There is interest in better understanding people's cybersecurity (CS)-related attitudes and behaviors, which are ultimately impacted by their perceived vulnerability to CS risks. There is a relationship between how risk is perceived and how someone acts, with protection motivation theory (PMT) providing a particularly salient framework for explaining this connection. Exploration of how one perceives his or her own vulnerability to CS victimization is essential to understanding this interaction, and risk mitigation of threats relies heavily on the human despite increased reliance on digital technologies such as machine learning that can be used proactively and in real time yet are still impacted by human behavior. This study sought to examine the information security attitudes and behaviors that contribute to perceived CS vulnerability. A convenience sample of 612 college students sampled from two public universities in the United States completed a brief demographic survey and the Online Security Behavior and Beliefs Questionnaire. The instrument demonstrated good internal reliability with an index of perceived vulnerability significantly and positively correlating with multiple subscales. Linear regression indicated subscales that tended to focus more on one's inner belief that he or she is capable and competent enough to understand the nature of CS risks was predictive of perceived vulnerability, potentially resulting from a social desirability response bias which yielded an overly favorable self-report. PMT suggests that knowledge is an essential factor influencing decision making and results of this study suggest that perceived vulnerability may depend upon the appraisal of experience more so than one's actual knowledge or competence.
Keywords: cybersecurity; perceived vulnerability; protection motivation theory; risk mitigation.