Human Factors in Security – Cybersecurity Education and Awareness of Business Students

Łukasz Wiechetek, Marek Mędrek


Theoretical background: The rapid development of Internet interactions and a growing number of information technology users caused by digital society development and accelerated by the COVID-19 pandemic yield the significant growth of cyber-attacks and cybersecurity incidents. Members of Generation Z use information technology as a main tool for broadening their knowledge and skills. For such digital natives, proficiency in ICTs appears as an indispensable element of life. This is even more apparent during the COVID-19 pandemic, when they are forced to use IT tools more often, both for the entertainment, education, and work. Such acceleration generates new possibilities, but also new threats.

Purpose of the article: The aim of the paper is to check if members of Generation Z are aware of cybersecurity issues and whether they know basic threats and methods/tools that can improve the safety. We analyse students’ behaviour in the event of cyber incident and examine whether the analysed group is willing to improve cyber knowledge, skills, and attitudes.

Research methods: We explored data collected from business students (N = 182). The online questionnaire was prepared in LimeSurvey. Finally, data analysis and visualization were performed in Microsoft Excel and Tableau.

Main findings: The analysis indicates that business students have rather poor knowledge in cybersecurity. The results demonstrate the need for targeted educational campaigns and trainings that address the specific cyber weaknesses to build secure ecosystem, combining both technical, organizational, and behavioural aspects.


computer security; cybersecurity; cybersecurity awareness; security education; cybersecurity education; business students

Full Text:



Abawajy, J. (2012). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237–248. doi:10.1080/0144929X.2012.708787

Affico, J.F. (2017). Expanding cyber security learning in the business curriculum. Proceedings for the Northeast Region Decision Sciences Institute (NEDSI), 420–435.

Alqahtani, H., & Kavakli-Thorne, M. (2020). Does decision-making style predict individuals’ cybersecurity avoidance behaviour? In International Conference on Human-Computer Interaction (pp. 32–50). Cham: Springer doi:10.1007/978-3-030-50309-3_3

Alqahtani, H., Kavakli-Thorne, M., & Alrowaily, M. (2020). The impact of gamification factor in the acceptance of cybersecurity awareness augmented reality game (CybAR). In International Conference on Human-Computer Interaction (pp. 16–31). Cham: Springer. doi:10.1007/978-3-030-50309-3_2

Arcuri, M.C., Gai, L., Ielasi, F., & Ventisette, E. (2020). Cyber attacks on hospitality sector: Stock market reaction Journal of Hospitality and Tourism Technology, 11(2), 277–290. doi:10.1108/JHTT-05-2019-0080

Arora, A., & Mendhekar, A. (2021). Innovative techniques for student engagement in cybersecurity education In Data Management, Analytics and Innovation (pp. 395–406). Singapore: Springer. doi:10.1007/978-981-15-5616-6_28

Blackwood-Brown, C., Levy, Y., & D’Arcy, J. (2021). Cybersecurity awareness and skills of senior citizens: A motivation perspective Journal of Computer Information Systems, 61(3), 1–12. doi:10.1080/08874417.2019.1579076

Cabaj, K., Domingos, D., Kotulski, Z., & Respício, A. (2018). Cybersecurity education: Evolution of the discipline and analysis of master programs Computers & Security, 75, 24–35. doi:10.1016/j.cose.2018.01.015

Cassotta, S., & Sidortsov, R. (2019). Sustainable cybersecurity? Rethinking approaches to protecting energy infrastructure in the European High North Energy Research & Social Science, 51, 129–133. doi:10.1016/j.erss.2019.01.003

Corradini, I., & Nardelli, E. (2020). Developing digital awareness at school: a fundamental step for cybersecurity education In International Conference on Applied Human Factors and Ergonomics (pp. 102–110). Cham: Springer. doi:10.1007/978-3-030-52581-1_14

Crumpler, W., & Lewis, J.A. (2019). Cybersecurity Workforce Gap Center for Strategic and International Studies (CSIS).

Cybint. (2020). Alarming Cyber Security Facts and Stats. Retrieved from

Dahbur, K., Bashabsheh, Z., & Bashabsheh, D. (2017). Assessment of security awareness: A qualitative and quantitative study. International Management Review, 13(1), 37.

Demmese, F., Yuan, X., & Dicheva, D. (2020). Evaluating the effectiveness of gamifiation on students’ performance in a cybersecurity course Journal of the Colloquium for Information Systems Security Education, 8(1), 6–6.

Gartner. (2020). Forecast Analysis: Information Security, Worldwide, 2Q18 Update. Retrieved from

Gonzalez, H., Llamas, R., & Ordaz, F. (2017). Cybersecurity teaching through gamifiation: Aligning training resources to our syllabus Research in Computing Science, 146, 35–43.

