Inequality in digital skills and the adoption of online safety behaviors

ABSTRACT

Cyber-safety behaviors are important in preventing the loss of an individual's digital assets and ensuring the safety of important daily online activities. Individuals’ cyber-safety is also critical for national cybersecurity. The issue is highly relevant for Israel, a country that relies on the digital capabilities of its workers for its major technology industries and is also often a target of cyberwarfare and cybercrime attacks. The purpose of this study is to identify the determinants of cyber-safety behavior. We investigate the role of age, gender and education in the use of safety-related digital skills and antivirus software. Using a 2014 survey of a national sample of Internet users in Israel (N = 1850), we found that age, gender, education and quality of access are associated with the level of users’ digital security skills. In addition, these skills and the frequency of conducting financial activities online are the main determinants of antivirus behaviors. Our results expand the understanding of cyber-safety by showing that social and digital disparities are reproduced in the use of measures to prevent online threats, putting the digitally disadvantaged at greater risk of becoming victims of online threats.

KEYWORDS:

• Digital inequalities
• cyber-safety
• antivirus
• preventive behaviors
• digital skills

1. Introduction

The goal of this study is to investigate the determinants of both safety-related digital skills and behavior designed to prevent cyber-victimization. By focusing on preventive behaviors and their link with digital inequalities, the study seeks to identify at-risk populations and pave the way towards improving cyber-safety without reducing people's participation in online opportunities and the benefits of a connected life (Livingstone & Helsper, 2013).

Concerns have been growing about the vulnerability of mobile and Internet users to malicious software (malware)threats, fraudulent online scams and identity theft that might lead to substantial economic damage (Anderson et al., 2013; Levi, 2017; McGuire & Dowling, 2013b). This study focuses exclusively on Internet users who use the Internet through their personal devices as opposed to those who access it only through devices at work. These users have fewer cyber protection guidelines and access to software than people in organizational settings (Kritzinger & von Solms, 2010).

The cyber-victimization of personal Internet users has direct and indirect social consequences. In the former category are effects on personal belongings including hardware, software and/or bandwidth underperformance, theft from bank accounts or unauthorized access to devices and private information (Clough, 2010). Indirect impacts are those that affect their social and affective lives including the loss of trust in e-commerce (thus reducing e-purchases and the adoption of e-services), loss of trust in websites, increased the difficulty in communicating with banks and threats to the national infrastructure (Anderson et al., 2013). These outcomes may lead to data and financial losses, forced disclosure of private information and hijacking of digital devices that are later used against third parties (Liang & Xue, 2010).

This topic is of particular concern for Israel, a country that has been involved in almost constant military conflict and today faces a new threat ‒ cyberwarfare (Cohen, Freilich, & Siboni, 2016). The issue of cybersecurity became salient in Israel during the early 1990s and was concerned initially with protecting computerized systems only (Baram, 2017). However, over the years this focus expanded to more general threats to networks, the national infrastructure and individuals, including protection from identity theft, denial of services and malware (Baram, 2017).

We limit the scope of our investigation to this last type of cyber threat: malware. Malicious software (malware) is a term used to describe different kinds of software that threaten the functionality, integrity and/or security of a device or network (Rowe, Halpern, & Lentz, 2012). Malware-related cyber-crimes are directed against different types of digital property: personal data, digital currency, the control of devices or the devices themselves (Yar, 2013). They are often classified as a pure type of computer-focused crime, meaning offenses that can be committed only through the use of digital devices (McGuire & Dowling, 2013b). An initial malware infection can glean data that can be used in scams, identity thefts and extortion in ransomware-like threats (McGuire & Dowling, 2013a).

Online victimization affects a substantial percentage of Internet users (Levi, 2017). Malware episodes are the most common negative experiences reported in cyber-victimization surveys, both for businesses and individual users (Dunahee & Lebo, 2016; McGuire & Dowling, 2013b). A study in the European Union found that 12% of Internet users reported having experienced online fraud and 8% were victims of identity theft (European Union, 2012). In a survey in the United Kingdom 29% of Internet users reported that their personal computers had been infected and 6% had their credit card details stolen (Blank & Lutz, 2016). The World Internet Project, a comparative worldwide study on Internet usage, found that large percentages of the population globally reported being victims of virus-infected software. Reports ranged from 30% to 55% in Australia, Italy, New Zealand, Spain, the US and Uruguay (Dunahee & Lebo, 2016). Thus, the study of the determinants of digital safety behavior among personal Internet users is a research topic that merits attention.

In studying digital safety, we argue that, like any other social behavior, the adoption of actions to prevent online threats is affected by one's standing in the social stratification system. Socio-demographic inequalities affect the adoption of technology, as well as the development of technological skills and online literacy (Robinson et al., 2015; Witte & Mannon, 2010).

