Perspectives from the Theory of Process Memory. – ACM SIGMIS Database: the DATABASE for Advances in Information Systems 49(SI): 39-48.

Downloads

Published

2025-12-30

Issue

Vol. 6 No. 6 (2025): QJSSH

Section

Articles

License

Copyright (c) 2025 SHUTING HUANG, LATIF RAHMAN, HASLINDA HUSAINI

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

COMPREHENSIVE REVIEW OF DEMOGRAPHIC, PHYCHOLOGICAL AND TECHNICAL FACTORS SHAPING INFORMATION SECURITY BEHAVIOUR IN CYBERSPACE. (2025). Quantum Journal of Social Sciences and Humanities, 6(6), 136-154. https://doi.org/10.55197/qjssh.v6i6.923