UNIVERSITEIT LEIDEN
Cyber aware citizens
Examining the effect of cybercrime victim experiences and concerns about cybercrime on the
online behaviour of citizens from various EU countries
J.P.F. Mertens – s1535552
Supervisor: Prof.dr. van den Berg
13-01-2019
TABLE OF CONTENTS
AKNOWLEDGEMENT ...2
ABSTRACT ...3
1 INTRODUCTION ...5
1.1 RESEARCH QUESTION ...6
1.2 ADDED VALUE AND RELEVANCE OF THE RESEARCH ...6
1.3 THESIS OUTLINE ...7
2 THEORETICAL FRAMEWORK ...8
2.1 THE RISE OF INTERNET USAGE ...8
2.2 (ONLINE) BEHAVIOUR OF INDIVIDUALS ...8
2.3 CYBERCRIME ...9
2.4 CONCERNS ABOUT CYBERCRIME ... 10
2.5 HYPOTHESES AND CONCEPTUALIZATION ... 13
3 METHODOLOGY ... 16 3.1 RESEARCH DESIGN ... 16 3.2 OPERATIONALIZATION ... 17 3.3 DATA COLLECTION... 20 3.4 VALIDITY ... 20 4 ANALYSIS ... 22 4.1 DESCRIPTIVE STATISTICS ... 22
4.2 THE EFFECT OF CYBERCRIME ON INTERNET USERS ... 23
4.3 DIFFERENCES BETWEEN COUNTRIES ... 33
5 CONCLUSION ... 37
5.1 DISCUSSION OF RESULTS ... 37
5.2 LIMITATIONS ... 39
5.3 RECOMMENDATIONS ... 40
AKNOWLEDGEMENT
In February 2018, I decided to enrol for a second master program, Crisis and Security Management (CSM). I was already enrolled in the master Public Administration for half a year, but I chose to enrol because my progress was good and I was really interested in some of the courses and topics of Crisis and Security Management. One of the first courses that I followed was Introduction into Cyber Security, which I found very interesting and enjoyable. That is also why I decided to write my thesis on a topic related to cyber security.
Because I also had to finish courses from my Public Administration master, it was sometimes quite hard to combine the two programs. However, I learned a lot from both the master programs and I am glad that I chose Crisis and Security Management as a second master program, because it sparked my interest for cyber security.
I would like to thank my supervisors, Prof. dr. van den Berg and Dr. Mazepus for giving me feedback and help me finish this thesis.
Joost Mertens
ABSTRACT
Over the past few years, the level of internet use has been increasing. Not only did more people around the world start using the internet, people also spent more time on the internet. With the rise of the internet, the volume of cybercrime increased as well. It is therefore possible that individuals take the risks of cybercrime in consideration when using the internet. They might even adapt their online behaviour because of these concerns about cybercrime. This has been examined in this thesis with the following research question.
To what extent do concerns about becoming a victim of cybercrime and cybercrime victim experiences change the online participation of citizens from various EU countries?
To answer this research question, a deductive quantitative research with the statistical program SPSS has been conducted. The data is obtained from the Eurobarometer questionnaire, which is a survey held among citizens of EU member states on different topics. For this study, s specific questionnaire with the topic of cyber security is chosen and six countries were selected to be compared (Netherlands, Estonia, Sweden, Portugal, Slovenia and Romania). Those countries are chosen because of their score on the ICT development index (2014) and the Global Cybersecurity Index (2015), published by the International Telecommunications Union. Five sub-questions are used to help answer the research question.
SQ1: To what extent do cybercrime victim experiences affect concerns about becoming a victim of cybercrime?
In all three regressions a positive correlation was found between concerns about a specific cybercrime and victim experiences of that crime. Moreover, a higher frequency of victim experiences increases the odds of the respondent being concerned about cybercrime even further. The answer for sub question 1 therefore is: people with cybercrime victim experiences have a higher chance of being concerned about becoming a victim of cybercrime again.
SQ2: To what extent does internet usage affect concerns about becoming a victim of cybercrime?
For sub question 2, no conclusions can be drawn, as the correlations between internet usage and concerns about cybercrime were not statistically significant. The answer for sub question 2 therefore is: based on the results in this thesis, it is not clear if internet usage affects a persons concerns about becoming a victim of cybercrime.
SQ3: To what extent does being informed about cybercrime risks affect concerns about becoming a victim of cybercrime?
For the cybercrime of identity theft it was shown that being better informed increased the odds for being concerned about identity theft. The results for the cybercrime of banking fraud indicated a similar effect. The answer for sub question 3 therefore is: The results suggest that being informed about cybercrime risks increases concerns about becoming a victim of cybercrime.
The results of the three logistic regressions that are reported in the analysis show a positive correlation between concerns about becoming a victim of cybercrime and reducing online participation. The answer for sub question 4 therefore is: concerns about becoming a victim of cybercrime reduces online participation of respondents.
SQ5: To what extent do concerns about becoming a victim of cybercrime differ between EU countries?
It was shown that respondents from the three countries that perform well on the ICT development index and the Global Cybersecurity Index, generally are less likely to be concerned about cybercrime in the three examined categories than the other three countries. What was remarkable is that while the three “low” performing countries on these indexes were more concerned, they would not share less information because of cybercrime concerns. Data about cybercrime is not widely available, but the malware infection rate suggested that the “low” performing countries had higher numbers of malware infection. It was suggested that some of the differences could be explained by the Hofstede uncertainty dimension, although the sample of countries was too small to draw valid conclusions.
To what extent do concerns about becoming a victim of cybercrime and cybercrime victim experiences change the online participation of citizens from various EU countries?
With the answers of the sub questions it is possible to formulate an answer on the research question of this thesis: In this thesis it was shown that there are several factors that could explain the level of concerns about cybercrime of an individual, such as victim experiences, gender or country or residence. The data showed that concerns about cybercrime in turn could reduce the online participation of an individual. It is however not easy to generalize the results of this study, as only 2014 has been examined. Moreover, the results of this study can be outdated because new cyber threats have emerged since 2014. For future research it might therefore be useful to examine other periods and also other cybercrimes.
1 INTRODUCTION
Cyber threats have become an increasingly important issue over the last decade. Cyber threats like viruses, malware and ransomware could cripple computers and steal personal information. Over the past years, the costs of these cyber related crimes have been increasing dramatically (FBI, 2017) and the cyber landscape has changed. Whereas online fraud with goods and services has been around for some time now, the use of ransomware is a more recent cybercrime activity (Secureworks, 2017). In the US alone, the total losses caused by cybercrime from 2013-2017 are as high as $5.52 billion and this figure is based only on actual complaints (FBI, 2017). There are however also many victims of cybercrime that do not report cybercrimes committed to them or internet users that are unaware that they are victims of cybercrime. The actual worldwide monetary and emotional damage caused by cybercrime is therefore even higher than the numbers that are presented in official reports such as the FBI report. It is likely that the amount of cybercrime incidents as well as the costs of cybercrime will continue to rise, as the number of internet users as well as devices that make us of the internet will continue to grow. Gartner, an advisory company in the ICT sector, expects that by 2020 20 billion devices or things will be connected to the internet (Hung, 2017, p.2). This means that people all over the world will become more dependent on the internet and internet devices, but also possibly encounter more cybercrime incidents.
