In this section, we discuss related work from three different aspects. Initially, we highlight how sustainability is relevant to information security; secondly, we discuss online learning and cybersecurity implications, and this is followed by information security studies conducted in the context of Saudi Arabia.
2.2. Cybersecurity and Online Learning
Technological adoption in the education sector has been explored by many researchers. Kosasi et al. [
17] carried out a literature review and discussed how, although there are a number of blockchain-based technologies available, there is still a significant potential for more blockchain technologies in the higher education sector. Similarly, Alam [
18] discussed how blockchain-based digital certificates can be employed for learners to access online learning resources. Vlachogianni and Tselios [
19] adopted a system-usability scale to evaluate the usability of different educational resources and found that the majority of online resources, university websites, and tutoring platforms have good usability. Lai et al. [
20] identified the critical factors in evaluating the use of technology in the education sector, developed an instrument comprised of twenty-eight items belonging to eight different factors and evaluated its validity over a large set of students. Minamatov and Nasirdinova [
21] highlighted that teachers need mastery in using digital technologies, such as text editors, spreadsheets, emails, browsers and multimedia equipment, to deliver quality education. Chen et al. [
7] carried out a bibliometric analysis of papers published during 2000–2019 to understand the adoption of artificial intelligence in education domains. It found data mining for student performance prediction, automated special education tutoring systems, intelligent educational robots, computer-supported collaborative learning and recommended systems for learning as core topics of interest.
Recently, COVID-19 has changed not only the way we live but also the way we teach and learn [
22]. In the post-COVID period, higher education institutions have strengthened their online infrastructure to support students’ learning, and a variety of other learning resources are publicly available on the internet. This transformation has increased the online time of students which has made them more susceptible to cybersecurity threats. Arampatzis and O’Hagan [
23] highlighted that increased digitalization during the pandemic period has increased the probability of cybersecurity threats due to human factors. Bukauskas et al. [
24] presented their findings on how an extensive digital transformation and specialized computing skills are required by the workforce to keep their infrastructure secured. They remapped cybersecurity competencies for small nation states to enable the desired security competencies in the computing workforce. Sabillon [
25] carried out an empirical study in a Canadian higher education institute and presented a cybersecurity-awareness training model for corporate sector. They also stressed the need for continued research on cybersecurity awareness to keep users abreast with changing cybersecurity challenges. Hewitt and White [
8] discussed how, when people’s fear of becoming a cyber victim grows, they report more security problems, and visiting unreliable websites is positively correlated with reported security events in home computers. Furthermore, they did not find any evidence of correlation between the education and cyber-optimistic bias of respondents. Olayinka and Win [
26] found extensive digital transformations within business, and using diverse applications to monitor COVID-19 has introduced many security implications which require innovative solutions. Sintema [
27] carried out a study in Zambia and highlighted that school closure due to COVID-19 was going to result in a higher failure rate in the national examination. Aykan and Yıldırım [
28] investigated the implications of embedding the lesson-study model in online STEM education during COVID-19 and found that it resulted in improved lesson planning; however, lack of lesson planning experience, time and environmental conditions were quite challenging. Snell-Rood et al. [
29] used a bio-inspiration approach to teach a biology course themed around the COVID-19 pandemic. Initially, students used mind mapping to model the problem and sub-problems relevant to the content, and later conducted an in-depth review of the literature as part of a student project. They proposed that such an approach could be used to teach a variety of topics using this inquiry-based pedagogy. Baptista et al. [
30] examined how physics teachers used a STEM activity in the context of the pandemic and found that teachers who were able to innovate pedagogical approaches, integrate scientific and technical knowledge, and motivate students were able to deliver scientific knowledge to students effectively.
