Exploring Age and Gender Differences in ICT Cybersecurity Behaviour

Branley-Bell, Dawn; Coventry, Lynne; Dixon, Matt; Joinson, Adam; Briggs, Pam

doi:https://doi.org/10.1155/2022/2693080

Human Behavior and Emerging Technologies

On this page

Abstract Introduction Materials and Methods Results Discussion Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 2693080 | https://doi.org/10.1155/2022/2693080

Exploring Age and Gender Differences in ICT Cybersecurity Behaviour

Dawn Branley-Bell,¹Lynne Coventry,¹Matt Dixon,¹Adam Joinson,²and Pam Briggs¹

Academic Editor: Zheng Yan

Received28 Feb 2022

Revised07 Jun 2022

Accepted29 Sept 2022

Published21 Oct 2022

Abstract

Known age differences exist in relation to information and communication technology (ICT) use, attitudes, access, and literacy. Less is known about age differences in relation to cybersecurity risks and associated cybersecurity behaviours. Using an online survey, this study analyses data from 579 participants to investigate age differences across four key cybersecurity behaviours: device securement, password generation, proactive checking, and software updating. Significant age differences were found; however, this is not a straightforward relationship. Older users appear less likely to secure their devices compared to younger users; however, the reverse was found for the other behaviours, with older users appearing more likely to generate secure passwords and show proactive risk awareness and regularly install updates. Gender was not a significant predictor of security behaviour (although males scored higher for self-reported computer self-efficacy and general resilience). Self-efficacy was identified as a mediator between age and three of the cybersecurity behaviours (password generation, proactive checking, and updating). General resilience was also a significant mediator for device securement, password generation, and updating; however, resilience acted as a moderator for proactive checking. Implications of these findings are twofold: firstly, helping to guide the development of training and interventions tailored to different cybersecurity behaviours and secondly informing cybersecurity policy development.

1. Introduction

More people are using digital technology than ever before; however, “digital divides” remain prevalent across user groups [1–3]. Demographic factors such as age and gender have often been cited as moderators of these digital divides. Younger age ranges have traditionally been the earliest adopters of ICT; however, these age groups are reaching saturation (99% of young adults now use the Internet in the UK [4]). Consequently, older adults are now the fastest growing group of adopters [4–6]. Despite many older adults being keen to adopt technology [7], a negative narrative prevails [8]. For example, research suggests that this user group may still lack confidence in their ability (or self-efficacy) to use their devices [9–11] and may show deficits in ICT skills and literacy [2, 12, 13], something often referred to as the “second level” of the digital divide (where access to information and communication technology [ICT] forms the first level [1]). However, some researchers have argued that rather than there being an age-related skill gap, older adults may simply underestimate their actual capabilities and knowledge [14]. In their review of this issue, Hunsaker and Hargittai [2] note a methodological issue with researching older adults, pointing out that studies differ in how they group age categories, the categories included, and the age that is used to signal the start of older adulthood. They called for further work to identify whether age disparities are continuing.

For all users, the cost of embracing digital connectivity is a growing cybersecurity risk. As older adults now spend longer online, they in turn have become the latest target population for cyberattacks, with £4m lost by older adults in the UK between 2018 and 2019 [15]. However, research into age-related differences in cybersecurity posture and attitude is scarce [11, 16], which means it is difficult to identify and mitigate age-specific issues.

The risks that individual users are susceptible to may vary with age, but this is by no means conclusive. For example, whilst [17] suggests that younger users are more vulnerable to phishing attacks, Grilli et al. [18] found that older adults were worse at discriminating between genuine and phishing emails based on perceived suspiciousness. Sarno et al. [19] found no age differences in the ability to classify emails as phishing or not. Oliveira et al. [20] discovered that older and younger adults fall for different persuasion triggers, with older women being the most vulnerable group. Other research suggests that younger adults display fewer privacy and security concerns compared to older users (the latter potentially due to high levels of social media use and the associated sharing of personal data [21, 22]). Note, however, that this may not be a simple linear relationship, given a study by Little et al., who found a more complex U-shaped trend with younger and older Internet users appearing less protective of their privacy than their middle-aged counterparts [23].

Older adults show a reluctance to fully engage with cybersecurity behaviours, citing reasons including low self-efficacy and a lack of awareness [11]. They are also less likely to adopt security measures to protect against unauthorised access to their devices, e.g., personal identification number (PIN) or biometric protections [24]. Taken as a whole, the current research suggests that cybersecurity concerns may be more complicated than simply identifying a single age range as vulnerable or “at risk.” It is important that we understand how adults of different ages engage with different security behaviours to protect themselves online. This study addresses this gap in the literature and concentrates on four key cybersecurity-related behaviours: device securement (e.g., locking their device screen when not in use), secure password generation, proactive checking (checking legitimacy and security indicators such as uniform resource locator (URLs) and senders before clicking), and regular software updating.