Although the risk of cybercrime is present, businesses, governments and individuals still want to exploit and utilize the many benefits that the internet has to offer. It is therefore interesting to examine if awareness of cybercrime risks or being a victim of cybercrime influences internet users. Internet users are a very large group of people, given that the International Telecommunications Union (ITU) predicted that more than 50% of the global population will use the internet in some way in 2018 (ITU, 2018). Internet users that can be affected by cybercrime are for example people that use email and receive spam, or people that buy goods and services via the internet and are confronted with purchase fraud, identity theft or credit card fraud. It is possible that an individual is more reluctant to use the internet after an experience with one of the above-described cybercrimes (Riek, Bohme & Moore, 2016, p 11). When the cyber domain is avoided, the risks of being a victim of cybercrime are lower, but this also means that a person cannot have the benefits such as online communication, online banking or online shopping. In a certain way, avoiding these online activities also creates cybercrime costs, because of the indirect opportunity costs; if users do not use the internet for a certain activity, it will cost them more time or money to execute the same activity offline (Riek et al., 2016 p.1).
It is therefore possible that individuals take the risks of cybercrime in consideration when using the internet. Being a victim of cybercrime could make individuals even more aware of cybercrime risk. On the other hand it is also possible that individuals underestimate cybercrime risks or choose to ignore them. This presupposes that people are aware and that they have the skills to counter those cybercrime risks. In this research, the relation between concerns about cybercrime risk, cybercrime victim experiences and online behaviour of individuals is analysed, in order to gain insights with regard to internet user behaviour.
1.1
RESEARCH QUESTION
The research goal of this thesis is to examine how and if the online behaviour of individuals is related to their concerns about cybercrime risks. It is possible that individuals want to avoid or lower online activities such as online shopping or online banking because they have a more concerns about cybercrime or have been victim of cybercrime. Other factors like gender, internet usage or culture differences could also have an impact on these concepts. To examine this, cyber behaviour data from some EU countries will be examined.
The following research question will be used to guide the research:
To what extent do concerns about becoming a victim of cybercrime and cybercrime victim experiences change the online participation of citizens from various EU countries?
The research will further be guided by the following sub questions:
SQ1: To what extent do cybercrime victim experiences affect concerns about becoming a victim of cybercrime? SQ2: To what extent does internet usage affect concerns about becoming a victim of cybercrime?
SQ3: To what extent does being informed about cybercrime risks affect concerns about becoming a victim of cybercrime?
S4: To what extent do concerns about becoming a victim of cybercrime affect online participation? SQ5: To what extent do concerns about becoming a victim of cybercrime differ between EU countries?
1.2
ADDED VALUE AND RELEVANCE OF THE RESEARCH
In the academic literature there is already some research on the topic of the effects of cybercrime victim experiences on online behaviour (Henson, Reyns & Fisher, 2013; Riek, Bohme & Moore, 2016; Virtanen, 2017; Jansen & Leukfeldt, 2018). The literature on victim experiences and behaviour is even more extensive. Both the paper of Riek, Bohme and Moore (2016) as well as the paper of Virtanen (2017) use Eurobarometer data to study the effects of concerns about cybercrime on online behaviour and this thesis builds on some of their conclusions and explorations. The research in this thesis is of added value however, because both previous papers focus on a different wave of the Eurobarometer; Riek et al. (2016) analyse the first questionnaire of the Eurobarometer on which dates from 2012 and Virtanen (2017) uses the second questionnaire from 2013. In the research of this thesis, the third wave from 2014 will be analysed. Moreover, both Riek et al. and Virtanen suggest the exploration of differences between EU countries for future research (2016, p.12; 2017, p.336), which is also included in the research of this thesis. Because of this comparative aspect, the research of this thesis can be of added value to the current academic literature.
This research can also be of societal importance. As is suggested in the introduction, the amount of internet connected individuals and devices is rising and it is therefore likely that the volume of cybercrime will also continue to rise. The research of this thesis can provide insights in the concerns about cybercrime risks of internet users, as well as how these risks influence their online behaviour. This can be useful for example for policy makers or online service providers. With this knowledge, they can inform internet users about specific threats
such as online fraud or identity theft, so to better protect internet users. The comparative aspect of this study can also show differences between countries, which might indicate that some countries are performing better in for example creating awareness or prosecuting cybercrime offenders. These types of results can also be of societal relevance, because they enable policy makers to adopt policies of other countries which are more successful in limiting cybercrime.
1.3
THESIS OUTLINE
In the first chapter the background and the research goal of this thesis has been explained. In chapter two, the theoretical framework will be clarified. Concepts of cybercrime, concerns about cybercrime and victim experiences are crucial in this thesis and will therefore be explained and explored through the available relevant literature on these concepts. Based on the literature and the research questions, hypotheses will also be defined in chapter two. After the theoretical framework has been explained, the third chapter will explicate the methodology of this thesis. In chapter four, the actual analysis is described and the results are explained. The last chapter will conclude and will shed a light on possible limitations of the research.
2 THEORETICAL FRAMEWORK
2.1
THE RISE OF INTERNET USAGE
According to numbers of the International Telecommunication Union, the number of internet users has increased rapidly over the last 20 years. While in the year 2000 there were around 400 million internet users, in 2015 the number of internet users reached 3.2 billion (ITU, 2015b). The internet has multiple advantages which could boost the efficiency and effectiveness of users. Through the internet, people are able to communicate, or trade goods and services with people from the other side of the world. Unfortunately, there are also aspects of the internet that could be used for crime. The borderless nature of the internet and the fact that it is relatively easy to stay anonymous, make it possible to steal (online) identities, deceive buyers of online goods and to commit bank fraud. It is likely that the amount of cybercrime incidents, as well as the costs of cybercrime will continue to rise, as not only the amount of internet users is still growing, but also the amount of devices that use the internet. Moreover, while the costs of the damages of cybercrime could increase, the prevention of cybercrime will also become more costly as more people and devices will be connected in the future. Gartner, an advisory company in the ICT sector, expects that by 2020 there will be 20 billion devices or things that are connected to the internet (Hung, 2017, p.2). If those devices and users of internet devices do not become more secure and aware of cybercrime risks it is likely that the costs of cybercrime will continue to rise.