COVID-19 induced a transition to online learning which has made cybersecurity for students an interesting research area. Triplett [
31] carried out a review study to find out how children’s cybersecurity awareness was important, and concluded that the adoption of game-based strategies to increase children’s awareness could be effective. Zorlu [
32] conducted an empirical study with students of Bartin University, Turkey, and found that college students required awareness to keep themselves protected against cyberbullying and cybersecurity threats. The results highlighted that female students had higher awareness as compared to male students. It was also found that the intended use of the internet, cyberbullying exposure and online catfishing activities are key factors in determining awareness. Khan et al. [
33] carried out an empirical study with undergraduate students and found that protection motivation theory-based training can positively change cybersecurity behavior, so practitioners should target the inclusion of a self-efficacy component of protection motivation theory in their training modules. Kasunic and Bracun [
34] carried out an empirical study on applied science students at Zagreb University of Applied Sciences and found that there was cybersecurity awareness among students exhibited by careful accessing of email links, social media posts and websites. However, there was no significant difference in cybersecurity awareness between employed students and full-time students’ security behavior. Lourenço et al. [
35] highlighted that, in the post covid era, students and teachers are exposed to increased use of technology, and a rise in cybercrime in society advocates for more awareness and training to enhance the knowledge of the public. Eltahir and Ahmed [
36] conducted an empirical study on Sudanese university students and found that the male students had relatively higher cybersecurity awareness in comparison to the female students. Furthermore, the cybersecurity behaviors of advanced computer users were different than those of moderate ones.
English and Maguire [
37] explored student expectations in two UK universities to understand the concerns with cybersecurity curricula in a bid to improve the cybersecurity modules. Netshakhuma [
38] carried out a cybersecurity assessment study in South African universities and found poor implementation of cybersecurity strategies by employees and students. Conducting similar studies in other geographical regions to enrich the body of knowledge has been stressed. Hong et al. [
39] conducted an empirical study in China and found that education level has a significant impact on cybersecurity behavior. They found significant differences in the cybersecurity behavior of non-final year students, final year students and working graduates. Adamu et al. [
40] explored cybersecurity awareness in the northeastern region of Nigeria and found that students had limited cybersecurity awareness in areas like internet banking while in cases of cyberbullying, self-protection, and internet addiction, there was reasonable awareness. Garba et al. [
41] investigated Nigerian universities and found a lack of skills in protecting their data even though they claimed to be aware of cybersecurity. Furthermore, many universities did not prepare students to protect their personal data. Senthilkumar and Easwaramoorthy [
42] investigated cybersecurity awareness among students in Tamil Nadu, India and found that students had a good level of awareness to keep themselves secure from cyber-attacks. Slusky and Partow-Navid [
43] conducted an empirical study with the business students at California State University and found that problems with security awareness were not due to lack of security knowledge; rather students lacked application of their security knowledge in real life situations. Therefore, the academic curricula need to adopt context-based security awareness to students.
2.3. Information Security Studies in the Context of Saudi Arabia
There has been little research exploring cybersecurity implications in Saudi Arabia. Johri and Kumar [
44] carried out an empirical study to evaluate the cybersecurity satisfaction of banking customers in Saudi Arabia and found that there was a need for more cybersecurity awareness for customers to ensure safe online transactions. Saeed investigated information security practices of office employees in Saudi Arabia and outlined a set of recommendations to improve information security [
45]. Almarhabi et al. [
46] presented a framework for the Saudi government to balance system restrictions, privacy concerns and risks of security due to a Bring your own device approach by users. Aljedaani et al. [
47] empirically investigated the security perception of end users of two mobile health applications in Saudi Arabia and found that the majority of respondents were unaware of security features, so a set of usable security guidelines was proposed. AlGhamdi et al. [
48] presented a model to identify factors affecting the perception of employees in adhering to information security compliance and applied it in Saudi Arabian government organizations. Mohammed and Bamasoud [
49] conducted a literature review and found that there was an innate need to enhance cybersecurity awareness among university students in Saudi Arabia. Alghamdi [
50] outlined a set of security threats relevant to high school students in Saudi Arabia and highlighted regular communication among schoolteachers and parents to control the negative implications of information technology. Alqahtani [
51] highlighted that passwords, the use of web browsers and social media are key factors contributing toward the cybersecurity awareness of students. Alotaibi and Mukred [
52] conducted an empirical study in the city of Riyadh in Saudi Arabia and identified the factors contributing to cyber-violence behaviors among university students.
Although there has been some literature focusing on cybersecurity aspects, the diversity of students’ academic and geographical background and technological and cultural environment provides different challenges for cybersecurity awareness. Therefore, it is scientifically interesting to enrich this body of knowledge by developing more case studies in different geographical and cultural contexts to document best practices. Therefore, in this paper, we have explored cybersecurity awareness among computing university students in Saudi Arabia to understand their information security awareness.