Harris, M.A. (2015). Using Bloom’s and Webb’s taxonomies to integrate emerging cybersecurity topics into a computing curriculum Journal of Information Systems Education, 26(3), 219–234. Retrieved from

Imgraben, J., Engelbrecht, A., & Choo, K.K.R. (2014). Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users Behaviour & Information Technology, 33(12), 1347–1360. doi:10.1080/0144929X.2014.934286

Jin, G., Tu, M., Kim, T.H., Heffron, J., & White, J. (2018). Evaluation of game-based learning in cybersecurity education for high school students Journal of Education and Learning (EduLearn), 12(1), 150–158. doi:10.11591/edulearn.v12i1.7736

Jorgensen, R., Rowe, D., & Wyler, N. (2017). Competitions and gamifiation in cybersecurity education and workforce development and evaluation of real world skills. Journal of Computing Sciences in Colleges, 33(2), 155–156.

Kreider, C., & Almalag, M. (2019). A framework for cybersecurity gap analysis in higher education. Retrieved from

McCrohan, K.F., Engel, K., & Harvey, J.W. (2010). Inflence of awareness and training on cyber security. Journal of Internet Commerce, 9(1), 23–41. doi:10.1080/15332861.2010.487415

Ministry of Digital Affairs. (2017). The Strategy of Cybersecurity of the Republic of Poland for the years 2017–2022. Retrieved from

Ministry of National Education. (2017). Cybersecurity in schools. Retrieved from

Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST special publication, 800(2017), 181. doi:10.6028/NIST.SP.800-181

Pawlowski, S.D., & Jung, Y. (2015). Social representations of cybersecurity by university students and implications for instructional design Journal of Information Systems Education, 26(4), 281–294. Retrieved from

Pencheva, D., Hallett, J., & Rashid, A. (2020). Bringing cyber to school: Integrating cybersecurity into secondary school education IEEE Security & Privacy, 18(2), 68–74. doi:10.1109/MSEC.2020.2969409

Pendley, J.A. (2018). Finance and accounting professionals and cybersecurity awareness. Journal of Corporate Accounting & Finance, 29(1), 53–58. doi:10.1002/jcaf.22291

Rahman, A., Malaysia, N.A., Sairi, M.T.U.K., Zizi, I.K., & Khalid, F. (2020). The importance of cybersecurity education in school International Journal of Information and Education Technology, 10(5), 378–382. doi:10.18178/ijiet.2020.10.5.1393

Ros, S., Gonzalez, S., Robles, A., Tobarra, L.L., Caminero, A., & Cano, J. (2020). Analyzing students’ self-perception of success and learning effectiveness using gamifiation in an online cybersecurity course IEEE Access, 8, 97718–97728. doi:10.1109/ACCESS.2020.2996361

Siddiqui, Z., & Zeeshan, N. (2020). A survey on cybersecurity challenges and awareness for children of all ages In 2020 International Conference on Computing, Electronics & Communications Engineering (ICCECE) IEEE, 131–136. doi:10.1109/iCCECE49321.2020.9231229

Son, J., Bhuse, V., Othmane, L.B., & Lilien, L. (2015). Incorporating lab experience into computer security courses: three case studies Global Journal of Enterprise Information System, 7(2), 69–80.

Tirumala, S.S., Valluri, M.R., & Babu, G.A. (2019). A survey on cybersecurity awareness concerns, practices and conceptual measures In 2019 International Conference on Computer Communication and Informatics (ICCCI), IEEE, 1–6. doi:10.1109/ICCCI.2019.8821951

Venkatachary, S.K., Prasad, J., & Samikannu, R. (2018). Cybersecurity and cyber terrorism-in energy sector – a review. Journal of Cyber Security Technology, 2(3–4), 111–130. doi:10.1080/23742917.2018.1518057

Whitty, M., Doodson, J., Creese, S., & Hodges, D. (2015). Individual differences in cyber security behaviors: an examination of who is sharing passwords. Cyberpsychology, Behavior, and Social Networking, 18(1), 3–7. doi:10.1089/cyber.2014.0179

Zhang-Kennedy, L., & Chiasson, S. (2021). A systematic review of multimedia tools for cybersecurity awareness and education. ACM Computing Surveys (CSUR), 54(1), 1–39. doi:10.1145/3427920

Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., & Basim, H.N. (2020). Cyber security awareness, knowledge and behavior: A comparative study. Journal of Computer Information Systems, 1–16. doi:10.1080/08874417.2020.1712269

Data publikacji: 2022-09-05 12:06:31
Data złożenia artykułu: 2022-05-10 14:09:32


Total abstract view - 441
Downloads (from 2020-06-17) - PDF - 0



  • There are currently no refbacks.

Copyright (c) 2022 Łukasz Wiechetek, Marek Mędrek

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.