Because more people have started to use the internet as well as use the internet more frequently, the risk of encountering cybercrime has also increased. Being the victim of cybercrime can have an impact, both emotionally as well as financially and therefore users could perceive victim experiences as a risk. This is for example shown in the research of Jansen and Leukfeldt (2018), where the authors show that victims of phishing and malware attacks do not only experience financial damage, but also physiological and emotional effect. When internet users have this perceived risk of becoming a victim of cybercrime, internet users could change their behaviour, like updating their security measures. It is also possible that people will alter their internet usage, like limiting the amount of online purchases or the sharing of personal information. On the other hand it could be that victims do not change their behaviour at all. This will be further explored in the research of this thesis. The concepts of cybercrime, concerns about cybercrime and online behaviour will be explained extensively in the next part of this chapter.
2.2
(ONLINE) BEHAVIOUR OF INDIVIDUALS
Information and communications technology (ICT) has provided societies with opportunities of increased efficiency and productivity (Cardona, Kretschmer & Strobel, 2012). Not only has ICT provided benefits for existing and new businesses, for individuals ICT also has made a big impact. Online shopping enables individuals to compare and buy goods and services from all over the world and online banking provides an effective way of accessing and handling financial transactions. Online services also changed the way we communicate with each other: email and social networks have made it easier to communicate with people from all over the world (Riek et al., 2016). Not only communication with other people changed, also communication with the government is increasingly carried out by digital means. It seems that the impact of ICT on people’s lives keeps on intensifying.
People game online, watch television online and in the near future may be transported by autonomous cars which communicate with their surroundings through the internet.
While ICT can provide people with the possibility of increased efficiency and productivity, this does not mean that every individual will use the internet to the same extent or in the same way. Certain characteristics of individuals can influence their internet usage such as age, income or home country (Vicente & López, 2006). Internet users also have different motives for using the internet. A study by Papacharissi and Rubin (2000) identifies motives for internet usage in five different categories: interpersonal utility, pass time, information seeking, convenience and entertainment. The study also shows that these motives predict internet usage and the perception of the internet. A person who uses the internet for interpersonal utility, convenience and entertainment will probably use the internet more than a person that only uses the internet for information seeking.
While people can have different motives for using the internet, it is also possible that they encounter aspects that may deter them from using the internet. This is for example when people are confronted with cybercrime activities. When people are aware of the risks of becoming a victim of cybercrime they could change their internet usage or online behaviour. The study of Featherman and Pavlou (2003) for example shows that concerns about risks negatively influence the decision to use the internet. More concerns about, for example, cybercrime could cause people to restrict their internet usage, or the use of certain online services, such as online banking. While a person could also update their security settings to address their concerns about cybercrime, the focus of this thesis is to examine if these concerns about cybercrime actually lead to restrictions in internet usage and online services. This will be further explained in sub-chapter 2.5, where the hypotheses are described.
2.3
CYBERCRIME
As is mentioned in the introduction, cybercrime causes massive monetary costs every year for both public and private organisations. Although it is already hard to estimate the direct monetary value of cybercrime, there are more factors that make it even harder to assess the total cost of cybercrime. Some crime is not reported or maybe even undetected. This is important to keep in mind throughout this thesis, as it may have an impact on the results that are presented. Another aspect that makes it hard to examine cybercrime in general is that cybercrime has many aspects that should be taken into account when the concept is used. Is cybercrime only existent in the online domain, or can cybercrime include activities that only use certain online tools? Are cyber espionage and cyberterrorism included or is cybercrime only about economic crime? Questions like these show the difficulties regarding the definition of cybercrime.
Other elements are important to take into account when cybercrime is compared with traditional crime. This comparison is important because traditional crime has been researched extensively. Laws and policy are based on traditional crime. Cybercrime however is a new type of crime and research on cybercrime, as well as legislation is still limited when compared to the research on traditional crime. Two of the differences to be mentioned are the transboundary element and the privacy element (Grabosky, 2001). The fact that cybercriminals can commit crimes from the building across the street as well as from the other side of the world makes it hard to identify and to prosecute cybercriminals. Moreover, it has become easier for criminals to target a large number of people. The
privacy element also plays a role in the distinction between traditional and cyber related crimes. On the one hand, it is relatively easy for a cybercrime offender to remain anonymous and on the other hand, it is easier for cybercriminals to obtain information about potential targets, as a lot of personal information about individuals can be found on the internet.
There are however also many similarities between traditional crime and cybercrime. The motivation for cybercrime offenders for example is often the same. Motives like greed and lust are fundamental to traditional crimes like theft and rape, much the same as in the cyber domain (Grabosky, 2001). Cybercrimes related to money are based on a motive of greed, while child pornography crimes are related to a motive of lust. Another similarity between traditional crime and cybercrime can be seen in the monitoring of public space and cyberspace. Just as with public space, the police will only be present in a few parts of cyberspace but cannot be everywhere at the same time. The individual in both spaces has to be reliant on some form of self-defence (Grabosky, 2001, p.248). People with low self-defence are more likely to fall victim to cybercrime.
Because this thesis is for a large part about the topic of cybercrime, it is important to define cybercrime in this thesis. As the empirical analysis will be based on the results of the Eurobarometer questionnaire, the definition of the European Union (EU) will be applied in this thesis. The Eurobarometer questionnaire is a survey initiated by the European Commission, so both the Eurobarometer and the EU definition match. The EU uses the following definition for cybercrime: “Cybercrime consist of criminal acts that are committed online by using electronic communications networks and information systems.” (European Commission, n.d.). The EU further specifies cybercrime in three categories: crimes specific to the internet, crimes about online fraud and forgery and crimes related to illegal online content. Crimes specific to the internet include crimes such as attacks against websites, hacking or the spreading of viruses. Online fraud consists of for example identity theft, spam and phishing. The last category, illegal online content, entails crimes such as child pornography materials or the spreading of extremist materials.
While this definition of cybercrime is used in this thesis, it goes beyond the scope of this thesis to examine cybercrime in all the three categories. In this thesis the focus will be on crimes related to online fraud like identity theft, purchase fraud and online banking fraud, because there is not enough data available to examine cybercrime in the categories of crimes specific to the internet and crimes related to illegal online content. This will be further explained in sub-chapter 2.5, where the hypotheses are described. It is important to keep in mind however that there are more possible cybercrimes that can be analysed.
2.4
CONCERNS ABOUT CYBERCRIME
Using the internet involves certain risks. Some of these risks are be related to cybercrime, such as becoming a victim of purchase fraud or internet credit card stealing. In the literature concerns about risks are also called perceived risk (Liebermann & Stashevsky, 2002; Featherman & Pavlou, 2003). There are studies that indicate that perceived risk influences the decision to use the internet (Featherman & Pavlou, 2003; Kesharwani & Singh, 2012; Martins, Oliveira & Popovič, 2014). The focus of this thesis is on three specific cybercrimes in the category of online fraud and in the Eurobarometer questionnaire, respondents are asked how concerned they are
about becoming a victim of these specific cybercrimes. Some studies which use the Eurobarometer questionnaire as well translate these concerns about becoming a victim to perceived risk of becoming a victim (Riek et al. 2016; Virtanen, 2017). In this thesis the concept of concerns about becoming a victim will be used, because it matches the questions of the Eurobarometer and it is easier to understand. Because the concept of perceived risk is used in most of the literature however, it is necessary to address this concept of perceived risk.
