Level of User Security Behavior in the Service Industry

- Gushelmi, Rodziah Latih, Abdullah Mohd. Zin


User security behavior is all user actions related to computer system security. Previous studies have shown that user security behavior is one of the main causes of computer and information security problems in many organizations. In order to mitigate this problem, we need to find a solution to improve user security behavior in the organization. This process involves three steps. This study emphasizes the first step to address an organization's security behavior. Therefore, this study aims to determine the level of user security behavior for four service industries in West Sumatra in 2019. This study is carried out by using a survey research method. Questionnaires were distributed to 320 respondents from four service sectors: government, education, banking, and private services. The questionnaire consists of 30 questions comprising seven factors influencing user security behavior: the organization's values, co-workers' behavior, the ability to make decisions, the availability of supporting tools, individual values and standards, the employee-employer relationship, and the Effort required. The result shows that the level of user security behavior is reasonably high. This implies that service sector employees in Indonesia are aware of the threats in cyberspace and the importance of the security procedure at work. For further research, we plan to study some security problems in more detail to propose possible solutions or actions to improve user security behavior in the service industry, particularly in Indonesia.


Malware; cybercrimes; security awareness; information security

Full Text:



W. A. Al-khater, S. Member, S. A.- Ma, S. Member, K. Khan, and S. Member, “Comprehensive Review of Cybercrime Detection Techniques,†IEEE Access, vol. XX, 2020, doi: 10.1109/ACCESS.2020.3011259.

J. Brands and J. Van Doorn, “The measurement, intensity and determinants of fear of cybercrime: A systematic review,†Comput. Human Behav., vol. 127, p. 107082, 2022, doi: 10.1016/j.chb.2021.107082.

T. B. G. Herath, P. Khanna, and M. Ahmed, “Cybersecurity Practices for Social Media Users: A Systematic Literature Review,†J. Cybersecurity Priv., vol. 2, no. 1, pp. 1–18, Jan. 2022, doi: 10.3390/jcp2010001.

H. Oz, A. Aris, A. Levi, and A. S. Uluagac, “A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions,†ACM Comput. Surv., vol. 54, no. 11s, pp. 1–37, Jan. 2022, doi: 10.1145/3514229.

A. Chernikova et al., “Cyber Network Resilience Against Self-Propagating Malware Attacks,†in European Symposium on Research in Computer Security, Springer, 2022, pp. 531–550.

S. Kamil, H. S. A. Siti Norul, A. Firdaus, and O. L. Usman, “The Rise of Ransomware: A Review of Attacks, Detection Techniques, and Future Challenges,†in 2022 International Conference on Business Analytics for Technology and Security (ICBATS), Feb. 2022, pp. 1–7, doi: 10.1109/ICBATS54253.2022.9759000.

Y. Hong and S. Furnell, “Motivating Information Security Policy Compliance: Insights from Perceived Organizational Formalization,†J. Comput. Inf. Syst., vol. 62, no. 1, pp. 19–28, 2022, doi: 10.1080/08874417.2019.1683781.

H. Suryotrisongko and Y. Musashi, “Review of cybersecurity research topics, taxonomy and challenges: Interdisciplinary perspective,†Proc. - 2019 IEEE 12th Conf. Serv. Comput. Appl. SOCA 2019, pp. 162–167, 2019, doi: 10.1109/SOCA.2019.00031.

L. Sanny, V. Angelina, and B. B. Christian, “Innovation of SME service industry in Indonesia in improving customer satisfaction,†J. Sci. Technol. Policy Manag., vol. 12, no. 2, pp. 351–370, 2021, doi: 10.1108/JSTPM-03-2020-0056.

R. F. Ali, P. D. D. Dominic, S. Emad, A. Ali, and M. Rehman, “applied sciences Information Security Behavior and Information Security Policy Compliance : A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance,†Appl. Sci., 2021.

I. Metin-Orta and D. Demirtepe-Saygılı, “Cyberloafing behaviors among university students: Their relationships with positive and negative affect,†Curr. Psychol., no. 0123456789, 2021, doi: 10.1007/s12144-021-02374-3.

S. Toker and M. H. Baturay, “Factors affecting cyberloafing in computer laboratory teaching settings,†Int. J. Educ. Technol. High. Educ., vol. 18, no. 1, 2021, doi: 10.1186/s41239-021-00250-5.

S. Asongu, C. Meniago, and R. Salahodjaev, “The role of value added across economic sectors in modulating the effects of FDI on TFP and economic growth dynamics,†Int. J. Emerg. Mark., 2022, doi: 10.1108/IJOEM-10-2018-0547.

C. Chang, “Relational bonds , customer engagement , and service quality,†Serv. Ind. J., vol. 41, no. 321, pp. 330–354, 2021.

A. da Veiga, L. V. Astakhova, A. Botha, and M. Herselman, “Defining organisational information security culture—Perspectives from academia and industry,†Comput. Secur., vol. 92, p. 101713, 2020, doi: 10.1016/j.cose.2020.101713.

E. Ukwandu et al., “Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends,†Inf., vol. 13, no. 3, pp. 1–22, 2022, doi: 10.3390/info13030146.