Using data from across the adult lifespan (18-82 yrs), the current study addresses some of the limitations of previous research, where quite limited age ranges have been investigated (often due to practical difficulties in data collection [25]). For example, Ayyagari and Crowell [26] recently investigated differences between three age groups in relation to cybersecurity behaviours; however, they were restricted to a university sample, and their eldest group constituted anyone over 35 years. In addition to assessing reported behaviours, we also expand the current literature by exploring the role of computer self-efficacy, as this has been shown to influence ICT behaviour [27, 28]. Psychological resilience has also been linked to risky behaviour. Specifically, resilience has been linked to both risk seeking and risk adverse behaviours, depending upon the study and/or context [29, 30]. We therefore include a general resilience measure as a variable within our study.

This study also investigates gender differences as existing research in this area is inconclusive. Traditionally, research has suggested that females score lower for computer self-efficacy than males [20, 21] although more recently [22] suggest that this gender difference may be diminishing. It is important to note that self-efficacy relates to the individuals’ own beliefs about how they can perform [23]. As such, it is not possible to determine whether any gender differences reflect differences in actual ability and/or differences in self-perception [24]. Computer self-efficacy can also be context dependent, with several studies showing that gender differences may differ depending on the context (e.g., ICT for educational versus general use [25]) or the specific task (e.g., Internet tasks versus high level software-related tasks [31]). Interestingly, some studies looking specifically at cybersecurity behaviours report that females tend to show greater online privacy concerns [27] and greater security policy compliance [28]. Whilst other studies show no gender differences, for example, Vance et al. [32] found no gender differences for intention to comply with security policies, and others suggest that females are likely to act less securely [33]. In their review of older adult research, Hunsaker and Hargittai [2] also described the existing literature as inconclusive. We address this need for increased understanding by including gender analyses in the current study.

In summary, our study tests for age and gender differences in cybersecurity behaviour across the adult lifespan, after controlling for computer self-efficacy and general resilience. The results have implications for identifying priority areas for future targeted training and development interventions.

2. Materials and Methods

Full ethical approval was granted from the School of Health and Life Sciences ethics committee at Northumbria University (#23761). An online survey was distributed by online recruitment platform “Prolific.ac.” Prolific is a paid service that distributes online questionnaires to their userbase of participants. The initial sample of 607 responses was cleaned and 28 responses removed due to failing the “attention check” question. The final sample consists of data from 579 participants, aged 18-82 years ( yrs, yrs). Further demographics are shown in Table 1.

In addition to the demographic questions, participants were asked to complete a series of scale items to measure their cybersecurity behaviour, their computer self-efficacy, and their general resilience. Cybersecurity-related behaviour was measured using the Security Behaviour Intentions Scale (SeBIS) [34]. SeBIS is a 16-item scale consisting of four subscales that measure attitudes towards device securement, password generation, proactive checking, and software updating. The scale showed acceptable reliability in our study with Cronbach’s alpha (α) ranging from .64 to .75 for the four subscales (see Table 2). The computer self-efficacy scale [35] was used to measure users’ beliefs about their ICT capabilities. The scale showed excellent reliability (). General resilience was measured using the Brief Resilience Scale [36] ().

Construct and discriminant validity was checked to ensure that each scale was measuring what it is intended to measure, and that the scales were loading onto different components. Convergent validity for both scales is excellent (computer self-efficacy scale: and ; and ). Heterotrait-monotrait ratio of correlations (HTMT) was used to test discriminant validity. A HTMT ratio of 0.25 indicated excellent discriminant validity [37].

3. Results

Data was analysed using IBM SPSS Statistics (version 27). Missing data accounted for less than 0.3% of the items. Little’s MCAR test was nonsignificant (, ) indicating that the data was missing completely at random; therefore, estimated maximum likelihood was used to compute the missing data. Due to insufficient sample size (), the other gender category was excluded from the analyses.

Data was checked to ensure it met the assumptions of normality, independence, and homoscedasticity. All values were checked to ensure that they were within the excepted ranges given the measurement scales used. There was no sign of multicollinearity between the predictor variables (all , see Table 3; VIF ); scatterplots indicated a linear relationship between the IVs and DVs, and plotting the standardised residuals and predicted values indicated adequate homoscedasticity. All dependent variables appeared normally distributed on the Q-Q plots (and skew and kurtosis ), except for device securement. The latter indicated negative skew (more scores towards the top of the scale) although this was still within the acceptable threshold of +/-2 [38]. Device securement also showed a kurtosis value of 2.28. Therefore, as the normality assumption was violated for device securement, all analyses using this variable were conducted using the bootstrapping method (with bias-corrected and accelerated confidence intervals, ) to ensure robustness.

