Factors affecting users cybersecurity practices: A study of Australian microbusinesses

The current advancements in technologies and the internet industry provide users with an endless, solid tool for entertainment, communication and trade. However, this brings new challenges of simultaneous development and rising sophistication of cybercrimes. Microbusinesses use the same information technology as they would in the home but for more complex commercial reasons, and with cyber risks for these businesses being high, riskier transactions. There is currently little understanding of how small businesses can transition to a connected business model with good rewards. Cyber risks, including human error in these connected businesses are significant. Understanding how microbusiness owners understand and assess cyber risk will be particularly useful for better codes of practice aimed at making small businesses more resilient to cyber-attacks.
In order to manage a connected business, passwords are a reliable tool of authentication, and password managers are critical for users to store sensitive data such as online banking passwords, social website passwords or other login credentials. Security practitioners and experts recommend that having a password manager installed is vital for storing passwords. However, the research undertaken for this study shows such software has a minimal usage rate. Moreover, there is little research available on its adoption. This research explored why users adopt password manager software and consider it a solid tool for generating complex and strong passwords.
This study examined a sample of 502 Australian microbusiness owners who do not employ more than two people. The data was collected through an online web-based survey. This study used the protection motivation theory to examine the security intentions of individuals in the survey. Further, the technology acceptance model was used to test the adoption factors of password manager software. In addition, the role of prior experience in cybersecurity has often been found critical in technology adoption in cybersecurity practice surveys, thus its impact was also investigated. Structural equation modelling was used to determine the relationships between these variables.
The findings of this study reveal that protection motivation theory significantly predicts user intention to avoid harm from a cyber incident. Four out of five factors of protection motivation theory were identified, significantly predicting user intention to avoid harm: threat severity, response efficacy, self-efficacy and response costs. One factor, threat susceptibility, was found to be insignificant.
Of the two components of the technology acceptance model, perceived usefulness and perceived ease of use, the results indicate that only the perceived usefulness of password manager software has a significant impact on computer security usage. Perceived ease of use of the password manager software showed insignificant results. Moreover, an individual’s prior experience in cybersecurity significantly predicts the user’s computer security usage.
The findings reveal that microbusiness owners believe that having password managers is useful for password security and that it helps generate or store password protection in an encrypted format. However, perceived ease of use did not significantly impact on computer security usage. Rather, the microbusiness owners shared their concerns that password managers require too much effort. Another possible reason for the lack of use of password managers could be a lack of trust in them, whereas experienced users have better information about, and awareness of, recent cyber threats. Users with greater experience and knowledge in cybersecurity are more likely to install security software on their computers.