1.1. Digital disparities

The research on digital inequalities studies variances in socioeconomic groups with regard to their access to and use of technologies, and the extent to which these differences affect their offline and online welfare (Van Deursen, Helsper, Eynon, & van Dijk, 2017). Such disparities are not disconnected from traditional social structures and appear to be a by-product of social status in society (Ragnedda & Muschert, 2015; Robinson et al., 2015).

The core of the digital inclusion literature agrees with the notion that an ‘ … improved uptake and engagement with ICTs leads to a range of positive outcomes for the individual and society’ (Livingstone & Helsper, 2013). However, two contrasting theoretical perspectives propose different scenarios for how this mechanism functions (Norris, 2001; Van Deursen et al., 2017). The technological diffusion normalization model expects that technological expansion will eventually follow a normalization pathway and end with the pervasiveness of ICT in all countries and segments of society. In contrast, the stratification hypothesis or the stratification model of diffusion of technologies proposes that social groups and countries with pre-existing advantages derived from older socioeconomic stratifications will maintain their edge in the digital economy even as the digital uptake increases worldwide (Norris, 2001; Van Dijk, 2005; Van Deursen et al., 2017).

In line with the stratification hypothesis, we argue that, far from disappearing, disparities in access to and use of technology are reproducing themselves and even exacerbating inequalities in the physical world. By doing so, they are impeding the ability of the digitally disadvantaged to participate in society, access resources and accumulate social capital (Hargittai, 2008; Witte & Mannon, 2010).

1.2. Digital safety as a capital-preserving consequence of digital engagement

As Van Deursen et al. (2017) argue, within the literature there is a normative assumption that certain types of Internet activities are more beneficial than others because they increase people's resources and opportunities. This phenomenon is referred to in the literature as the capital-enhancing consequences of Internet usage (Van Ingen & Matzat, 2017; Zillien & Hargittai, 2009).

We maintain that online safety behavior is a capital-enhancing consequence of Internet use that requires the adoption of preventive behaviors. Compared to other types of preventive behaviors, digital precautions are cognitively more complex to perform, requiring the acquisition of specialized and technical human capital (Weinstein, 1987). Skilled users will be more knowledgeable about how to avoid the risks or problems involved in surfing the Internet (Livingstone & Helsper, 2010).

The centrality of digital skills in social and digital inequality has already been firmly established (Correa, 2016; Van Dijk, 2005). Also referred to in the literature as Internet skills, e-skills and certain types of digital literacy, digital skills are a broad concept describing different sets or types of abilities related to the knowledge of the digital world (Bawden, 2008; Cobo, 2009; Van Deursen, van Dijk, & Peters, 2011). We define digital skills as both the basic abilities required to operate digital systems and also the skills needed to understand and use the Internet's online content. This study will primarily address the first of these components, because we are concerned with operational-level knowledge related to safety or security online.

Based on this view, socio-demographic factors such as education, age and gender are antecedents of both these skills and behaviors. We expect that specific traits of online lifestyles such as access, experience and variety of tools used, the frequency of use of certain Internet activities, and the level of digital security skills will also affect the adoption of preventive behaviors designed to thwart malware.

Moreover, similar to Büchi, Just, and Latzer (2016) and Park (2013), we argue that the integration of digital security skills as an independent variable is critical to the understanding of the use of online protective measures. Having the necessary skills and knowledge to engage in a cyber-safety behavior can help users avoid cyber-victimization, reducing the odds of negative outcomes such as the theft of data, money or personal information.

Preliminary evidence about cyber-safety behaviors seems to support this view. A study conducted in the US in 2013 established that frequency of Internet use and knowledge about how the Internet works were positively correlated with the installation of antivirus software on personal devices (AARP, 2014). Using a national sample of adult American Internet users, Park (2013) found that age and gender were the main demographic predictors of privacy-related skills and knowledge. The number of years since starting to use the Internet and the diversity of Internet access points were the variables that most affected these specific knowledge and skills. In a study conducted in Switzerland, Büchi et al. (2016) determined that whereas experiences with having one's privacy violated online and attitudes towards privacy were crucial to behaviors designed to protect one's privacy, Internet skills ‘ … best explain the extent to which users actively protect their privacy online’ (p. 19). Similarly, Litt and Hargittai (2014) argued that among university students in the US, differences in Internet skills played an important role in the management of digital privacy, particularly concerning turbulent online experiences.

While these studies provide some indication of the role played by socioeconomic status with regard to cyber-safety, aside from Park (2013) and Büchi et al.’s (2016) works focusing on online privacy protection, no study has tested a comprehensive perspective such as the one presented here linking social status and privacy-related skills as determinants of digital safety behavior. Our study seeks to close this gap in the literature.