The concept of perceived risk originated in a purchasing context and in this context there is already a lot of research on the concept of perceived risk. (Pires, Stanton & Eckford, 2004). An important part of perceived risk is the probability of a loss (Featherman & Pavlou, 2003; Pires et al. 2004). It is therefore not strange that when perceived risk is used to explain online behaviour, most research focuses on the effect of perceived risk on online purchases and online banking. Perceived risk does not per se have to be linked to a probability of loss. Perceived risk in a cybercrime context can also be related to concerns about encountering extremist or pornographic content. In that case the probability of psychological or social damage is more important.
The study of Liebermann and Stashevsky (2002) mentions several concerns of people about internet usage. The concerns that relate to cybercrime include for example “internet credit card stealing”, “supplying personal information” and “not supplying internet products purchased”. These concerns about cybercrime are influenced by variables such as victim experiences, media effects and demographic factors (Riek et al., 2016; Virtanen, 2017). In his study Alshalan finds for example that older people generally have more concerns about cybercrime than younger people and that females have more concerns about cybercrime than males (2006, p.120). The impact of victim experiences on concerns about cybercrime which is found in some of these studies (Alshalan, 2006; Riek et al., 2016; Virtanen, 2017) will be further discussed in the next sub-chapter.
While there are several factors that can influence a person’s concerns about cybercrime, cybercrime concerns on itself can also have an impact on other concepts. In this thesis a possible relation between cybercrime concerns and online participation is examined. Both the paper of Bohme & Moore (2012) and Riek et al. (2016) show that concerns about cybercrime increase the avoidance intention from online services. The findings in those papers are important for this thesis, as research on the correlation between cybercrime concerns and online participation is limited (Riek et al. 2016, p.4). When individuals want to take action to lower their actual risk of becoming a victim of cybercrime, one of the options is to reduce their internet usage. This can be done in the form of reducing online purchases or less online banking. There are however also other actions that individuals could take to lower the actual risk of being a victim of cybercrime, such as limiting their online available personal information or updating their security settings. For this thesis however the focus will be on the cybercrime category of online fraud and therefore three specific actions will be examined: making less online purchases, less online banking or sharing less personal information online.
2.4.1. VICTIM EXPERIENCES
As was mentioned before, cybercrime victim experiences are related to concerns about cybercrime. In the research of Riek et al. (2016), victim experiences plays a pivotal role in the relation between concerns about cybercrime and online behaviour. In their theoretical framework they conclude that some of the prior research on the relation between victim experiences and concerns about becoming a victim finds strong effects, while other studies find weak or no effects (Riek et al., 2016, p.3). In their own research, which focusses specifically on cybercrime victim experiences and cybercrime concerns, they find evidence for a positive effect between the two variables. A similar study was conducted by Virtanen (2017), also demonstrating that the traditional literature on victim experiences and concerns about becoming a victim is extensive. In her research Virtanen finds evidence that concerns about becoming a victim of cybercrime increases as a result of cybercrime victim experiences (2017).
Because there are different kinds of cybercrimes, there are also different kinds of cybercrime victim experiences. Different cybercrime victim experiences will have a different impact on the victim. Encountering child pornography or extremist materials will generally have a more emotional impact, while purchase fraud or credit card fraud both have an emotional impact and monetary consequences. Because of these different kinds of cybercrime, concerns about becoming a victim of cybercrime are not only related to concerns about a (monetary) loss, but also related to psychological concerns.
As has been mentioned before, there are various cybercrimes that can be examined in various categories. In this thesis however, the focus will be on three specific cybercrimes related to online fraud and therefore also on three victim experiences of specific cybercrimes related to online fraud.
2.4.2. PERSONALITY TRAITS
While concerns about cybercrime can be influenced by victim experiences, they are also dependent on the personality traits of the individual. Bada, Sasse and Nurse (2019) mention in their study that personal factors are the main influencers of behaviour. For online behaviour personal factors are important as well. The research of Nicholson, Soane, Fenton‐O'Creevy and Willman (2005) shows that risk propensity is rooted in personality and Van de Weijer and Leukfeldt (2017) indicate that there are specific personality traits that relate to cybercrime victimization.
There are some studies that indicate that low self-control is an important predictor for cybercrime victimization. Holtfreter, Reisig and Pratt argue in their study that low self-control significantly increases the likelihood of becoming a victim of fraud (2008). The same result is found by Pratt, Turanovic, Fox and Wright (2014) and they argue that the effect of self-control is even stronger when it comes to predicting noncontact forms of victimization. This is therefore especially relevant for online victimization.
These personality traits can be a factor in explaining cybercrime victim experiences. It is however not possible to take the factor of self-control or any personality traits into account within the scope of this thesis. This is therefore a limitation which should be considered when interpreting the results.
2.4.3. OTHER FACTORS
Concerns about cybercrime can also be influenced by other factor. Research by Roberts, Indermaur and Spiranovic (2013) shows for example that the concerns about traditional crime influences concerns about cybercrime. Another factor that can influence concerns about cybercrime is internet use as well as internet use frequency (Roberts, Indermaur, Spiranovic, 2013). On the one hand, it can be expected that individuals who uses the internet frequently have a higher probability of becoming a victim of cybercrime. On the other hand it is also possible that individuals that use the internet more often have more knowledge about cybercrime and are more aware of the threats, which lowers their concerns about cybercrime. This relation is examined in sub question 2.
Another factor that could influence concerns about cybercrime is the level of awareness or risks of a person. Riek et al. (2016) examine how media awareness of cybercrime risks influence concerns about cybercrime but find no evidence, while Virtanen (2017) finds that knowledge of risks does predict concerns about cybercrime. Given that the results are mixed, the relation between being informed about cybercrime risks and concerns about cybercrime will be examined as well in this thesis.
Other factors that could influence concerns about cybercrime are cultural factors. This can relate to culture of a social class but also to country specific culture. Some cultures might have norms and values which are more concerned with privacy for example. This can therefore affect internet behaviour and concerns about cybercrime. While a direct link between cultural factors and concerns about cybercrime has not been established yet, research by Dinev, Goo, Hu and Nam shows that cultural factors play a role in the decision of using protective information technologies (2009). Im, Hong and Kang also conclude that acceptance of technology varies across cultures (2010).
