•  
  •  
 

Abstract

Human behavior is a persistent and primary cybersecurity vulnerability. However, existing psychometric tools for assessing these factors are often fragmented, focusing on isolated aspects such as knowledge, compliance intentions, or organizational context, and lack a unifying theoretical framework. To address this gap, this study developed and pilot-tested the Cyber-behavioral Index, a novel multidimensional instrument to holistically assess human behavior. The scale operationalizes the CBS framework, comprising five latent dimensions: attitude and habits, perception and belief, social influence, digital influence, and trust in technology. Following a rigorous development process including expert review (n = 3) and cognitive pretesting (n = 10), a 33-item instrument was piloted with a sample of 231 participants. A pilot study was conducted to establish the initial psychometric properties of the scale, focusing on internal consistency and structural differentiation. The results demonstrated strong internal consistency for all five subscales (Cronbach’s α ranging from 0.775 to 0.848) and moderate interscale correlations (r = 0.345 to 0.432), supporting the scale’s reliability and hypothesized multidimensional structure. This study provides researchers and practitioners with a multidimensional instrument for advancing the psychological study of human-technology risk, moving beyond a narrow focus on technical proficiency.

Bahasa Abstract

Perilaku manusia merupakan kerentanan yang persisten dan utama dalam keamanan siber. Namun, perangkat psikometrik yang ada untuk menilai faktor-faktor ini seringkali terfragmentasi, berfokus pada aspek-aspek yang terisolasi seperti pengetahuan, niat kepatuhan, atau konteks organisasi, dan tidak memiliki kerangka teori yang menyatukan. Untuk mengatasi kesenjangan ini, studi ini mengembangkan dan menguji coba Indeks Perilaku Siber, sebuah instrumen multidimensi baru untuk menilai kerentanan perilaku manusia secara holistik. Skala ini mengoperasionalkan Kerangka Kerja Keamanan Perilaku Siber, yang terdiri dari lima dimensi laten: Sikap dan Kebiasaan, Persepsi dan Keyakinan, Pengaruh Sosial, Pengaruh Digital, dan Kepercayaan terhadap Teknologi. Setelah proses pengembangan yang ketat termasuk tinjauan ahli (n = 3) dan pra-uji kognitif (n = 10), instrumen 33 item diuji coba dengan sampel 231 peserta. Percontohan dilakukan untuk menetapkan sifat-sifat psikometrik awal skala, dengan fokus pada konsistensi internal dan diferensiasi struktural. Hasil menunjukkan konsistensi internal yang kuat untuk kelima subskala (α Cronbach berkisar antara 0,775 hingga 0,848) dan korelasi antarskala yang moderat (r = 0,345 hingga 0,432), yang mendukung reliabilitas dan struktur multidimensi yang dihipotesiskan oleh skala tersebut. Instrumen multidimensi bagi para peneliti dan praktisi untuk memajukan studi psikologis tentang risiko manusia-teknologi, melampaui fokus sempit pada kemahiran teknis.

References

Adinugroho, I., & Nurrachman, N. (2022). Understanding aggression in digital environment: Relationship between shame and guilt and cyber aggression in online social network. Makara Human Behavior Studies in Asia, 26(2), 105–113. https://doi.org/10.7454/hubs.asia.2060322

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3(March), 1–23. https://doi.org/10.3389/fcomp.2021.563060

Alsharif, M., Mishra, S., & AlShehri, M. (2022). Impact of human vulnerabilities on cybersecurity. Computer Systems Science and Engineering, 40(3), 1153–1166. https://doi.org/10.32604/csse.2022.019938

Arpaci, I., & Sevinc, K. (2022). Development of the cybersecurity scale (CS-S): Evidence of validity and reliability. Information Development, 38(2), 218–226. https://doi.org/10.1177/0266666921997512

Baltuttis, D., Teubner, T., & Adam, M. T. P. (2024). A typology of cybersecurity behavior among knowledge workers. Computers and Security, 140(August 2023), 103741. https://doi.org/10.1016/j.cose.2024.103741

Beatty, P. C., & Willis, G. B. (2007). Research synthesis: The practice of cognitive interviewing. Public Opinion Quarterly, 71(2), 287–311. https://doi.org/10.1093/poq/nfm006

Bognár, L., & Bottyán, L. (2024). Evaluating online security behavior: Development and validation of a personal cybersecurity awareness scale for university students. Education Sciences, 14(6). https://doi.org/10.3390/educsci14060588

Clark, L. A., & Watson, D. (1995). Constructing validity: Basic issues in objective scale development. Psychological Assessment, 7(3), 309–319. https://doi.org/10.1037/1040-3590.7.3.309

Connelly, L. M. (2008). Pilot studies. Medsurg Nursing : Official Journal of the Academy of Medical-Surgical Nurses, 17(6), 411–412. http://www.ncbi.nlm.nih.gov/pubmed/19248407

Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16(3), 297–334. https://doi.org/10.1007/BF02310555

de Jonge, J. (2006). Multivariate data analysis (Sixth Edition). Gedrag & Organisatie, 19(3). https://doi.org/10.5117/2006.019.003.007

Donalds, C., & Osei-Bryson, K.-M. (2020). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51, 102056. https://doi.org/10.1016/j.ijinfomgt.2019.102056

Fabrigar, L. R., & Wegener, D. T. (2011). Exploratory Factor Analysis. Oxford University Press. https://doi.org/10.1093/acprof:osobl/9780199734177.001.0001

Fam, J. Y. (2025). Problem videogame playing scale: A preliminary study of measurement invariance between English and Malay. Makara Human Behavior Studies in Asia, 29(2), 78–85. https://doi.org/10.7454/hubs.asia.v29.i2.1570