1.3. Research hypotheses

Our study has two research goals. First, we try to identify the main determinants of digital security skills. Whereas it is reasonable to expect a pattern of determinants of safety-related skills similar to those evident in more general or previous digital skills scales, recent studies showed that certain types of Internet skills might have slightly different socioeconomic and digital antecedents (Van Deursen et al., 2017). Younger, better-educated individuals who have access to more resources tend to have more sophisticated skills, particularly operational ones (Reynolds & Stryszowski, 2014; Van Deursen et al., 2017; Van Deursen & van Dijk, 2015a). Age has emerged as one of the strongest single predictors of Internet use and skills (Blank & Groselj, 2015). More specifically, digital skills correlate negatively with age, reflecting historical differences in the ICT socialization of different cohorts during their childhoods.

Gender is an important demographic factor that is associated with digital skills (Van Deursen et al., 2011). Even if the gender gap may have closed in terms of access to the Internet, digital inequalities still prevail in the frequency of use, range of online activities and self-reported digital skills (Robinson et al., 2015). Specifically, men tend to report higher levels of technical digital skills than women (Van Deursen et al., 2017).

Witte and Mannon (2010) also found that education is positively related to digital skills. The higher the education, the higher the level of Internet skills.

Given the existing literature, we posit:

H1: Based on the digital inequalities literature, we expect that age, gender and education will affect the level of digital security skills and preventive antivirus behaviors. Men, younger users and better-educated individuals will have higher levels of digital security skills and will be more likely to engage in preventive antivirus behavior than women, older individuals and the less educated population.

Digital skills might be associated with the quality and type of access to the Internet. Given that our study refers to Internet users only, we employ Livingstone and Helsper’s (2010) conceptualization of quality of access to refer to the diversity of the types of devices used to access the Internet and the number of years since they started using the Internet (seniority online). Seniority online is assessed as a proxy of how long the user has had to acquire habits and assets online (Van Deursen et al., 2011), digital security skills among them. In other words, the longer their time online the greater the chances of proper digital socialization and the acquisition of the skills needed to engage in a preventive cyber-safety behavior. Similarly, the variety of devices from which users access the Internet has a positive effect on their digital socialization and knowledge due to their exposure to different platforms and interfaces (Van Deursen & Van Dijk, 2015b). Therefore, we hypothesize:

H2: The more diverse the types of devices used to access the Internet and the earlier the first access to the online world, the higher the level of digital security skills and the greater the engagement in antivirus behaviors.

Certain uses of the Internet may produce better returns than others (Correa, 2016; Van Deursen et al., 2017). We propose that the frequency of activities related to e-banking and e-commerce may also affect the use of antivirus software. We argue that e-currency-intensive Internet users will probably have more contact with and exposure to institutions concerned about online safety such as banks and credit card issuers. We will use other activities such as social networking and information seeking as control variables, but we do not expect them to be correlated with safety behaviors.

Thus, we predict that:

H3: A more intensive use of online financially related activities will increase the engagement in antivirus behaviors.

Finally, as previously argued, we propose that there is a link between protective digital skills and cyber-safety behaviors. Digital security skills are a type of human capital that is required in order to be able to engage in cyber-safety behaviors. While difficult to measure in non-experimental settings, the digital skills research presents compelling evidence that it is possible to measure an individual's self-reported digital abilities through the use of questionnaires as an extremely good proxy of actual technological skills (Hargittai & Hsieh, 2012; Van Deursen et al., 2017). Therefore, we posit:

H4: Users who report having digital security skills are more likely to engage in antivirus behaviors.

2. Method

2.1. Sample

The survey on which this article is based is part of a larger project on the ‘Antecedents and Consequences of Cyber-Victimization among Personal Internet Users’ and was designed specifically to study preventive behaviors online. An academic company conducted a telephone survey of a national sample of the Israeli population (18 years old or older) in October 2014, collecting 1850 interviews. The sample is representative of all Israeli adults who use the Internet on their personal devices, and consists of landline and mobile telephone subscribers (stratified by localities, proportional to their size). The questionnaire was designed to ensure that the longest logical path of questioning was approximately 20 minutes. The final response rate was 38%. Resulting data were compared to that of the Israeli Central Bureau of Statistics on critical parameters (i.e., basic demographics such as age and education) to control for unwanted biases, but the differences were not significant.