Differences in concerns about cybercrime between countries and cultures can also be explained by the level of uncertainty avoidance. This culture specific variable was provided by Hofstede, as one of his six dimensions that can explain cultural differences. Hofstede argued that cultures with high uncertainty avoidance would tend to be less risk taking (Hofstede, as cited in Bontempo, Bottom, & Weber, 1997, p.483). A person who is more risk averse will perceive risks higher than a person who is not very risk averse. For this thesis that could mean that respondents from countries (or cultures) with a high score on the uncertainty avoidance dimension of Hofstede will generally have more concerns about cybercrime.
2.5
HYPOTHESES AND CONCEPTUALIZATION
Based on the literature, assumptions and hypotheses can be made that will help answer the research questions. In this part, the hypotheses that will be tested in the analysis will be described. The four hypotheses are related to the first four sub questions, because these specify a possible correlation between two concepts. Sub question five is a broader question and is therefore not defined in a hypothesis.
As has been described in this theoretical framework, people will use the internet for various motives like entertainment or convenience. There are however also risks involved with these aspects of internet use, such as becoming the victim of cybercrime. When it comes to online banking for example, people can be concerned
about becoming the victim of online banking fraud. As has been suggested in the literature, those concerns could lead to people restricting their use of online services such as online banking. This is what will be examined in this thesis. The literature however also suggested that there are various factors that could influence the concerns that people have about cybercrime. Therefore, it will be first examined if those factors actually influence concerns about cybercrime.
What is important to keep in mind is that the research question focusses on online participation. Therefore, three categories of online behavioural change are chosen that represent a change in online participation: less online banking, less online purchases and less online sharing of personal information. Those three behavioural changes are then linked to specific concerns about cybercrime, which are in turn linked to victim experiences of these cybercrimes. That is why the cybercrimes of identity theft, purchase fraud and banking fraud are the three examined cybercrimes in this thesis. While it is possible that a victim experience of one cybercrime leads to concerns about other cybercrimes, it is beyond the scope of this research to examine this.
The literature suggested that victim experiences play a role in the concerns that people have about cybercrimes. Therefore the following hypotheses are stated:
Hypothesis 1a: Individuals that have been the victim of identity theft have more concerns about becoming a victim of identity theft
Hypothesis 1b: Individuals that have been the victim of purchase fraud have more concerns about becoming a victim of purchase fraud
Hypothesis 1c: Individuals that have been the victim of bank card or online banking fraud have more concerns about becoming a victim of banking fraud
As can be seen in the hypotheses, the victim experiences of specific cybercrime are linked to concerns about such cybercrimes. While it is possible that people are concerned about a cybercrime while they have been a victim of another cybercrime, it is most likely they are concerned about banking fraud if they have actually been the victim of banking fraud.
Hypothesis 2: Individuals with a higher internet usage have more concerns about becoming a victim of identity theft / purchase fraud / bank card or online banking fraud
The research of Roberts, Indermaur and Spiranovic (2013) indicated that the amount of internet usage influenced concerns about cybercrime. Therefore, this hypothesis is included to examine such a correlation.
Hypothesis 3: Individuals that feel better informed about cybercrime risks have less concerns about becoming a victim of identity theft / purchase fraud / bank card or online banking fraud
This hypothesis is used to examine if there is a relation between feeling informed about cybercrime risks and concerns about cybercrime. It is possible that an individual that feels well informed about cybercrime risks has more concerns about cybercrime risks, because the information about cybercrime risks can be confronting. On the other hand, a well-informed individual can also have no concerns about becoming a victim of cybercrime,
because he or she knows that the risks of becoming a victim are low. It is important to keep in mind that feeling better informed does not mean that the individual is actually being better informed.
Hypothesis 4a: Individuals with more concerns about becoming a victim of identity theft are less likely to give personal information on websites
Hypothesis 4b: Individuals with more concerns about becoming a victim of purchase fraud are less likely to buy goods or services online
Hypothesis 4c: Individuals with more concerns about becoming a victim of bank card or online banking fraud, are less likely to bank online
As has been stated before, this thesis focuses on how and if cybercrime concerns reduce online participation. Therefore, three categories of online behavioural change are chosen that best represent a change in online participation: less online banking, less online purchases and less online sharing of personal information. These are tested in hypotheses 4a, 4b and 4c.
3 METHODOLOGY
3.1
RESEARCH DESIGN
The purpose of this research is to examine what the impact of cybercrime victim experiences and concerns about cybercrime are on the online behaviour of individuals. This will be done in a deductive quantitative design with the statistical program SPSS. To test the relations between the variables stated in the hypotheses, regression analysis will be used. Several regression models will be used test the hypotheses.
In this thesis the relations between variables are examined in a regression analysis. In equation [1], a linear regression is described in which Y represents the dependent variable or the outcome of the regression. The intercept is β0 and the independent variable is described in β1Xi. In the formula, 𝜀 is the error term. In for example hypothesis 1 – which states that individuals that have been the victim of a specific cybercrime have more concerns about that cybercrime – concerns about cybercrime is the dependent variable and therefore Y in the formula. The independent variable in this case is the variable that describes whether a respondent has been the victim of cybercrime and this is represented by X in the formula. Because both Y and X are known, it is possible to calculate β0 andβ1, where β1 explains the effect of X on Y.
𝑌
𝑖= 𝛽
0+ 𝛽
1𝑋
𝑖+ 𝜀
𝑖[1]
In most cases, the regression will include more than one independent variable. In that case the formula is expanded, which can be seen in equation [2]. When the example from hypothesis 1 is used, X2 can for example represent a control variable that describes the gender or the age of the respondent. β2 describes the effect of this particular variable on Y.
𝑌
𝑖= 𝛽
0+ 𝛽
1𝑋
1+ 𝛽
2𝑋
2+ 𝜀
𝑖[2]
In all the regressions that will be conducted for this thesis, the dependent variable Y has a binary outcome. Therefore a linear regression cannot be used. Instead a logistic regression model will be used, which is described in equation [3]. In a logistic regression, the chance that Y will have a certain value is calculated, whereas in a linear regression the exact value of Y is calculated. This is important when the results of the logistic regression are interpreted.
𝑃(𝑌
𝑖= 1) =
11+ 𝑒−(𝛽0+ 𝛽1𝑋1𝑖)
[3]
Concerns about cybercrime
Victim experiences
Concerns about cybercrime
3.2
OPERATIONALIZATION
In the theoretical framework the important concepts of this thesis have been defined. It is however also essential that these concepts are translated to variables, which is done in this operationalization.
Victim experiences
This variable is measured by three indicators that indicate different cybercrimes. Respondents are asked how often they have experienced or have been a victim of a certain cybercrime enabling them answer never (=1),
occasionally (=2), or often (=3). The question is repeated through all three Eurobarometer questionnaires, but the
possible answers vary. A definition of what is perceived as often or occasionally is not given in the questionnaire.
