*Perceptions, attitudes and beliefs.*

Attitude can be defined as a person's inclination to judge or assess something in a particular way. Attitude has been known to influence an individual's behaviour, whereby individuals and users each own a number of beliefs and attitudes unique to themselves that may affect their behaviour in various aspects which also include their security behaviours. But it is noted that uncomfortable tensions may occur as a result of the misalignment between attitude and behaviours and the only solution to solve it is by undergoing change to one's attitude or behaviour. Within the discussion on the matter of behaviours, it will always involve various different factors that interact together in complex ways and researchers have come up with various models to illustrate such relationships such as:


**135**

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information…*

of the desired behaviour as well as the evaluation of cost and benefit produce by the behaviour. Thus, according to this model, it can be said that when users believes that by behaving securely and employing security measures to their mobile devices will produce positive outcome to themselves, the users will effectively perform the security behaviour that they had planned in their minds.

3.Protection motivation model - The protection motivation model was created with an intention to aid individuals in resolving and coping with their fear appeals and this model believes that the behaviour of individuals are influenced by two appraisals namely the threat appraisal and the coping appraisal. The threat appraisal refers to user's perception on the gravity of an incident and user's perception on the likelihood of an incident or vulnerability while the coping appraisal refers to user's efficacy of the suggested precautionary behaviour as well as user's perception of their own efficacy (self-efficacy).

4.Learning model - One of the assumptions made within the learning model is that it assumes that behaviour is a process that individuals need to learn and that the learning process is influenced by two different elements which are incentives in the form of punishment or rewards and the social environment

5.Change models - Change models are known to be built by the assumption that changes in behaviour is a step-by-step process that involves many stages and it does not ever occur in a single step or occasion. Researchers have constructed various change models and some of the most frequently models that have been implemented includes Lewin's 3-stage model of change management and

It is in human nature that every person are bound to be influenced by the people that surrounds them regularly which includes family members, friends, top managers, work colleagues or other various entities that could be labelled as a role model to the particular individual. In other words, the behaviour, norms or beliefs of another person could heavily influence user's behaviour towards SMD security. In the context of organisational workplace, one of the main predictors of employee's behaviour towards the implementation of security policies is how employees perceived the expectation set by the managers on complying with the security measures or policies. The main reason of employees ignoring the instruction of the organisation to employ security practices and measures such as encrypting their email messages is primarily due to employee's not seeing the practices being exercised by fellow peers and managers. Thus, within the context of mobile device security, it is highlighted that user's chances of exhibiting security behaviours are increased exponentially when the entities or role models surrounding the user is exhibiting similar security practices or behaviours. When users feel that they are doing an activity that is similar to their role models or the neighbouring people, it could result in a sort of connection or "aligned" interest that could significantly

surrounding the individual which includes role models.

*Social influencers: Social norms at home, workplace and lifestyle.*

promote the users of SMD to conduct a set of security behaviour [4, 26]. *Generation-Z perception towards SMD Information Security.*

It is a widely known fact that generation Z are regarded as the generation of youths that does not remember any strand of moments or memories without the usage of smart mobile devices, and they are considered as the top targets of attackers due to their constant usage of mobile devices. This is where the youth's awareness on cyber threats as well as the best practice of security behaviour on SMD

Kotter's 8-step theory of change management.

*DOI: http://dx.doi.org/10.5772/intechopen.95752*

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information… DOI: http://dx.doi.org/10.5772/intechopen.95752*

of the desired behaviour as well as the evaluation of cost and benefit produce by the behaviour. Thus, according to this model, it can be said that when users believes that by behaving securely and employing security measures to their mobile devices will produce positive outcome to themselves, the users will effectively perform the security behaviour that they had planned in their minds.


#### *Social influencers: Social norms at home, workplace and lifestyle.*

It is in human nature that every person are bound to be influenced by the people that surrounds them regularly which includes family members, friends, top managers, work colleagues or other various entities that could be labelled as a role model to the particular individual. In other words, the behaviour, norms or beliefs of another person could heavily influence user's behaviour towards SMD security. In the context of organisational workplace, one of the main predictors of employee's behaviour towards the implementation of security policies is how employees perceived the expectation set by the managers on complying with the security measures or policies. The main reason of employees ignoring the instruction of the organisation to employ security practices and measures such as encrypting their email messages is primarily due to employee's not seeing the practices being exercised by fellow peers and managers. Thus, within the context of mobile device security, it is highlighted that user's chances of exhibiting security behaviours are increased exponentially when the entities or role models surrounding the user is exhibiting similar security practices or behaviours. When users feel that they are doing an activity that is similar to their role models or the neighbouring people, it could result in a sort of connection or "aligned" interest that could significantly promote the users of SMD to conduct a set of security behaviour [4, 26].