2.2. Measures

2.2.1. Antivirus behavior

We chose anti-malware-related behavior as the main safety behavior to study for several reasons. The literature usually discusses antivirus software and anti-malware as the leading countermeasures against cyber-attacks (Rowe et al., 2012). Moreover, it is the most studied online preventive behavior (e.g., Choi, 2008). We measured the original variables by asking the respondents directly if they had engaged in any of three different types of behavior in the past year: installed or updated antivirus software on their personal computers, installed or updated antivirus software on their mobile devices and scanned a file they had received with antivirus software before opening it. Responses were made on 5-point Likert scales ranging from ‘not at all’ to ‘very frequently’ as response categories. Nevertheless, given that antivirus behavior can be pre-scheduled or automated, we added an additional response category to the variable (‘automatic update’), when we changed the measurement level of the variable from ordinal to nominal.

Due to this quasi-ordinal nature of the original variables, we used a categorical variables-specific technique called categorical principal component analysis (CATPCA) to reduce the data and create a linear summary of antivirus engagement. Only the first dimension was retained. This dimension can be interpreted linearly as having more engagement in antivirus behavior and accounted for 60.9% of the variance of the original variables. It had a Cronbach's alpha of .679.

2.2.2. Digital security skills

Whereas the literature on skills focused initially on the characterization and empirical measurement of different types of digital skills (i.e., see Hargittai, 2005; Van Dijk, 2005), a more recent wave of studies has been concerned with standardizing and testing such measures across national populations (see Van Deursen et al., 2016). Respondents were asked to rate their abilities such as knowing how to install antivirus software, update it, set up mobile security, use an anonymous browser, delete browsing the history and cookies and identify executable files (some of these items are also present in Park’s (2013) privacy-specific scale). Respondents rated their ability to perform such tasks on a 5-point Likert scale ranging from ‘unable to perform the task/operation at all’ to ‘very capable of performing the task’. The 5-point scale is common in other web-use skills scales (Hargittai & Hsieh, 2012; Van Deursen et al., 2016). In addition, based on Van Deursen, Helsper, and Eynon (2016), we converted a specific category of missing values (‘I do not understand what you mean by that’) to zero, assuming that the lack of knowledge regarding a particular action indicated the lack of the skill. A principal component analysis of the six measured digital security skills was conducted to create the dependent variable (Cronbach's alpha = .86).

2.2.3. Socio-demographic status

We assessed this factor with traditional sociological variables such as age, gender and education. We determined age by asking respondents for their birth year and then subtracted their answer from the year in which the survey was conducted. Gender was recoded as a binary variable (1 = male; 0 = female), and education was measured as years of formal education completed as reported by the respondent.

2.2.4. Quality of Internet access

We used two indicators to measure the quality of access. The first one was created as a composite index (the simple sum) of all the devices through which users accessed the Internet (shared computer, personal computer, tablet and smartphone), regardless of their frequency of use. This approach, generally known in the literature as the autonomy of use (Hargittai & Hinnant, 2008), was employed here in a manner similar to Livingstone and Helsper’s (2010) measurement of access by totaling the number of locations from which users connected to the Internet. The second indicator was seniority of use or the years since the respondent started using the Internet (ultimately dichotomized as less than six years or six years or more due to a severely skewed distribution towards higher values).

2.2.5. Frequency of Internet use

We measured this factor with two indicators. The first was general frequency of Internet use in the last three months (from once a week at most to more than eight hours every day). The second indicator was comprised of the frequency of engaging in potentially capital-enhancing activities: social networking, information seeking, e-commerce and e-banking. Responses were made on 5-point Likert scales ranging from ‘not at all’ (1) to ‘very frequently’ (5) as response categories. We opted to use individual activity indicators in order to determine whether more financial-related activities might affect safety behavior differently, as Hypothesis 3 argued. Following most of the best practices on ICT measurement in households and individuals (ITU, 2014), the phrasing of the questions and response categories of frequency of use accorded with previous Internet usage surveys (e.g., Dunahee & Lebo, 2016).

3. Results

3.1. Description of the sample

Table 1 shows that the respondents’ average age was 46.91 years (SD 16.20), and men and women were almost equally represented (45.5% men). The average completed years of education for Israeli Internet users was 14.92 (SD 3.16). More than three quarters of the users started browsing the Net more than six years ago (78.3%) and on average used 2.93 (SD .93) different types of devices to do so. Regarding frequency of use in the last three months, 16.5% used the Web less than once a day, 32.2% went online every day but for less than an hour daily, 40.3% spent one to four hours a day online and 11.2% spent more than four hours a day on the Internet.

Table 1. Summary statistics of socio-demographic, security skills and Internet-related variables.