Table 1: Operationalization of victim experiences
Indicators victim experiences Coding
Experienced identity theft 1 = Never, 2 = Occasionally, 3 = Often Experienced banking fraud 1 = Never, 2 = Occasionally, 3 = Often Experienced purchase fraud 1 = Never, 2 = Occasionally, 3 = Often
Internet use frequency
In the Eurobarometer questionnaire, respondents are asked how many times they use the internet. As was mentioned in the theoretical framework, some people may not want to use the internet because of security risks or their concerns about cybercrime. The questionnaire is ordered in such a way that it is not possible to examine this effect however, because when a respondent mentions he or she does not use the internet, no follow-up questions are asked about for example cybercrime experiences. That is why these respondents are not included in the analysis of this thesis.
For this thesis only actual internet users are taken into account, so a five step scale of internet use frequency remains. This is reported in table 2. The fact that only actual internet users are taken into account means that for some countries a larger group can be examined than for other countries. This will be addressed in the descriptive statistics in the analysis.
Table 2: Operationalization of internet use frequency
Indicators internet use frequency Coding
Internet usage 1 = less often, 2 = two or three times a month, 3 = about once a week, 4 = two or three times a week, 5 = (almost) every day
Feeling informed about cybercrime risks
This variable is measured by one single indicator. In the Eurobarometer survey the question is asked: ‘How well informed do you feel about the risks of cybercrime?’ Respondents have four available answers ranging from not
Table 3: Operationalization feeling informed about cybercrime risks Indicators feeling informed Coding
Feeling informed about cybercrime 1 = not at all informed, 2 = not very well informed, 3 = fairly well informed, 4 = very well informed
Concerns about cybercrime
This variable can be a dependent variable (in hypothesis 1, 2 and 3) as well as an independent variable (in hypothesis 4), based on which hypothesis is tested. In this thesis, the variable is measured by three indicators indicating concerns about becoming a victim of possible cybercrime related activities: Identity theft, banking fraud and purchase fraud. Respondents have four answer options, ranging from ‘very concerned’ to ‘not at all concerned’. For this thesis the variable has been recoded into a variable with a binary outcome, which is reported in table 4. This is done to create a clearer distinction between a group that is not concerned and a group that is concerned about specific cybercrimes related to online fraud.
Table 4: Operationalization concerns about cybercrime Indicators concerns about cybercrime Coding
Concerns about identity theft 0 = not (very) concerned, 1 = at least fairly concerned Concerns about banking fraud 0 = not (very) concerned, 1 = at least fairly concerned Concerns about purchase fraud 0 = not (very) concerned, 1 = at least fairly concerned
Changes in online behaviour
This variable is operationalized in three different indicators and are these indicators are based on the hypotheses. The question in the questionnaire is focussed on how security concerns made the individual change its online behaviour. Being less likely to buy goods online, bank online, share personal information online are three of the answers possible and these three answers are the most related to using the internet less because of cybercrime risks. The possible response has a binary outcome: either yes or no.
Table 5: Operationalization change in online behaviour Indicators change in online behaviour Coding
Less online purchases 0= No, 1 = Yes
Less online banking 0= No, 1 = Yes
Share less personal information 0= No, 1 = Yes
Change in online behaviour can also include other measures that are not one of the three specific options that were mentioned before. Other changes in online behaviour however are more related to for example increasing security settings, while the three options that are selected in this case are about reducing internet use. Therefore these three options are selected because they indicate the most online behavioural change and are also associated with restricting the available options of the internet.
3.2.1. OTHER VARIABLES
The Eurobarometer questionnaires hold several other variables that can be used in the analysis. Respondent’s country is one of the characteristics, which makes it possible to compare countries. The other two included
control variables are age and gender. They are included because they can confirm the findings of previous studies which suggest that age and gender have an effect on online behaviour.
Table 6: Operationalization other variables
Indicators other variables Coding
Gender 0 = Male, 1 = Female
Age # 15- 99
Country Netherlands, Estonia, Sweden, Portugal , Slovenia, Romania
Table 6 also contains the variable country, which indicates the different countries that are analysed in this thesis. While the dataset contained data for all 28 EU member states, it is more useful for this thesis to compare only a few countries in depth. The first three countries – the Netherlands, Estonia and Sweden – are chosen because they score high on both the ICT development index (2014) and the Global Cybersecurity Index (2015) published by the International Telecommunications Union. The other three countries – Portugal, Slovenia and Romania – score relatively low on both these indexes. These scores are reported in table 7. This distinction between high and low performing countries is chosen because the results are likely to be more divided between the high and low performing group, which makes it easier to interpret the results.
Table 7: Reporting scores on the ICT development index and the global cybersecurity index
Country ICT development index Global cybersecurity index
Netherlands (NL) 8.53 0.68 Estonia (EE) 8.05 0.71 Sweden (SE) 8.75 0.65 Portugal (PT) 6.93 0.29 Slovenia (SI) 7.23 0.18 Romania (RO) 6.11 0.47
The ICT development index consist of eleven indicators that are divided in three categories. The first is ICT access, which measures for example the percentage of households with internet access. The second category is ICT use, which reports number such as the percentage of individuals using the internet. The last category is ICT skills, which is measured by for example the tertiary gross enrolment ratio. For the last category, the indicators are not measuring direct ICT skills, but they are proxy indicators and are therefore given less weight in the computation of the ICT development index (ITU, 2014).
The Global cybersecurity index consists of five categories and is published by the International Telecommunications Union. The five categories are: legal, technical, organizational, capacity building and cooperation. The legal category for example is measured on the existence of legal institutions dealing with cybercrime in a country, while the organizational category explains the existence of policy coordination institutions and strategies. These five categories are further defined into 25 indicators. The data is collected through questionnaires and this results in a score for the five categories, which are then combined in the global cybersecurity index (ITU, 2015a)
3.3
DATA COLLECTION
The data that are used to conduct this research originates for a large part from an existing dataset, which is part of the Special Eurobarometer (423). In almost all Eurobarometer surveys including the one analysed in this thesis, citizens from all EU member states are asked several questions in face-to-face interviews on different topics. The unit of analysis is therefore the respondent. For this research, the specific questions on cyber security will be used, as well as some other variables such as respondents’ country. The sampling method is a multi stage random one.
Besides the data from the Eurobarometer, some country specific data will also be collected, which is used to select the countries that will be analysed and could be used to explain some of the results. The data about malware infection rates is deducted from the Microsoft Security Intelligence Report, volume 17 (2014). The data from the two indices are deducted from reports of the International Telecommunications Union on the global cybersecurity index (2015a) and the ICT development index (2014). The Hofstede dimension of uncertainty avoidance will also be used to explain some of the country differences. This data is retrieved from the country comparison tool on the Hofstede Insights website (Hofstede Insights, n.d.).