*Generation-Z perception towards SMD Information Security.*

It is a widely known fact that generation Z are regarded as the generation of youths that does not remember any strand of moments or memories without the usage of smart mobile devices, and they are considered as the top targets of attackers due to their constant usage of mobile devices. This is where the youth's awareness on cyber threats as well as the best practice of security behaviour on SMD

*Data Integrity and Quality*

beneficial, it may lead users to create biases.

*Perceptions, attitudes and beliefs.*

models to illustrate such relationships such as:

level as a determiner of good cyber security behaviours.

one of the challenges faced by users is that it is quite difficult for users to conform to best practices of protecting their mobile device because users would not know which specific type of attack or risk they will encounter, especially during these times where by the nature of cyber attacks are always changing as attackers could find many different method to perform fraudulent actions. Due to such uncertainties, users tend to rely on their individual heuristics ability or skills that enables users to make quick and efficient judgements as well as decisions within a short period of time. However, it is also noted that even though the use of heuristics is

On the other hand, the availability and delivery of constant and beneficial information is required in order for users to exhibit security behaviours but it is also noted that such information might not be enough to inspire or motivate users to change their behaviours into a more security oriented in nature. Users still exhibit poor security behaviours even after attending cyber awareness training and campaigns and further added that it is not recommended to refer to user's knowledge

Attitude can be defined as a person's inclination to judge or assess something in a particular way. Attitude has been known to influence an individual's behaviour, whereby individuals and users each own a number of beliefs and attitudes unique to themselves that may affect their behaviour in various aspects which also include their security behaviours. But it is noted that uncomfortable tensions may occur as a result of the misalignment between attitude and behaviours and the only solution to solve it is by undergoing change to one's attitude or behaviour. Within the discussion on the matter of behaviours, it will always involve various different factors that interact together in complex ways and researchers have come up with various

1.Rational choice based model - One of the main assumption within the rational choice model or also known as rational action model, is that it assumes that users has perfect information. What is meant by perfect information here is that users are assumed to acquire all information regarding every possible choices or alternatives and then users will act on it by behaving in a manner that will provide them with the best outcome out of all possible choices. But an individual's act of processing the obtained information does not necessarily lead to the generation of a rational behaviour and consequently, individuals does not necessarily perform a rational choice in order to achieve the optimum result. Hence, according to this model, it can be said that every mobile device users are already equipped with the cognitive ability and motivation required to make rational decisions when faced with security incidents such as the act of applying facts in assessing cyber incidents. However, it is also noted that there is a challenge in doing so primarily due to the uncertainties of outcome or end

results when dealing with anything related to cyber security.

2.Theory and model of planned behaviour - The main motive behind the use of the planned behaviour model amongst researchers is to analyse and describe the behaviours exhibited by individuals that are equipped with the ability to exercise self-control. One of the assumption that has been created within this model is that it assumes that any behaviour is planned and any individuals that plans to act or behave in a certain way will actually commit to it and behave in the way they have initially planned. A fundamental element within the planned behaviour model is behavioural intent, where the intention to behave in a certain way is subject to the attitude towards the expected outcome

**134**

comes into the bigger picture. The generation Z was observed to express concerns on the security of their mobile devices where within the research, it was discovered that about 40% of the Generation Z youths expressed their desire to be able to know the person they are communicating with when making online shopping or retail through authentication so that they are able to trust the person they are interacting with. It further added that generation Z are also concerned on various aspects of security such as the likelihood of their mobile device being hacked and the risk associated with cyber crimes which includes fraud and identity theft.