Bivariate correlations are shown for each of the variables (Table 3). There is no significant correlation between age and gender. None of the correlations raise concerns around multicollinearity.

3.1. Gender Differences in Perceived Computer Self-Efficacy and General Resilience

Independent samples -tests showed a significant difference between the genders, with males (, ) scoring significantly higher than females for perceived computer self-efficacy (, , , ). t-tests also show a significant difference between the genders for general resilience, with males (, ) scoring significantly higher than females (, , , .

3.2. Predictors of Cybersecurity Behaviours

The data were analysed using a series of hierarchical regressions to test the predictors (age, gender, computer self-efficacy, and general resilience) of cybersecurity behaviour. As aforementioned, the device securement regression was conducted using the bootstrapping method due to violating the assumptions of homoscedasticity; therefore, confidence intervals are reported for this regression.

All four models were significant (Table 2): device securement (bootstrap , , BCa CI (.03 - .08), password generation (, , ), proactive checking (, , ), and updating (, , ).

Investigating the individual predictors revealed that age was a significant predictor for all four cybersecurity behaviours (Table 2). Age was a negative predictor of device securement, but a positive predictor for the other behaviours (password generation, proactive checking, and updating). Gender was not a significant predictor for any of the behaviours.

The standardised coefficients show the strongest predictors. For three of the four behaviours (password generation, proactive checking, and updating), computer self-efficacy was the strongest predictor, followed by age and then general resilience. All of which were positive predictors.

Device securement differed from the other behaviours. The strongest predictor variable, age, acted as a negative predictor of this behaviour. General resilience was the only other significant predictor, acting as a positive predictor of secure behaviour.

3.3. Mediation Analysis

The relationship between age and perceived computer self-efficacy and resilience was investigated further with parallel mediation analysis using the PROCESS macro for SPSS, model 4 (Hayes, 2013, Figure 1).

To aid interpretation of the results, all variables that defined products were mean centered during the PROCESS mediation analysis. The results are shown in Table 4.

The indirect effect of age on cybersecurity behaviour, via self-efficacy (mediator 1), was significant for three of the four behaviours: password generation, proactive checking, and updating. Self-efficacy was not a significant mediator for device securement.

The indirect effect of age on cybersecurity behaviour, via resilience (mediator 2), was significant for three of the four behaviours: device securement, password generation, and updating. The effect of resilience on the remaining cybersecurity behaviour, proactive checking, was investigated using PROCESS model 5. The results indicate that for this behaviour, resilience acts as a moderator rather than a mediator. The tested model is shown in Figure 2.

Plotting the estimates shows that the moderation effect of resilience on proactive checking for low (-1SD), mean, and high (+1SD) age (Figure 3). The effect of age on proactive checking is strongest for the high resilience users.

4. Discussion

This study expands upon the current literature by investigating age and gender differences in relation to different cybersecurity behaviours. Our results show that rather than older adults being universally more at risk than others, age differences vary according to the specific security behaviour in question. Therefore, rather than focusing on first level digital divides (i.e., ICT access and adoption), our findings highlight the importance of investigating ICT behaviour on a more granular level, i.e., investigating specific types of behaviour and/or activities (something also identified by [19]). Whilst younger users appear more likely to secure access to their devices than the older age groups, they also appear less likely to generate secure passwords and/or update their device and show less proactive URL/email checking behaviours. Our result regarding proactive checking provides a reason younger users may be more susceptible to phishing [17] and older adults to be less likely to adopt security measures to secure physical use of their devices [24]. Similarly, a recent study [39] found that—in direct contrast to their original hypothesis—older users are less likely to share their passwords. Our study helps to strengthen the emerging positive discourse that older users are security conscious, challenging dated stereotypes that this age group is not tech savvy [14]. Many older adults actually display high levels of awareness and ability in regard to cybersecurity [39–41].