	N	Range	Mean	Std. Deviation
Age	1834	17–93	46.91	16.20
Gender (Male)	1850	0–1	.46	.50
Completed years of education	1841	2–30	14.92	3.16
Started using the Internet more than six years ago	1807	0–1	.78	.41
Number of different devices through which users access the Internet	1804	0–4	2.93	.97
Frequency of use during past three months	1793	1–7	4.33	1.28
Frequency of using social networks (Facebook, LinkedIn, Instagram)	1831	1–5	2.84	1.59
Frequency of seeking information (news, sports, economics, health)	1846	1–5	3.87	1.22
Frequency of making purchases over the Internet	1837	1–5	1.92	1.21
Frequency of carrying out banking transactions (i.e., checking account statements, banking operations)	1837	1–5	2.73	1.59
Know how to install antivirus software	1819	0–5	2.87	1.82
Know how to make antivirus updates	1769	0–5	3.00	1.84
Know how to set mobile phone security procedures	1771	0–5	2.86	1.77
Know how to use the browser on condition of anonymity	1827	0–5	1.74	1.68
Know how to delete browser activity history or cookies	1837	0–5	3.06	1.87
Know how to distinguish between executable and non-executable files	1826	0–5	2.67	1.80

Using a scale where 1 equals to ‘not at all’, 2 to ‘not very frequently’, 3 ‘moderately’, 4 ‘frequently’ and 5 ‘very frequently’, the averages of the frequency of the different Internet activities in the last year was 1.92 (SD 1.21) for making purchases online, 2.73 (SD 1.59) for bank transactions, 2.84 (SD 1.59) for using online social networks and 3.87 (SD 1.22) for searching for information.

Using the same scale, the average rates for digital security skills ranged from 1.74 (SD 1.68) on how to use the incognito browser mode to 2.67 (SD 1.80) for being able to identify executable files, 2.86 (SD 1.77) for being able to set security settings on smartphones, 2.87 (SD 1.82) for installing antivirus software, 3.00 (SD 1.84) for updating antivirus software and 3.06 (SD 1.87) for being able to delete a browser's history or cookies.

As Table 2 illustrates, the distributions of antivirus behavior were centered on extreme values. The mode of installing or updating antivirus software on the PC was 5 (very frequently) at 37.1%, but 25.7% said they did not do this at all (1). Scanning files before opening them was a less common behavior, where 1 (not at all) was the mode with 45% of the population. On the other hand, more than a fifth of the personal Internet users (23.1%) said this activity was automated for them on their devices. Regarding mobile devices, the situation was even more skewed, with more than half of the personal Internet users (59.5%) indicating that they did not engage in the behavior.

Table 2. Summary statistics of antivirus behavior.

	Install or update antivirus software on PC	Install or update antivirus software on mobile devices	Scan files before opening them
Not at all	25.7% (443)	59.5% (948)	45.0% (776)
2	6.5% (112)	7.5% (119)	5.7% (98)
3	10.9% (187)	7.3% (117)	6.7% (116)
4	10.7% (184)	6.3% (100)	4.5% (78)
Frequency	37.1% (639)	15.5% (247)	14.9% (257)
Automatic updates	9.1% (157)	3.9% (62)	23.1% (399)
Total (valid cases)	100% (1722)	100% (1593)	100% (1724)

As described in the measures section, in order create a valid scale of digital security skills and antivirus behavior, we conducted two separate data reduction analyses that enabled us to construct scales for each concept. The first of them was a principal component analysis of the six measured digital security skills. Only one dimension had an eigenvalue exceeding 1.0 (3.55) and accounted for 59.1% of the variance. A reliability analysis (Cronbach's alpha = .86) corroborated that the scale was a good fit with the data.

The development of an index for the antivirus behaviors was slightly more complex, because the variables that comprised the desired index (installed or updated antivirus software on PCs and mobile devices, and scanned files before opening them) were not completely ordinal in nature. Consequently, we conducted a CATPCA where the first dimension signaled on the procedure accounted for 60.9% of the variance.

3.2. Correlation between variables

Table 3 presents the correlation matrix of the variables (after data reduction). As the theoretical model predicted, not only did antivirus behaviors and digital security skills share most of the correlations, but also most Internet use variables shared similar links with each other. Nevertheless, the strongest correlation of all was between digital security skills and antivirus behaviors (r = .51, p < .01).

Table 3. Pearson correlations between the variables used in this study.

		1	2	3	4	5	6	7	8	9	10	11	12
1	Antivirus behavior	1.0
2	Age	−.13**	1.0
3	Gender (Male)	.17**	.02	1.0
4	Completed years of education	.05*	.23**	−.02	1.0
5	Number of different devices through which users access the Internet	.15**	−.23**	.02	.00	1.0
6	Started using the Internet more than six years ago	.20**	−.02	.11**	.23**	.11**	1.0
7	Frequency of use during past three months	.18**	−.18**	.06*	.06*	.10**	.23**	1.0
8	Frequency of using social networks	.13**	−.31**	−.10**	−.10**	.17**	.11**	.31**	1.0
9	Frequency of seeking information	.14**	−.03	−.01	.13**	.10**	.21**	.29**	.24**	1.0
10	Frequency of making purchases over the Internet	.18**	−.11**	.08**	.05*	.18**	.22**	.21**	.18**	.25**	1.0
11	Frequency of carrying out banking transactions online	.16**	.05*	.03	.14**	.12**	.18**	.14**	.10**	.24**	.32**	1.0
12	Digital security skills	.51**	−.32**	.27**	.08**	.24**	.28**	.31**	.23**	.22**	.28**	.18**	1.0

*p < .05.