3.4
VALIDITY
3.4.1. INTERNAL VALIDITY
Several aspects have to be mentioned about the internal validity of this research. Because the data is obtained through a questionnaire, only data about stated behaviour instead of observed behaviour is available. The variable ‘victim experiences’ is for example dependent on what the respondent answers, rather than of an objective observation. For other variables this is also the case. It is therefore not possible for example to link concerns about cybercrime in this study to actual risks.
Another aspect that is important to keep in mind throughout the thesis, is that only three types of cybercrime and three types of online behavioural change are examined. There are more types of cybercrime and there are also actions that people can take when they have concerns about cybercrime. It is for example possible that people update their security settings because of cybercrime concerns, instead of doing less online banking. As mentioned before, the online behavioural changes are chosen because they best represent an actual change in behaviour where people restrict their internet use.
A last limitation for the internal validity of this thesis is that throughout the Eurobarometer questionnaire and this thesis a certain level of cybercrime awareness is presumed. It is however very possible that internet users are not at all aware of cybercrime risks. They might therefore indicate in the questionnaire that they are not at all concerned about specific cybercrime risks, just because they are not aware of the risk. This should be taken into account when the results are interpreted.
3.4.2. EXTERNAL VALIDITY
The external validity of this research is perceived to be high, because a big sample is used. All Eurobarometer surveys contain (around the) 27.000 respondents from different social and demographic categories. The aim of
the Eurobarometer is to have (around the) 1000 respondents per country. Because only six countries are used in this thesis, the results can only be generalized for those countries.
It is however difficult to generalize the results outside the context of this study and this is because the data that is used dates from 2014. The results of this thesis can therefore be outdated.
4 ANALYSIS
4.1
DESCRIPTIVE STATISTICS
In this chapter, the data is analysed and discussed. The first part of this chapter focusses on some of the basic elements of the data such as the distribution of internet users across countries. The second part of this chapter is aimed at the hypotheses and the effects between variables in general will be examined. In 4.3, differences between countries will be explained.
In table 8, descriptive statistics are included of the variables that will be used in the analysis. The coding of these variables in the dataset is included as well. What can be seen in this table is that the number of respondents varies between countries. This is because when respondents mention they never use the internet in the Eurobarometer, some questions are not relevant to ask anymore. In this thesis those respondents are not included in the analysis, and that is why in some countries there are less respondents to take into account in the analysis. This is important to keep in mind when the results are interpreted.
Table 8: Descriptive statistics of included variables
Variable Coding Sample
M SD N
Country
Netherlands (NL) 0 = other country, 1 = NL - - 990
Estonia (EE) 0 = other country, 1 = EE - - 712
Sweden (SE) 0 = other country, 1 = SE - - 924
Portugal (PT) 0 = other country, 1 = PT - - 539
Slovenia (SI) 0 = other country, 1 = SI - - 664
Romania (RO) 0 = other country, 1 = RO - - 516
Concerns about identity theft 0 = not (very) concerned, 1 = at least fairly concerned 0,56 0,496 4241 Concerns about banking fraud 0 = not (very) concerned, 1 = at least fairly concerned 0,54 0,498 4211 Concerns about purchase fraud 0 = not (very) concerned, 1 = at least fairly concerned 0,42 0,495 4107 Experienced identity theft 1 = Never, 2 = occasionally, 3 = often 1,06 0,287 4284 Experienced banking fraud 1 = Never, 2 = occasionally, 3 = often 1,07 0,289 4301 Experienced purchase fraud 1 = Never, 2 = occasionally, 3 = often 1,11 0,352 4276
Internet usage
1 = less often, 2 = two or three times a month, 3 = about once a week, 4 = two or three times a week, 5 = (almost) everyday
4,73 0,763 4345
Feeling informed about cybercrime 1 = not at all informed, 2 = not very well informed, 3 =
fairly well informed, 4 = very well informed 2,68 0,768 4329
Less online purchases 0 = no, 1 = yes 0,20 0,398 4345
Less online banking 0 = no, 1 = yes 0,13 0,334 4345
Share less personal information 0 = no, 1 = yes 0,47 0,499 4345
Gender 0 = male, 1 = female - - 4345
Age Scale (15 – 99) 47,09 17,211 4345
The descriptive statistics in table 8 provide information about the variable that will be used in the regression. When for example the three different cybercrime concerns are compared, it is shown that on average respondents are most concerned with identity theft, because the mean of this concern is higher than the mean of the other two cybercrime concerns. On average respondents are least concerned about purchase fraud. This finding is especially
interesting because the mean of victim experiences is the highest for the cybercrime of purchase fraud. This result can be explained by the fact that victim experiences with purchase fraud could have less impact than the other two cybercrimes.
The assumptions of linearity and multi-collinearity have been tested and have been met.
4.2
THE EFFECT OF CYBERCRIME ON INTERNET USERS
4.2.1. VICTIM EXPERIENCES AND CONCERNS ABOUT CYBERCRIME
In this second part of the analysis the effects of victim experiences and concerns about cybercrime risks will be further analysed. This part will be concerning the hypotheses that were established in chapter 2.5. Hypothesis 1 was divided among three sub-hypotheses which state:
Individuals that have been the victim of identity theft have more concerns about becoming a victim of identity theft
Individuals that have been the victim of purchase fraud have more concerns about becoming a victim of purchase fraud
Individuals that have been the victim of bank card or online banking fraud have more concerns about becoming a victim of banking fraud
Table 9 shows the results when it comes to victim experiences of several cybercrimes and their responding concerns about those cybercrimes. For all cybercrimes that are analysed, respondents that mention being a victim also have more concerns about the specific cybercrime. The percentage of concerned respondents increases when respondents experience one of the cybercrimes more often.