It can appear contradictory that older users on the one hand are security conscious and generate more secure passwords but are also less likely to secure access to their devices, e.g., failing to lock their screen when the device is not in use. On further consideration, this may be due to differences in the context of use and associated perceived risks. Existing literature suggests that this age group focuses heavily upon the privacy and security of the data they enter online [42]—which is in keeping with our results which show they are more likely to generate strong passwords, update devices, and show proactive checking for risk. In comparison, it is possible that they are not as aware or not as cautious of “offline risks” around the security of their physical device, such as it being stolen or used maliciously. For instance, if their main point of access is a home computer, they may feel that the device is already secure within the home and that there is little risk of other people accessing it [11]. Interventions to increase the salience and importance of physical device securement may be beneficial for this age group. Based on the existing literature, the most favoured and/or effective intervention approaches for older adults may be those involving in-person support and/or promoting these security behaviours through social connections, peer support, and family members [3, 41–43]. However, it is also important to note that a lack of device securement may be an active choice on behalf of some users and may not represent a lack of awareness. For example, it is possible that older adults knowingly allow others to access their devices; for example, research suggests that older adults may be more likely to ask trusted others to complete ICT tasks on their behalf [11, 44]. There may also be barriers due to problems with biometric security; for example, Morrison et al. identified that fingerprint readers can be problematic for older users [11].

Similarly, if younger users are the earliest and most intensive users of ICT and they are more likely to secure access to their devices, why is it that they appear to be less likely to generate secure passwords, demonstrate proactive checking for risk, or update their devices? Some of these findings could potentially be explained through differences in usage and/or device type. For example, in relation to secure passwords—it could be that younger users are relying more heavily upon automatic password generators [11, 45] and/or biometrics (e.g., face ID and fingerprints), therefore removing much of the emphasis on personally generating a secure password. In relation to proactive checking for risk, frequent ICT usage and over familiarisation with the sharing of personal data can lead to overconfidence, complacency, and/or security fatigue [46–49]—factors which have been linked to cybersecurity vulnerability [50]. It is also possible that the salience of a possible attack may be reduced in the younger age groups due to a lack of learned experience (i.e., not having personally suffered an attack or heard of friends or family being affected; something supported by the existing literature [51]). Regarding younger users reporting being less likely to update their devices, many devices now automatically install software updates as they become available. Trust in automation could lead to users feeling less responsibility and reduce the requirement to check whether their devices are up to date. However, it is important to note that the relationship between age and such trust is complex and reliant on many factors [52–55]. Whilst some literature suggests that older users may be more likely to trust automation [56, 57], age differences are likely to differ across situations and contexts [52, 53]. More work would be required in this area to find the root cause. Our mediation results also suggest that self-efficacy is a significant mediator of age and security behaviour, therefore suggesting that, at least to some extent (and again potentially related to a reliance upon automation), younger users may demonstrate reduced self-efficacy compared to older users. Further qualitative and quantitative research is necessary to identify the factors underlying the age differences and the role of efficacy identified in this study. These insights can help to guide the design of future interventions to promote more secure behaviour.

It is not unexpected that computer self-efficacy would positively predict some cybersecurity behaviour given that it relates to the individual’s confidence in their IT capabilities (a similar result was found by Mitzer et al. [58]) and therefore their ability to act securely. It is perhaps more surprising that general resilience was a significant positive predictor across all four behaviours. It could have been expected that resilience would act as a negative predictor due to being associated with self-confidence in “bouncing back” if anything bad happens and therefore perhaps less incentive to avoid risks. However, the literature shows that the relationship between resilience and risk is not this simple. It has been suggested that resilience negatively predicts negative health behaviours (e.g., smoking, heavy drinking, and drug use) and positively predicts protective health and safety promotion behaviours (e.g., wearing a seatbelt, eating a healthy diet, exercising, and crossing the street safely) [29]. This resonates with our results as the behaviours we were predicting were safety promoting. Our findings indicate that the general resilience acts as a mediator for three of the four behaviours (device securement, password generation, and updating) and as a moderator for the remaining behaviour, proactive checking for risk. The greatest effect of age on proactive checking was found for those users who scored high for general resilience. One potential explanation is that younger users’ perceptions of resilience may be based more on optimism bias (i.e., feeling resilient but not being proactive to protect against risk), whereas older users’ resilience may be based more upon learned experience (and therefore their learned abilities to act proactively to protect against risk in the future). Future research may wish to further investigate the role of resilience in relation to online behaviour.

Interestingly, we found no evidence of gender differences in relation to any of the cybersecurity behaviours. There was a gender difference for computer self-efficacy scores, with males scoring significantly higher than females. This is not unexpected as this trend has traditionally been reported in the previous literature [59]. As self-efficacy can be context specific [31], it is also possible that the computer self-efficacy scale [35] measures self-efficacy in relation to tasks that males generally feel more confident with. Furthermore—and as noted earlier—self-efficacy relates to an individual’s own beliefs about their ability and does not necessarily reflect actual differences in ability or performance [60]. Even so, it is worth noting that our findings are contrary to research suggesting that gender differences in perceptions of computer self-efficacy may have abated in recent years [61]. We also found that males scored significantly higher on general resilience; this is a trend that has been observed in the existing literature [62]. Previous research [63] has attributed higher male resilience scores to differences in self-perception and cultural constructions of “masculinity.”