Even though it seemed that the Generation Z are actively concerned about security issues, there were also evidence from other research which states that the Gen-Z are overconfident in their ability to tackle security issues. In other hand, the Gen-Z assumed to themselves that they are very cyber secure but in reality, it was the vice versa. It was proven so from the survey conducted by the researcher where in one of the questions, the researcher discovered that the 96% of the Gen-Z youths believes that they are able to keep their personal or sensitive online data save but in another question, it was revealed that the 32% of the Gen-Z respondents have not put in little to no effort in creating their passwords. Within another question, it was also revealed that 78% of Gen-Z youths agreed that they had created and used the same passwords for various personal accounts. It is also revealed in recent studies that most of the Gen-Z youths are more open or encouraged to the idea of balancing between their desirability for a greater personalised experience and their concerns on security/privacy issues. However, generation Z are 25% more prone opt for a digital world compared to generation X and boomers, where in that digital world applications and websites have the ability to forecast and deliver what the user requires at any period of time. Here, the Gen-Z youths which accounts to 45% of total Gen-Z respondents were willing to give out their data in order to experience a more personalised environment at the cost of their privacy. The Gen-Z youths founds a website in which the website fails to predict the items they wanted, about 50% of the Gen-Z respondents will halt their activity on that website and stop visiting it.

In conclusion, it can be seen that despite the concerns for cyber security, some of the youths are behaving overconfidently towards their ability to protect themselves from cyber incidents while some behavioural patterns seen in youths presently are their willingness to trade their privacy just for some personalised environment or experience. One way to solve these behavioural problems is by creating or promoting security awareness on their behaviour. There could be different ways to solve them, thus this indicates that there is more work and research to be done on the topic of SMD information security and its relationship with the main users of mobile device, the Generation Z.

#### *Effect of security awareness to customer trust.*

Various researches had been established and conducted that was looking into the relationship between awareness of security and customer trust. There are possibility of risk associated with their transaction such as trust as well as privacy risk when a vendor or an organisation requested users to provide information that are considered irrelevant for the transaction such as asking questions on the user's age or gender. Trust amongst public towards organisations or corporations had been deteriorating for the past few years and one of the main rationale behind the drop of public trust is due to the advancement of cyber crime and cyber criminals, especially within this technologically advanced era.

Their study further revealed that there is a strong relationship between cyber security and user's assurance or trust towards an organisation. In the study, 53% of the respondents revealed that their perception of an organisation as a brand that can be trusted were based on the strict and meticulous security measures they had

**137**

**Author details**

Heru Susanto1,2,3

1 School of Business, Universiti Teknologi Brunei, Brunei

3 Information Management, Tunghai University, Taiwan

provided the original work is properly cited.

2 Research Centre for Informatics, the Indonesia Institute of Sciences, Indonesia

\*Address all correspondence to: heru.susanto@utb.edu.bn; heru.susanto@lipi.go.id

© 2021 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information…*

to undergo during the sign in process, and also, 49% of the respondents revealed that their experience of never encountering any security issues acted as an indicator for choosing which organisation to trust. Furthermore, 47% of the users within the study revealed to have stayed with their chosen organisations in which they assume

In summary, with the increase in SMD usage contributed by the Generation Z youths, it is expected that more cyber attacks or incidents such as malware will be aimed towards the mobile device users. The study is aimed at measuring the level of smart mobile device security and privacy awareness. Firstly, a survey questionnaire was conducted in order to measure the level of awareness of SMD security amongst

The major findings of the survey showed that on average 43% of the users rarely changed their network and mobile screen password. It is also found out that over 56.1% users have never read the EULA policy before installing any applications and about 43.8% users always stay logged in after using their personal accounts. Additionally, more than 50% of users have stored sensitive data within their mobile device but 61.4% users have not installed any security software or applications to their mobile device, thus making their sensitive data vulnerable to cyber attacks. Secondly, a new framework have been proposed in order to increase the awareness level of mobile device users which is based on the security behaviours exhibited by SMD users. Within the framework, it is highlighted that in order to increase the level of SMD security and privacy awareness, users need increase their level of awareness on security behaviours by understanding the importance and rationale

*DOI: http://dx.doi.org/10.5772/intechopen.95752*

to be more secure that other organisations.

behind various cyber security behaviours.

**6. Conclusion**

Generation Z youths.

*Revealing Cyber Threat of Smart Mobile Devices within Digital Ecosystem: User Information… DOI: http://dx.doi.org/10.5772/intechopen.95752*

to undergo during the sign in process, and also, 49% of the respondents revealed that their experience of never encountering any security issues acted as an indicator for choosing which organisation to trust. Furthermore, 47% of the users within the study revealed to have stayed with their chosen organisations in which they assume to be more secure that other organisations.