Table 9: Distribution of cybercrime victimexperiences of respondents and their concerns about cybercrimes Cybercrime victim experiences % experienced
cybercrime
Concerns about cybercrime
Not (very) concerned At least fairly concerned
Experienced identity theft Concerns about identity theft
Never 94.7% 44.9% 55.1%
Occasionally 4.1% 27.8% 72.2%
Often 1.1% 14.6% 85.4%
Experienced bank fraud Concerns about bank fraud
Never 93.3% 47.5% 52.5%
Occasionally 6.0% 27.6% 42.4%
Often 0.7% 12.9% 87.1%
Experienced purchase fraud Concerns about purchase fraud
Never 89.4% 60.6% 39.4%
Occasionally 9.6% 32.0% 68.0%
Table 10: Logistic regression reporting concerns about identity theft Independent variables
Concerned about identity theft
Model 1 Model 2
B (SE) Odds ratio B (SE) Odds ratio
Constant 0,205***
(0,032) 1,228
-0,414
(0,305) 0,661
Experienced identity theft (ref = Never)
Occasionally 0,747*** (0,171) 2,110 0,702*** (0,174) 2,018 Often 1,562*** (0,410) 4,769 1,100*** (0,417) 3,005
Internet usage (ref = less often)
Two or three times a month -0,150
(0,379) 0,861
About once a week -0,263
(0,299) 0,769
Two or three times a week -0,269
(0,264) 0,764
(Almost) everyday -0,030
(0,246) 0,971
Feeling informed about cybercrime (ref = not at all informed)
Not very well informed 0,276*
(0,143) 1,318
Fairly well informed 0,283**
(0,141) 1,327
Very well informed 0,304*
(0,163) 1,355
Gender (ref = male) 0,175***
(0,064) 1,196 Age 0,001 (0,002) 1,001 Country (ref.= NL) Estonia (EE) (0,103) 0,040 3,051 Sweden (SE) 0,105 (0,093) 1,111 Portugal (PT) 1,116*** (0,125) 1,040 Slovenia (SI) 0,296*** (0,105) 1,345 Romania (RO) 0,670*** (0,124) 1,954 -2LL 5704.476 5570.528
Cox and Snell’s R2 0,009 0,041
Nagelkerke R2 0,013 0,054
N 4190 4190
Note: Binary logistic regression coefficients with standard errors between brackets. Odds ratios. *p < .1; **p < .05; ***p < .01
In table 10 the results of the analysis of hypothesis 1a are reported. Model 1 contains the explanatory variable and model 2 includes control variables. It can be seen that the Nagelkerke R2 is relatively low. In model 2 the Nagelkerke R2 is a little bit higher so the model with the control variables fits a little bit better with the data. In model 1 the correlation between the dependent variable and the independent variable that explains if a respondent occasionally experienced identity theft is 0,747, which indicates that the odds that the respondent is concerned about identity theft are 2,110 times higher when the respondent has experienced identity theft. When a respondent often experienced identity theft, the odds that the respondent is concerned are 4,769 times higher when compared to a respondent that has never experienced identity theft. These correlations are a little bit lower in model 2, but the odds that the respondent is concerned about identity theft are still 2,018 times higher for a respondent that has occasionally experienced identity theft, compared to a respondent that has never experienced identity theft. When
a respondent has often experienced identity theft, the odds that the respondent is concerned about identity theft are 3,005 times higher. These results confirm the observations that were made in table 8.
Some of the control variables that are included in the logistic regression are also present in hypothesis 2 and 3 which state:
Individuals with a higher internet usage have more concerns about becoming a victim of identity theft / purchase fraud / bank card or online banking fraud
Individuals that feel better informed about cybercrime risks have less concerns about becoming a victim of identity theft / purchase fraud / bank card or online banking fraud
In table 10 it can be seen that the logistic regression did not provide a statistically significant result for a correlation between internet usage and concerns about identity theft. The logistic regression does provide an interesting result when the variable Feeling informed about cybercrime is analysed. The results indicate that the better the respondent is informed, the higher the odds that the respondent will be concerned about identity theft. When a respondent is well informed about cybercrime risks, the odds that the respondent is concerned about cybercrime risks is 1,355 times higher compared to a respondent that is not at all informed about cybercrime risks. This is an interesting result because it contradicts the correlation that is suggested in hypothesis 3. Another result that can be seen is that there is a positive correlation between gender and concerns about identity theft. In this case this indicates that the odds that a respondent will be concerned about identity theft is 1,196 times higher when the respondent is female.
There are also some interesting country differences shown in table 9. The correlations for Sweden and Estonia are not statistically significant, however, Portugal, Slovenia and Romania did provide a statistically significant result. The results indicate that the odds that a Portuguese respondent will be concerned about identity theft is 3,051 times higher than when the respondent is from the Netherlands. For a respondent from Slovenia the odds are 1,345 times higher when compared with a respondent from the Netherlands and for Romania the odds are 1,954 times higher.
The analysis of hypothesis 1b is reported in table 11. As in the previous table, hypothesis 2 and 3 are also included in the analysis. The model fits a little bit better with the data when compared with the previous logistic regression, especially in model 2, where the Nagelkerke R2 is 0,142. In model 1 only the explanatory variable is included and this shows a positive correlation with the dependent variable. The correlation shows that the odds that the respondent will be concerned about purchase fraud are 3,240 times higher when the respondent has occasionally experienced purchase fraud. When the respondent has often experienced purchase fraud, the odds that the respondent will be concerned about purchase fraud are even 8,127 times higher when compared with a respondent that has never experienced purchase fraud. In model two a similar effect can be seen; the odds that the respondent will be concerned about purchase fraud are higher when a respondent has occasionally experienced
cybercrime in comparison with a respondent that has never experienced cybercrime and the odds are even higher when the respondent has often experienced cybercrime.
Table 11: Logistic regression reporting concerns about purchase fraud Independent variables
Concerned about purchase fraud
Model 1 Model 2
B (SE) Odds ratio B (SE) Odds ratio
Constant -0,430*** (0,034) 0,650 (0,321) -0,316 0,729
Experienced identity theft (ref = Never)
Occasionally 1,175*** (0,111) 3,240 1,260*** (0,117) 3,524 Often 2,095*** (0,414) 8,127 1,693*** (0,424) 5,435
Internet usage (ref = less often)
Two or three times a month -0,120
(0,406) 0,887
About once a week -0,452
(0,316) 0,636
Two or three times a week -0,419
(0,276) 0,658
(Almost) everyday -0,204
(0,256) 0,815
Feeling informed about cybercrime (ref = not at all informed)
Not very well informed 0,196
(0,153) 1,217
Fairly well informed (0,150) 0,100 1,105
Very well informed 0,026
(0,174) 1,026
Gender (ref = male) 0,188***
(0,068) 1,207 Age -0,011*** (0,002) 0,990 Country (ref. = NL) Estonia (EE) 0,347*** (0,112) 3,345 Sweden (SE) -0,191* (0,105) 0,826 Portugal (PT) 1,208*** (0,122) 1,415 Slovenia (SI) 0,609*** (0,110) 1,838 Romania (RO) 0,893*** (0,128) 2,443 -2LL 5392,576 5092,265
Cox and Snell’s R2 0,037 0,105
Nagelkerke R2 0,049 0,142
N 4062 4062
Note: Binary logistic regression coefficients with standard errors between brackets. Odds ratios. *p < .1; **p < .05; ***p < .01
As in the previous logistic regression, no statistically significant result was found between internet usage and concerns about cybercrime. In the logistic regression reported in table 11, the correlation is also not significant for the independent variable and the dependent variable that indicates how informed a respondent is. For the cybercrime of purchase fraud it is therefore still possible to confirm hypotheses 2 and 3. For gender and age however a statistically significant result can be reported. The correlation shows that the odds that a respondent will be concerned about purchase fraud is 1,207 times higher when the respondent is female. For age the results