We recognise the limitations within the current study and make recommendations for future research. Firstly, whilst we included a broad range of ages, most of our participants were below 45 years of age. Future research should seek to follow the recommendations of Hunsaker and Hargittai [2], who call for research to include more subcategories of older adults (see, for example, [64] who use the categories 55-64 yrs, 65-79 yrs, and 80-97 yrs). With more granular analysis of older age groups, it is possible that further group disparities and more complex relationships could emerge (such as U-shaped trends similar to those found by [23]). Findings by [51] suggest that individuals over 59 years of age may be most vulnerable to phishing; again, this may be indicative of a U-shaped relationship. Secondly, we recognise that this study relies upon self-reported data, and we suggest that future research utilises experimental and/or observational methods. Thirdly, our participants were recruited via an online recruitment platform; therefore, they may be more tech-savvy than the general population (similar to that found for mTurk users, e.g., [17]). It should be recognised that they may not be representative of the larger population of ICT users.

5. Conclusions and Contributions to the Field

In this paper, we identify behaviour-specific age differences in cybersecurity, highlighting the need for a granular, context-specific approach to identify age-related differences in cybersecurity behaviours, and advise against labelling a particular age group as universally more at risk. Within our sample, older users were more likely to report generating secure passwords, updating their devices, and demonstrating proactive checking for risk. In comparison, they were less likely to secure their device to prevent unauthorised access (e.g., by locking the screen); the relationship between age and security behaviour was mediated by computer efficacy for three of the four behaviours, with the exception being device securement. This indicates that a lack of device securement by older users is due to other reasons; this could include low perceived risk of physical access to devices by malicious parties and/or an active choice to allow access by others such as family members. General resilience was also a mediator for three of the four behaviours and a moderator for the remaining behaviour (proactive checking for risk). The relationship between age and proactive checking was strongest for those users scoring high for resilience. We suggest that this may represent a move from optimism bias in younger users to learned experience (and therefore learned protective mechanisms) in older users. This supports research by [60] which found that younger users were less familiar with cyberthreats and [51] demonstrating that learned experience appears to be the strongest predictor of secure behaviour in relation to phishing.

We present multiple recommendations for future research to further explore the impact of age, self-efficacy, and resilience on cybersecurity behaviour. Despite gender differences in self-perceived computer self-efficacy (similar to [60]) and general resilience, no gender differences were found for the cybersecurity behaviours, suggesting that gender does not play a role in cybersecurity behaviour intentions. This partially supports findings by [51] who found no gender effects across most of their conditions in regard to vulnerability to phishing (with the exception of banking phishing emails for which males were more susceptible). However, it is noted that the existing literature around gender differences is conflicted; for example, [60] found significant gender differences in cybersecurity behaviour—suggesting that further investigation into the potentially nuance effect of gender is needed.

Overall, these findings have implications for future design and development of targeted cybersecurity interventions and the development of policy and practice; in particular, we draw attention to the need to consider differences in cybersecurity behaviour on a more nuanced level.

Data Availability

The survey data used to support the findings of this study have been deposited in the University of Bath data archive. Access available upon request.

Conflicts of Interest

The authors declare no conflicts of interest.

Acknowledgments

This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) as part of the Cybersecurity across the Lifespan (cSALSA) project (EP/P011454/1) and the Centre for Digital Citizens (EP/T022582/1).