A. Wiley, A. McCormac, and D. Calic, “More than the individual: Examining the relationship between culture and Information Security Awareness,†Comput. Secur., vol. 88, 2020, doi: 10.1016/j.cose.2019.101640.

G. Carmi and D. Bouhnik, “The Effect of Rational Based Beliefs and Awareness on Employee Compliance with Information Security Procedures: A Case Study of a Financial Corporation in Israel,†Interdiscip. J. Information, Knowledge, Manag., vol. 15, pp. 109–125, 2020, doi: 10.28945/4596.

V. Hooper and C. Blunt, “Factors influencing the information security behaviour of IT employees,†Behav. Inf. Technol., vol. 39, no. 8, pp. 862–874, Aug. 2020, doi: 10.1080/0144929X.2019.1623322.

Z. Ahmad, T. S. Ong, T. H. Liew, and M. Norhashim, “Security monitoring and information security assurance behaviour among employees,†Inf. Comput. Secur., vol. 27, no. 2, pp. 165–188, Jun. 2019, doi: 10.1108/ICS-10-2017-0073.

M. Karjalainen, M. Siponen, and S. Sarker, “Toward a stage theory of the development of employees’ information security behavior,†Comput. Secur., vol. 93, p. 101782, Jun. 2020, doi: 10.1016/j.cose.2020.101782.

S. Barth, M. D. T. de Jong, M. Junger, P. H. Hartel, and J. C. Roppelt, “Putting the privacy paradox to the test: Online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources,†Telemat. Informatics, vol. 41, pp. 55–69, Aug. 2019, doi: 10.1016/j.tele.2019.03.003.

J. Leach and J. Leach, “Improving user security behaviour,†Comput. Secur., vol. 22, no. 8, pp. 685–692, 2003.

L. Connolly, M. Lang, J. Gathegi, and J. D. Tygar, “The effect of organisational culture on employee security behaviour: A qualitative study,†Proc. 10th Int. Symp. Hum. Asp. Inf. Secur. Assur. HAISA 2016, no. March 2018, pp. 33–44, 2016.

M. J. Alotaibi, S. Furnell, and N. Clarke, “A framework for reporting and dealing with end-user security policy compliance,†Inf. Comput. Secur., vol. 27, no. 1, pp. 2–25, Mar. 2019, doi: 10.1108/ICS-12-2017-0097.

N. Sarhan, A. Harb, F. Shrafat, and M. Alhusban, “The effect of organizational culture on the organizational commitment: Evidence from hotel industry,†Manag. Sci. Lett., vol. 10, no. 1, pp. 183–196, 2020, doi: 10.5267/j.msl.2019.8.004.

G. Hofstede, “Culture’s Consequences:International Differences in Work-related Values,†Sage Publ. Thousand Oaks, 1980.

S. H. Schwartz, “Universal In The Content And Structure Of Values : Theoretical Advances And 20 Countries,†vol. 25, 1992.

S. Furnell, W. Khern-am-nuai, R. Esmael, W. Yang, and N. Li, “Enhancing security behaviour by supporting the user,†Comput. Secur., vol. 75, pp. 1–9, Jun. 2018, doi: 10.1016/j.cose.2018.01.016.

M. Rakhra, “Behaviour In Developing An Effective Anti-Phishing Educational Framework,†no. Icisc, pp. 832–836, 2018.

F. Foroughi and P. Luksch, “A Multi-agent Model for Security Awareness Driven by Home User’s Behaviours,†in Advances in Intelligent Systems and Computing, vol. 880, Springer International Publishing, 2019, pp. 185–195.

P. Uwayo, V. M. Nsanzumukiza, A. Maniragaba, A. P. Nsabimana, and V. Akimanizanye, “Contribution of Former Poachers for Wildlife Conservation in Rwanda Volcanoes National Park,†J. Geosci. Environ. Prot., vol. 08, no. 04, pp. 47–56, 2020, doi: 10.4236/gep.2020.84004.

D. McGartland Rubio, “Content Validity,†in Encyclopedia of Social Measurement, vol. 1, Elsevier, 2005, pp. 495–498.

S. A. Livingston, “Test Reliability-Basic Concepts,†2018.

S. Giap, M. Ang, L. Anthony, and P. O. Brien, “Investigating the psychometric properties of the Carers ’ Fall Concern instrument to measure carers ’ concern for older people at risk of falling at home : A cross-sectional study,†no. August 2019, pp. 1–10, 2020, doi: 10.1111/opn.12338.

E. K. Titov and V. Y. Tsvetkov, “Accumulated reliability of information hardware and software systems,†IOP Conf. Ser. Mater. Sci. Eng., vol. 919, no. 2, p. 022055, Sep. 2020, doi: 10.1088/1757-899X/919/2/022055.

E. A. O. Zijlmans, J. Tijmstra, L. A. van der Ark, and K. Sijtsma, “Item-Score Reliability as a Selection Tool in Test Construction,†Front. Psychol., vol. 9, no. JAN, Jan. 2019, doi: 10.3389/fpsyg.2018.02298.

DOI: http://dx.doi.org/10.18517/ijaseit.13.4.18425


  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development