Field, A. (2005). Discovering Statistics Using SPSS (5th ed.). SAGE Publications. http://repo.darmajaya.ac.id/5678/1/Discovering Statistics Using IBM SPSS Statistics %28 PDFDrive %29.pdf

Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73(December), 345–358. https://doi.org/10.1016/j.cose.2017.11.015

Hadlington, L. (2017). Human factors in cybersecurity; examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346. https://doi.org/10.1016/j.heliyon.2017.e00346

Hadlington, L., & Parsons, K. (2017). Can cyberloafing and internet addiction affect organisational information security? Cyberpsychology, Behavior, and Social Networking, 20(9), 567–571. https://doi.org/10.1089/cyber.2017.0239

Haynes, S. N., Richard, D. C. S., & Kubany, E. S. (1995). Content validity in psychological assessment: A functional approach to concepts and methods. Psychological Assessment, 7(3), 238–247. https://doi.org/10.1037/1040-3590.7.3.238

Hertzog, M. A. (2008). Considerations in determining sample size for pilot studies. Research in Nursing & Health, 31(2), 180–191. https://doi.org/10.1002/nur.20247

Hong, Y., & Furnell, S. (2021). Understanding cybersecurity behavioral habits : Insights from situational support. Journal of Information Security and Applications, 57, 102710. https://doi.org/10.1016/j.jisa.2020.102710

Huang, H.-Y., Demetriou, S., Banerjee, R., Tuncay, G. S., Gunter, C. A., & Bashir, M. (2020). Smartphone security behavioral scale: A new psychometric measurement for smartphone security. CoRR, ArXiv, abs/2007.01721https://doi.org/10.48550/arXiv.2007.01721

Johanson, G. A., & Brooks, G. P. (2010). Initial scale development: Sample size for pilot studies. Educational and Psychological Measurement, 70(3), 394–400. https://doi.org/10.1177/0013164409355692

Jose, A. T. (2024). Psycho-social determinants of employee green behavior among IT professionals. Makara Human Behavior Studies in Asia, 28(2), 96–109.https://doi.org/10.7454/hubs.asia.1230524

Joy, L. K., Fenn, J., & Tan, C. (2023). Factor analysis and reliability of the pro-lockdown compliance scale. Makara Human Behavior Studies in Asia, 27(1), 37–43. https://doi.org/10.7454/hubs.asia.1011122

Khan, N. F., Ikram, N., Saleem, S., & Zafar, S. (2023a). Cyber-security and risky behaviors in a developing country context: A Pakistani perspective. Security Journal, 36(2). https://doi.org/10.1057/s41284-022-00343-4

Khan, N. F., Ikram, N., Saleem, S., & Zafar, S. (2023b). Cyber-security and risky behaviors in a developing country context: a Pakistani perspective. Security Journal, 36(2), 373–405. https://doi.org/10.1057/s41284-022-00343-4

Kshetri, N., Vasudha, & Hoxha, D. (2023). knowCC: Knowledge, Awareness of Computer; Cyber Ethics Between CS/Non-CS University Students. 2023 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), 298–304. https://doi.org/10.1109/ICCCIS60361.2023.10425385

Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45(October 2018), 13–24. https://doi.org/10.1016/j.ijinfomgt.2018.10.017

LYNN, M. R. (1986). Determination and quantification of content validity. Nursing Research, 35(6), 382???386. https://doi.org/10.1097/00006199-198611000-00017

McNeish, D. (2018). Thanks coefficient alpha, we’ll take it from here. Psychological Methods, 23(3), 412–433. https://doi.org/10.1037/met0000144

Nunnally, J. C. (1978). Psychometric Theory (2nd ed.). McGraw-Hill.

Öğütçü, G., Testik, Ö. M., & Chouseinoglou, O. (2016). Analysis of personal information security behavior and awareness. Computers & Security, 56, 83–93. https://doi.org/10.1016/j.cose.2015.10.002

Pacquing, M. C. T. (2023). Employee engagement is the key: Its mediating role between person–environment fit and organizational commitment among Filipino employees. Makara Human Behavior Studies in Asia, 27(1), 1–7. https://doi.org/10.7454/hubs.asia.1290722

Papatsaroucha, D., Nikoloudakis, Y., Kefaloukos, I., Pallis, E., & Markakis, E. K. (2021). A Survey on Human and Personality Vulnerability Assessment in Cyber-security: Challenges, Approaches, and Open Issues. https://doi.org/10.48550/arXiv.2106.09986

Polit, D. F., & Beck, C. T. (2017). Nursing Research: Generating and Assessing Evidence for Nursing Practice (10th ed.). LWW.

Qiu, W., Joe, H., 2009. ClusterGeneration: Random Cluster Generation (With Specified Degree of Separation), 1. R Package Version 1.2.7.

Ramlo, S., & Nicholas, J. B. (2021). The human factor: assessing individuals’ perceptions related to cybersecurity. Information & Computer Security, 29(2), 350–364. https://doi.org/10.1108/ICS-04-2020-0052

Syafitri, W., Shukur, Z., Mokhtar, U. A., Sulaiman, R., & Ibrahim, M. A. (2022). Social engineering attacks prevention: A systematic literature review. IEEE Access, 10, 39325–39343. https://doi.org/10.1109/ACCESS.2022.3162594

Tavakol, M., & Dennick, R. (2011). Making sense of Cronbach’s alpha. International Journal of Medical Education, 2, 53–55. https://doi.org/10.5116/ijme.4dfb.8dfd

Willis G. (2006) Cognitive Interviewing as a Tool for Improving the Informed Consent Process. Journal of Empirical Research on Human Research Ethics. 1(1):9-23. https://doi.org/10.1525/jer.2006.1.1.9.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.