References

E. Hargittai, “Second-level digital divide: differences in people’s online skills,” First Monday, vol. 7, no. 4, 2002.
View at: Publisher Site | Google Scholar
A. Hunsaker and E. Hargittai, “A review of Internet use among older adults,” New Media & Society, vol. 20, no. 10, pp. 3937–3954, 2018.
View at: Publisher Site | Google Scholar
T. Mendel and E. Toch, “My mom was getting this Popup,” Proc ACM Interact Mob Wearable Ubiquitous Technol, vol. 3, no. 4, pp. 1–20, 2019.
View at: Publisher Site | Google Scholar
Internet Users, UK, Office for National Statistics, 2021.
Pew Research Center, Demographics of Internet and Home Broadband Usage in the United States, Pew Research Center, 2021.
A. Frik, L. Nurgalieva, J. Bernd, J. Lee, F. Schaub, and S. Egelman, Privacy and security threat models and mitigation strategies of older adults, Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), 2019.
M. Tyler, V. Simic, and L. De George-Walker, “Older adult Internet super-users: counsel from experience,” Activities, Adaptation, & Aging, vol. 42, no. 4, pp. 328–339, 2018.
View at: Publisher Site | Google Scholar
J. Kropczynski, Z. Aljallad, N. J. Elrod, H. Lipford, and P. J. Wisniewski, “Towards building community collective efficacy for managing digital privacy and security within older adult communities,” Proc ACM Hum-Comput Interact, vol. 4, pp. 1–27, 2021.
View at: Publisher Site | Google Scholar
M. Anderson and A. Perrin, Tech adoption climbs amongst older adults, Pew Research Center, 2017.
M. Tyler, L. De George-Walker, and V. Simic, “Motivation matters: older adults and information communication technologies,” Stud Educ Adults, vol. 52, no. 2, pp. 175–194, 2020.
View at: Publisher Site | Google Scholar
B. Morrison, L. Coventry, and P. Briggs, “How do older adults feel about engaging with cyber-security?” Hum Behav Emerg Technol, vol. 3, no. 5, pp. 1033–1049, 2021.
View at: Publisher Site | Google Scholar
R. W. Berkowsky, J. Sharit, and S. J. Czaja, “Factors predicting decisions about technology adoption among older adults,” Innovation in Aging, vol. 2, article igy002, 2017.
View at: Google Scholar
T. Page, “Touchscreen mobile devices and older adults: a usability study,” Int J Hum Factors Ergon, vol. 3, no. 1, p. 65, 2014.
View at: Publisher Site | Google Scholar
J. C. Marquié, L. Jourdan-Boddaert, and N. Huet, “Do older adults underestimate their actual computer knowledge?” Behaviour & Information Technology, vol. 21, no. 4, pp. 273–280, 2002.
View at: Publisher Site | Google Scholar
J. Coker, “Elderly people in the UK lost over £4m to cybercrime last year,” Infosecurity Mag, vol. 3, 2020.
View at: Publisher Site | Google Scholar
B. Lebek, J. Uffen, M. Neumann, B. Hohler, and H. M. Breitner, “Information security awareness and behavior: a theory-based literature review,” Management Research Review, vol. 37, no. 12, pp. 1049–1092, 2014.
View at: Publisher Site | Google Scholar
S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs, “Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions,” pp. 373–382, Association for Computing Machinery.
View at: Google Scholar
M. D. Grilli, K. S. McVeigh, Z. M. Hakim et al., “Is this phishing? Older age is associated with greater difficulty discriminating between safe and malicious emails,” J Gerontol Ser B, vol. 76, no. 9, pp. 1711–1715, 2021.
View at: Publisher Site | Google Scholar
D. M. Sarno, J. E. Lewis, C. J. Bohil, and M. B. Neider, “Which phish is on the hook? Phishing vulnerability for older versus younger adults,” Human Factors, vol. 62, no. 5, pp. 704–717, 2020.
View at: Publisher Site | Google Scholar
D. Oliveira, H. Rocha, H. Yang et al., “Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing,” pp. 6412–6424, Association for Computing Machinery.
View at: Google Scholar
S. L. Jones, E. I. Collins, A. Levordashka, K. Muir, and A. Joinson, What is “cyber security”? Differential language of cyber security across the lifespan. Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, Association for Computing Machinery, New York, NY, USA, 2019.
M. Kezer, B. Sevi, Z. Cemalcilar, and L. Baruh, “Age differences in privacy attitudes, literacy and privacy management on Facebook,” Cyberpsychology J Psychosoc Res Cyberspace, vol. 10, no. 1, 2016.
View at: Publisher Site | Google Scholar
L. Little, P. Briggs, and L. M. Coventry, Who knows about me? An analysis of age-related disclosure preferences, 2011.
View at: Publisher Site
M. Harbach, A. De Luca, N. Malkin, and S. Egelman, “Keep on lockin’ in the free world: A multi-national comparison of smartphone locking,” pp. 4823–4827, Association for Computing Machinery.
