Mitigating Cyber Risks: Individual Cybersecurity Practices
To mitigate these threats, individuals adopt various cybersecurity practices, which can be categorized using an information skills framework. Based on Steyaert’s (2002) classification of information skills, these practices can be divided into instrumental and strategic. Instrumental practices involve basic security features, such as Face ID or password protection, while strategic practices require more deliberate actions, such as regularly updating passwords and managing cookie settings.
While cognitive studies have investigated internet users' cybersecurity behaviors (Moustafa et al., 2021), there remains a lack of sociological understanding of how individuals respond to cyber threats. Despite the increasing prevalence of cybersecurity risks, there is limited insight into the factors driving the adoption of protective measures. This research seeks to fill that gap by examining how exposure to cybersecurity threats and the use of mitigation practices are distributed across different population groups.
Using nationally representative survey data (N = 10038) collected in April-May 2024, preliminary findings reveal that 33% of internet users experienced a cyber threat in 2024. The most common incidents involved attempts to steal personal information, with 21% of respondents reporting fraudulent emails and 7% encountering fake websites. Instrumental practices were more widely adopted (70%) than strategic practices (49.6%) among internet users aged 14 and older.
This study will further investigate how socio-economic factors such as age, education, and digital literacy shape the adoption of cybersecurity practices.