**p < .01.

With regard to the two dependent variables, whereas younger people seemed more likely to engage in preventive behaviors, the correlation with age was almost three times as strong for digital security skills (r = −.32, p < .01). Men were more likely to score high in both factors, as were those who had been using the Internet for more than six years and accessed it through more types of devices.

Regarding completed years of education, while the correlations were statistically significant and in the expected theoretical direction (positive), they presented the weakest relationship of all with the dependent variables.

3.3. Predicting digital security skills

Our first research objective was to test whether the predictors of this particular group of skills was similar to other Internet skills measured in the literature on digital inequality. Based on previous studies on digital skills (Van Deursen et al., 2017), we expected that education and quality of access would have an influence on digital security skills.

Table 4 presents the results of an O.L.S. multivariate analysis predicting digital security skills. We performed the analysis in two steps. The first contained only socio-demographic characteristics, and the second added the quality of access to the Internet.

Table 4. Ordinary least squares (OLS) coefficients: digital security skills.

	Model		Model
	1		2
	b	β	B	β
Socioeconomic status and demographics
Age	−0.023 (0.001)	−0.374**	−0.020(0.001)	−0.320**
Gender (Male)	0.564 (0.045)	0.280**	0.505 (0.043)	0.251**
Completed years of education	0.058 (0.007)	0.180**	0.036 (0.007)	0.112**
Quality of access
Number of different devices through which users access the Internet			0.150 (0.023)	0.141**
Started using the Internet more than six years ago			0.524 (0.054)	0.214**
Constant	−0.029 (0.118)		−0.687(0.137)
Model fit
R^2	0.213		0.279
Adj R^2	0.212		0.277

Note: Standard errors are in parentheses.

*p < .05.

**p < .01.

As Table 4 shows, all of the variables were statistically significant in the expected direction. As Model 1 illustrates, young people, men and better-educated users tended to be more proficient than those who were older, female and less educated. With an explained variance of R² = .213, socio-demographic status explained a considerable amount of the variance in security skills levels. Moreover, its role did not seem to disappear after the introduction of digital achievements (quality of access) into the model. While the strength of the β diminished, no variable lost its statistical significance, and age (β = −.320, p < .01) and gender (β = .251, p < .01) still had the highest standardized coefficients. The relationship between education and skills followed the expected direction, yet based on the literature we were expecting that traditional human capital would have a stronger effect on this particular factor (β = .112, p < .01, the lowest of all standardized coefficients).

Model 2 improved the explained variance up to an R² of .279 (a statistically significant change for p < .01).The results of this model accord with the previous literature both with regard to the effect of different types of Internet access and the even stronger relevance of social status for digital skills (i.e., Van Deursen et al., 2017; Witte & Mannon, 2010).

With regard to quality of access, whereas both variables were statistically significant and positively related to the level of skills, having used the Internet for more than six years (β = .214, p < .01) was by far more relevant to the skills than the diversity of devices used (β = .141, p < .01).This finding accords with the digital socialization hypothesis about the effects that online seniority may have on skills.

3.4. Predicting antivirus behavior

To answer the second research question, we also conducted an O.L.S. multivariate analysis predicting antivirus behavior. The results, which appear in Table 5, show that while the relationship between social status attributes and preventive behaviors was similar to their association with skills, the strength of the coefficients was far weaker. The adjusted R² (.052) was also substantially smaller for this model compared to the same regressors in the case of digital security skills.

Table 5. Ordinary least squares (OLS) coefficients: preventive antivirus behavior.