View at: Google Scholar
T. N. Friemel, “The digital divide has grown old: determinants of a digital divide among seniors,” New Media & Society, vol. 18, no. 2, pp. 313–331, 2016.
View at: Publisher Site | Google Scholar
R. Ayyagari and A. Crowell, “Risk and demographics’ influence on security behavior intentions,” J South Assoc Inf Syst, vol. 7, no. 1, 2020.
View at: Publisher Site | Google Scholar
K. E. Pearce and R. E. Rice, “Digital divides from access to activities: comparing mobile and personal computer Internet users,” The Journal of Communication, vol. 63, no. 4, pp. 721–744, 2013.
View at: Publisher Site | Google Scholar
H.-S. Rhee, C. Kim, and Y. U. Ryu, “Self-efficacy in information security: its influence on end users’ information security practice behavior,” Computers & Security, vol. 28, no. 8, pp. 816–826, 2009.
View at: Publisher Site | Google Scholar
P. Nintachan, Resilience and risk-taking behavior among Thai adolescents living in Bangkok, Thailand, Theses Diss, 2007.
View at: Publisher Site
M. Rutter, “Implications of resilience concepts for scientific understanding,” Annals of the New York Academy of Sciences, vol. 1094, no. 1, pp. 1–12, 2006.
View at: Publisher Site | Google Scholar
C. Tømte and O. E. Hatlevik, “Gender-differences in self-efficacy ICT related to various ICT-user profiles in Finland and Norway. How do self-efficacy, gender and ICT-user profiles relate to findings from PISA 2006,” Computers in Education, vol. 57, no. 1, pp. 1416–1424, 2011.
View at: Publisher Site | Google Scholar
A. Vance, P. B. Lowry, and D. Eggett, “Using accountability to reduce access policy violations in information systems,” Journal of Management Information Systems, vol. 29, no. 4, pp. 263–290, 2013.
View at: Publisher Site | Google Scholar
F. Alotaibi and A. Alshehri, “Gender differences in information security management,” J Comput Commun, vol. 8, no. 3, pp. 53–60, 2020.
View at: Publisher Site | Google Scholar
S. Egelman and E. Peer, Scaling the Security Wall Developing a Security Behavior Intentions Scale (SeBIS), 2015.
M. C. Howard, “Creation of a computer self-efficacy measure: analysis of internal consistency, psychometric properties, and validity,” Cyberpsychology, Behavior and Social Networking, vol. 17, no. 10, pp. 677–681, 2014.
View at: Publisher Site | Google Scholar
B. W. Smith, J. Dalen, K. Wiggins, E. Tooley, P. Christopher, and J. Bernard, “The brief resilience scale: assessing the ability to bounce back,” International Journal of Behavioral Medicine, vol. 15, no. 3, pp. 194–200, 2008.
View at: Publisher Site | Google Scholar
J. Henseler, C. M. Ringle, and M. Sarstedt, “A new criterion for assessing discriminant validity in variance-based structural equation modeling,” Journal of the Academy of Marketing Science, vol. 43, no. 1, pp. 115–135, 2015.
View at: Publisher Site | Google Scholar
D. George and P. Mallery, SPSS for Windows Step by Step: A Simple Guide and Reference, 17.0 Update - Darren George, Paul Mallery - Google Books, Allyn & Bacon, 2010.
M. Whitty, J. Doodson, S. Creese, and D. Hodges, “Individual differences in cyber security behaviors: an examination of who is sharing passwords,” Cyberpsychology, Behavior and Social Networking, vol. 18, no. 1, pp. 3–7, 2015.
View at: Publisher Site | Google Scholar
C. J. Hoofnagle, J. King, S. Li, and J. Turow, “How different are young adults from older adults when it comes to information privacy attitudes and policies?” Social Science Research Network, vol. 4, pp. 10–10, 2010.
View at: Publisher Site | Google Scholar
A. Hunsaker, M. H. Nguyen, J. Fuchs, G. Karaoglu, T. Djukaric, and E. Hargittai, “Unsung helpers: older adults as a source of digital media support for their peers,” The Communication Review, vol. 23, no. 4, pp. 309–330, 2020.
View at: Publisher Site | Google Scholar
M. Jiang, H. S. Tsai, S. R. Cotten, N. J. Rifon, R. LaRose, and S. Alhabash, “Generational differences in online safety perceptions, knowledge, and practices,” Educational Gerontology, vol. 42, no. 9, pp. 621–634, 2016.
View at: Publisher Site | Google Scholar
L. Mecke, S. Prange, D. Buschek, M. Khamis, M. Hassib, and F. Alt, “Outsourcing” security: supporting people to support older adults, Proceedings of the Mobile HCI’18 Workshop on Mobile Privacy and Security for an Aging Population, Barcelona, Spain, 2018.
N. Nthala and I. Flechais, Informal Support Networks: An Investigation into Home Data Security Practices, 2018.
H. Ray, F. Wolf, R. Kuber, and A. J. Aviv, Why older adults (don’t) use password managers, Proceedings of the 30th USENIX Security Symposium, 2021.