## **6. Conclusion**

*Data Integrity and Quality*

comes into the bigger picture. The generation Z was observed to express concerns on the security of their mobile devices where within the research, it was discovered that about 40% of the Generation Z youths expressed their desire to be able to know the person they are communicating with when making online shopping or retail through authentication so that they are able to trust the person they are interacting with. It further added that generation Z are also concerned on various aspects of security such as the likelihood of their mobile device being hacked and the risk

Even though it seemed that the Generation Z are actively concerned about security issues, there were also evidence from other research which states that the Gen-Z are overconfident in their ability to tackle security issues. In other hand, the Gen-Z assumed to themselves that they are very cyber secure but in reality, it was the vice versa. It was proven so from the survey conducted by the researcher where in one of the questions, the researcher discovered that the 96% of the Gen-Z youths believes that they are able to keep their personal or sensitive online data save but in another question, it was revealed that the 32% of the Gen-Z respondents have not put in little to no effort in creating their passwords. Within another question, it was also revealed that 78% of Gen-Z youths agreed that they had created and used the same passwords for various personal accounts. It is also revealed in recent studies that most of the Gen-Z youths are more open or encouraged to the idea of balancing between their desirability for a greater personalised experience and their concerns on security/privacy issues. However, generation Z are 25% more prone opt for a digital world compared to generation X and boomers, where in that digital world applications and websites have the ability to forecast and deliver what the user requires at any period of time. Here, the Gen-Z youths which accounts to 45% of total Gen-Z respondents were willing to give out their data in order to experience a more personalised environment at the cost of their privacy. The Gen-Z youths founds a website in which the website fails to predict the items they wanted, about 50% of the Gen-Z respondents will halt their activity on that website and stop

In conclusion, it can be seen that despite the concerns for cyber security, some of the youths are behaving overconfidently towards their ability to protect themselves from cyber incidents while some behavioural patterns seen in youths presently are their willingness to trade their privacy just for some personalised environment or experience. One way to solve these behavioural problems is by creating or promoting security awareness on their behaviour. There could be different ways to solve them, thus this indicates that there is more work and research to be done on the topic of SMD information security and its relationship with the main users of

Various researches had been established and conducted that was looking into the relationship between awareness of security and customer trust. There are possibility of risk associated with their transaction such as trust as well as privacy risk when a vendor or an organisation requested users to provide information that are considered irrelevant for the transaction such as asking questions on the user's age or gender. Trust amongst public towards organisations or corporations had been deteriorating for the past few years and one of the main rationale behind the drop of public trust is due to the advancement of cyber crime and cyber criminals,

Their study further revealed that there is a strong relationship between cyber security and user's assurance or trust towards an organisation. In the study, 53% of the respondents revealed that their perception of an organisation as a brand that can be trusted were based on the strict and meticulous security measures they had

associated with cyber crimes which includes fraud and identity theft.

**136**

visiting it.

mobile device, the Generation Z.

*Effect of security awareness to customer trust.*

especially within this technologically advanced era.

In summary, with the increase in SMD usage contributed by the Generation Z youths, it is expected that more cyber attacks or incidents such as malware will be aimed towards the mobile device users. The study is aimed at measuring the level of smart mobile device security and privacy awareness. Firstly, a survey questionnaire was conducted in order to measure the level of awareness of SMD security amongst Generation Z youths.

The major findings of the survey showed that on average 43% of the users rarely changed their network and mobile screen password. It is also found out that over 56.1% users have never read the EULA policy before installing any applications and about 43.8% users always stay logged in after using their personal accounts. Additionally, more than 50% of users have stored sensitive data within their mobile device but 61.4% users have not installed any security software or applications to their mobile device, thus making their sensitive data vulnerable to cyber attacks.

Secondly, a new framework have been proposed in order to increase the awareness level of mobile device users which is based on the security behaviours exhibited by SMD users. Within the framework, it is highlighted that in order to increase the level of SMD security and privacy awareness, users need increase their level of awareness on security behaviours by understanding the importance and rationale behind various cyber security behaviours.

## **Author details**

Heru Susanto1,2,3

1 School of Business, Universiti Teknologi Brunei, Brunei

2 Research Centre for Informatics, the Indonesia Institute of Sciences, Indonesia

3 Information Management, Tunghai University, Taiwan

\*Address all correspondence to: heru.susanto@utb.edu.bn; heru.susanto@lipi.go.id

© 2021 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