	Model		Model		Model		Model
	1		2		3		4
	b	β	b	β	b	β	b	β
Socioeconomic status and demographics
Age	−0.01 (0.002)	−0.151**	−0.007 (0.002)	−0.112**	−0.006 (0.002)	−0.087**	0.003 (0.002)	0.044
Gender (Male)	0.374 (0.052)	0.179**	0.328 (0.051)	0.157**	0.325 (0.051)	0.156**	0.07 (0.048)	0.034
Completed years of education	0.029 (0.009)	0.086**	0.013 (0.009)	0.038	0.008 (0.009)	0.024	−0.007 (0.008)	−0.021
Quality of access
Number of different devices through which users access the Internet			0.118 (0.028)	0.105**	0.087 (0.028)	0.077**	0.031 (0.026)	0.028
Started using the Internet more than six years ago			0.424 (0.065)	0.164**	0.291 (0.067)	0.112**	0.134 (0.062)	0.052*
Frequency of use
Frequency of use during past three months					0.062 (0.022)	0.075**	0.010 (0.02)	0.012
Frequency of using social networks					0.026 (0.018)	0.039	0.005 (0.016)	0.008
Frequency of seeking information					0.039 (0.023)	0.045	0.009 (0.021)	0.011
Frequency of making purchases over the Internet					0.049 (0.022)	0.058*	0.005 (0.02)	0.006
Frequency of carrying out banking transactions online					0.052 (0.017)	0.079**	0.033 (0.016)	0.049*
Digital skills
Digital security skills							0.505 (0.028)	0.481**
Constant	−0.156 (0.139)		−0.697 (0.166)		−1.240 (0.192)		−0.472 (0.18)
Model fit
R^2	0.054		0.092		0.121		0.275
Adj R^2	0.052		0.089		0.116		0.270

Note: Standard errors are in parentheses.

*p < .05.

**p < .01.

Model 2 for antivirus behavior replicated the full model of digital security skills and, again, the explained variance was still modest but higher than the structural variable model (adjusted R² = .089, an increase of more than 70%). Age and gender were still significant, but their standardized effect was lower, and the differences in completed years of education were no longer statistically relevant. Instead, differences in quality of access seemed to explain the effect of education on antivirus behavior. Contrary to the skills regression model, seniority of use had the highest β of all regressors (.164, p < .01).

A third iteration of this O.L.S. regression introduced five indicators of frequency of Internet use of which only three were statistically significant. The increase in R² was slightly lower (adjusted R² = .115, an increase of close to 30% from Model 2). Whereas the differences in the frequency of social networking and information seeking did not seem to explain any statistically significant change in antivirus behaviors, the more frequent the use of the Internet as a whole in the last three months (β = .075, p < .01), online purchasing (β = .058, p < .05) and e-banking (β = .079, p < .01), the more likely respondents would engage in antivirus behaviors. As we hypothesized, it is probable that the online lifestyles of frequent users of e-banking and online currency may also place them in more regular contact with and make them more concerned about the wellbeing of their financial assets, prompting them to learn about safe practices and online risks.

Finally, Model 4 added digital security skills as the last independent variable. Not only did it substantially increase the explanatory potential of the model (adjusted R² = .270, an increase of more than 125%), but it also eliminated the statistical significance of all of the socio-demographic regressors and practically all of the other digital ones as well. As hypothesized, the effect of the digital security skills factor was by far the strongest (β = .480, p < .01) of any of the models presented in this article. The only other two statistically significant variables in Model 4 were the frequency of e-banking (β = .049, p < .05) and the seniority of Internet use (β = .052, p < .05). In both of these variables familiarity or experience with and awareness of threats played a role as predictors of antivirus behaviors.

4. Discussion

Concerns about the vulnerability of Internet users are rising. Cyber-victimization is not only harmful to individuals and their wellbeing but may also have important consequences for national economies and infrastructure (Anderson et al., 2013; Levi, 2017; McGuire & Dowling, 2013b).

In this study, we investigated the extent to which socio-demographic differences are reflected in digital cyber-safety skills and assessed whether socio-demographic differences in these skills affect the engagement in antivirus behaviors. Two perspectives regarding the societal effects of technology expansion dominate the literature: the normalization and stratification models. These hypotheses differ in their expectations about the socioeconomic effects of the expansion of digital technologies: the former expects disparities to disappear in the course of normalization, whereas the latter proposes that pre-digital stratifications will prevail and solidify (Norris, 2001; Van Dijk, 2005).

Our findings provide evidence for the stratification model in the cyber-safety arena. Digital security skills and the engagement in antivirus behavior are unequally distributed among Israeli Internet users and have strong links with traditional social dimensions of inequality such as gender, age and education.

Nevertheless, our findings also seem to imply that these structural variables, as well as some Internet access and usage indicators, have a stronger and clearer effect on digital security skills than on antivirus behavior. Moreover, higher levels of digital security skills are by far the best predictors of engagement in such behavior. Not only are their standardized coefficients close to three times larger than any other constructs in this study (nine times, if we consider only preventive behavior as a correlate), but also after including them in the nested models the statistical significance of almost all of the other variables disappear.