S. Furnell and K.-L. Thomson, “Recognising and addressing ‘security fatigue’,” Comput Fraud Secur, vol. 2009, no. 11, pp. 7–11, 2009.
View at: Publisher Site | Google Scholar
S. Livingstone and E. Helsper, “Balancing opportunities and risks in teenagers’ use of the Internet: the role of online skills and internet self-efficacy,” New Media & Society, vol. 12, no. 2, pp. 309–329, 2010.
View at: Publisher Site | Google Scholar
B. Stanton, M. F. Theofanos, S. S. Prettyman, and S. Furman, “Security fatigue,” IT Prof, vol. 18, no. 5, pp. 26–32, 2016.
View at: Publisher Site | Google Scholar
J. E. Brodsky, A. K. Lodhi, K. L. Powers, F. C. Blumberg, and P. J. Brooks, ““It’s just everywhere now”:middle‐schooland college students’ mental models of the Internet,” Hum Behav Emerg Technol, vol. 3, no. 4, pp. 495–511, 2021.
View at: Publisher Site | Google Scholar
J. Nicholson, L. Coventry, and P. Briggs, Can we Fight Social Engineering Attacks by Social Means? Assessing Social Salience as a Means to Improve Phish Detection, 2017.
T. Daengsi, P. Pornpongtechavanich, and P. Wuttidittachotti, “Cybersecurity awareness enhancement: a study of the effects of age and gender of Thai employees associated with phishing attacks,” Education and Information Technologies, vol. 27, no. 4, pp. 4729–4752, 2022.
View at: Publisher Site | Google Scholar
R. Pak, E. Rovira, A. C. McLaughlin, and N. Baldwin, “Does the domain of technology impact user trust? Investigating trust in automation across different consumer-oriented domains in young adults, military, and older adults,” Theoretical Issues in Ergonomics Science, vol. 18, no. 3, pp. 199–220, 2017.
View at: Publisher Site | Google Scholar
K. A. Hoff and M. Bashir, “Trust in automation,” Human Factors, vol. 57, no. 3, pp. 407–434, 2015.
View at: Publisher Site | Google Scholar
X. Hu and M. Bashir, “Toward designing trustworthy autonomous systems: probing the role of humans’ ethical perspectives,” in 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 974–979, Hangzhou, China, 2022.
View at: Google Scholar
H. Y. Huang and M. N. Bashir, “Users’ trust in automation,” Adv Hum Factors Robots Unmanned Syst - Proc AHFE 2017 Int Conf Hum Factors Robots Unmanned Syst 2017, pp. 282–289, 2018.
View at: Google Scholar
E. Rovira, A. C. McLaughlin, R. Pak, and L. High, “Looking for age differences in self-driving vehicles: examining the effects of automation reliability, driving risk, and physical impairment on trust,” Frontiers in Psychology, vol. 10, p. 800, 2019.
View at: Publisher Site | Google Scholar
S. E. McBride, W. A. Rogers, and A. D. Fisk, “Understanding the effect of workload on automation use for younger and older adults,” Human Factors, vol. 53, no. 6, pp. 672–686, 2011.
View at: Publisher Site | Google Scholar
T. L. Mitzner, J. B. Boron, C. B. Fausset et al., “Older adults talk technology: technology usage and attitudes,” Computers in Human Behavior, vol. 26, no. 6, pp. 1710–1721, 2010.
View at: Publisher Site | Google Scholar
E. Hargittai and S. Shafer, “Differences in actual and perceived online skills: the role of gender,” Social Science Quarterly, vol. 87, no. 2, pp. 432–448, 2006.
View at: Publisher Site | Google Scholar
F. B. Fatokun, S. Hamid, A. Norman, and J. O. Fatokun, “The impact of age, gender, and educational level on the cybersecurity behaviors of tertiary institution students: an empirical investigation on Malaysian universities,” Journal of Physics Conference Series, vol. 1339, no. 1, article 012098, 2019.
View at: Publisher Site | Google Scholar
O. E. Hatlevik, I. Throndsen, M. Loi, and G. B. Gudmundsdottir, “Students’ ICT self-efficacy and computer and information literacy: determinants and relationships,” Computers in Education, vol. 118, pp. 107–119, 2018.
View at: Publisher Site | Google Scholar
B. Rahimi, M. Baetz, R. Bowen, and L. Balbuena, “Resilience, stress, and coping among Canadian medical students,” Can Med Educ J, vol. 5, no. 1, pp. e5–12, 2014.
View at: Publisher Site | Google Scholar
J. R. Overholt and A. Ewert, “Gender matters: exploring the process of developing resilience through outdoor adventure,” The Journal of Experimental Education, vol. 38, pp. 41–55, 2015.
View at: Google Scholar
E. Hargittai and K. Dobransky, “Old dogs, new clicks: digital inequality in skills and uses among older adults,” Canadian Journal of Communication, vol. 42, 2017.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Dawn Branley-Bell et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

2045

Downloads

796

Citations