These results indicate that socio-demographic differences influence the engagement in antivirus behavior. Our findings are also in line with recent findings related to other capital-enhancing consequences of Internet use and their relations with digital skills (Büchi et al., 2016; Van Deursen et al., 2017; Van Deursen & Van Dijk, 2015b).In addition, seniority of Internet access is an important determinant of both digital security skills and antivirus behavior, whereas e-banking is a good predictor of the latter. We believe that the mechanism behind their effect relies mostly on stratified experiences or familiarity with the online world, a factor that may help users improve their digital socialization and/or expose them to more information about both online risks and their possible countermeasures. This idea is consistent with previous studies about digital skills and the tangible outcomes of Internet use (e.g., Van Deursen & Van Dijk, 2015b).

These findings make several important contributions to two distinct and not always connected fields: studies on cyber-victimization and the digital divide. By refocusing the problem of cyber-safety on digital inequalities, we suggest a framework that can not only help governments and organizations identify digitally at-risk populations, but also provide recommendations that may help personal Internet users reduce their risk of cyber-victimization without reducing their opportunities to enjoy the benefits of a connected life. The focus should be on developing skills, not restricting use. As Livingstone and Helsper (2010) argue, restricting Internet use to reduce risks is also very likely to limit digital development and opportunities. This is an even less viable alternative for a ‘start-up nation’ such as Israel that rely heavily on the digital capabilities of its workers for its major technology industries but are also involved in constant cyberwarfare and face the risk of cybercrime attacks. Cyber-victimization research does not generally consider the negative effects of usage restriction, nor does it regard digital security skills as one of the most crucial social components in preventing cyber-victimization.

From a digital inequalities perspective, the assessment of behaviors to prevent cyber-victimization contributes to the field by providing additional testing of the effects of digital disparities on the antecedents of cybersecurity skills. In terms of theory, our study expands existing knowledge on the behaviors that prevent cyber-victimization from the technological to the social perspective. Consistent with the stratification hypothesis, we found that social standing shapes not only the level of computer and Internet skills in general, but also the level of cybersecurity skills. Moreover, our findings show that digital security skills have predictors more akin to operational or technical factors than global ones (i.e., Correa, 2016). In this sense, a salient finding is that gender disparities in digital security skills still prevail, and age inequalities are even stronger than social or creative digital skills (i.e., Van Deursen et al., 2017).

We also demonstrated the central role of security skills in protective behavior, underscoring that protecting users online requires more than technology. Social structure affects individuals’ digital human capital, stratifying their chances of engaging in capital-enhancing activities such as protecting their digital assets and identity. Therefore, we urge the creation of programs for the socially disadvantaged and technologically less savvy that are designed to improve their digital safety.

If digital safety is understood as an outcome that could affect one's quality of life ‒ or at least prevent its reduction ‒ the study of its determinants and prevalence among diverse, digitally engaged populations provides additional empirical evidence about the consequences of cybersecurity inequalities, a dependent variable not previously addressed in this literature.

Furthermore, an important strength of the study is that it is based on a large sample of private Internet users, thereby avoiding the sample selection bias that is common in studies using college students. Our results support our proposed hypotheses and this conceptualization of digital safety.

4.1. Limitations of the study

Finally, the study does have some limitations that must be acknowledged. First, the same determinants of skills and preventive behavior have been shown to be the determinants of risks and victimization online. A more complex approach, similar to Livingstone and Helsper’s (2010) comprehensive study of both safety-related benefits and risks, needs to be developed. Risks and benefits may not be polar opposites, because improving one's skills may require opening oneself up to new risks (Livingstone & Helsper, 2010). A more complex econometrical model integrating the two dependent variables analyzed here would also be recommended. Such a model would allow us to test the hypothesis that digital skills mediate the effects of socioeconomic attributes on cyber-safety outcomes (i.e., see Büchi et al., 2016; Van Deursen et al., 2017).

Finally, the use of more complex measures of socioeconomic status also needs to be considered in future studies. Besides the role of gender, age and education, household income, occupational status or stratification schemes could improve the testing of the stratification hypothesis with regard to digital safety outcomes.

Acknowledgement

This article was presented at ASA's 2017 meeting. The article's body, abstract and title were improved based on suggestions and comments from other conference participants.

Disclosure statement

No potential conflict of interest was reported by the authors.

Notes on contributors

Gustavo S. Mesch holds a PhD from The Ohio State University (US). He is a Professor of Sociology at the University of Haifa (Israel). His research interests are the Internet and society, computer-mediated communication, social capital and cybercrime [email: [email protected]].

Matias Dodel holds an MA degree in Sociology from Universidad de la Republica (Uruguay) and is a PhD candidate in the Department of Sociology, University of Haifa. He is a Professor and Head of the Research Secretary at the Universidad Catolica del Uruguay. His research deals with digital inequalities, social stratification, cybercrime and the risks and benefits of Internet use [email: [email protected]].

ORCID

Matias Dodel http://orcid.org/0000-0002-1724-9609

Additional information

Funding

This study was conducted with a grant from the Ministry of Science, Technology and Space[2-01802].