Effect of Age on Information Security Awareness Level among Young Internet Users in Malaysia

The negligence to take proper security precautions while using the Internet has been lacking nowadays, especially among youth. Although youth deal the most with smart gadgets, past research has found that there is still lack of information security awareness among them. This can be shown by the number of cybercrimes arising day by day such as, cyberbullying, phishing, hacking, online threats, virus attacks, and so on. Thus, research has been conducted using quantitative methods by utilising a questionnaire to measure the information security awareness level among youth in Malaysia. The aim of this study is to determine the effect of age on the information security awareness level among young Internet users in Malaysia. 400 respondents have been participated in this survey. The findings of this study reveals that there is strong significant relationship between age (18-20 years old; 21-30 years old; 31-40 years old) and information security awareness (password usage, data protection, and data backup). Besides, there is no significant relationship between age and personal data sharing. However, respondents from 21-30 years old showed more concern towards information security awareness in this study. It is highly recommended for young Internet users to identify online threats and be aware of the security breaches encountered.


Introduction
Information security awareness is the persistence to gain attention and being mindful of security dangers and threats, as well as an interest in gaining knowledge to utilize the information system responsibly (Siponen, 2000). The huge technology shift by the use of smart devices is an important element of information security awareness. Besides, information security awareness is also known as the level of user's knowledge about the importance of cybersecurity when using the Internet (Zwilling et al., 2020). In accordance with the statistical result from Malaysian Communications and Multimedia Commission (MCMC), there were 24.5 million Internet users in 2016 and increased in 2018 to 28.7 million Internet users. In 2020, there were 29 million Internet users which comprise 88.7% of the population in Malaysia (MCMC, 2021). Due to Movement Control Order (MCO) limitations imposed by the Malaysia's National Security Council in 2020, 70.5 percent of online users accessed to Internet from home. Moreover, the school systems and universities have begun to conduct virtual classes with the aid of smart gadgets and Internet. Furthermore, Internet users mostly utilize Internet for their social interest, such as communicating with relatives and friends and accessing social media sites. Thus, this results in Malaysia's high broadband penetration rate of 56.2 percent and personal hotspot users of 61.4 percent (MCMC, 2021). Therefore, high penetration of Internet shows the dependency of Internet users in Malaysia. The problem arises when frequent Internet use not only has a significant impact on youth's socioeconomic lives, but it also has a wide range of negative consequences .

Information Security Awareness
Parallel to Malaysia's rapid Internet development, a high Internet usage trend has been found. As a result, if security measures are not taken, social issues such as cybercrime will undoubtedly emerge. This happens mostly when someone is unaware of the importance of information security. Zahri et al (2017) conducted a study on information security awareness among Malaysian students and discovered that early knowledge and understanding about information security is critical among Malaysian youths in order to develop a secure internet use. Besides, an information security awareness training program was held for the health industry by conducting some games. The results showed that the participants still had very low awareness towards phishing, malicious code, password protection, privacy and confidentiality, and hacking (Ghazvini and Shukur, 2018). Additionally, a study by Farooq et al (2016) found that Internet usage correlates with online threats among higher education students. A study conducted by Mustafa et al (2019) found that less than half of the respondents had awareness towards phishing attacks. Thus, these studies further explain the urge of information security awareness among young Internet users. Moreover, the statistical report officially updated by the Malaysia Computer Emergency Response Team (MyCERT) in Table 1 below shows the cyber security incidents reported from year 2016 to year 2020. The statistics from Table 1 above was based on cybercrime categories such as, content related, vulnerabilities report, intrusion attempt, cyber harassment, malicious code, intrusion, fraud, and spam. Based on Table 1 above, cyber security incidents from year 2020 recorded the highest among the previous years. According to the statistics from above, in year 2016 a total of 8268 cyber security incidents were recorded. Then, in 2017 there was a slight decrease in the number of cases recorded which were 7922 cases and increased drastically in 2018 by recording 10689 cases. Furthermore, there were 10753 cyber security cases recorded in 2019 and 10774 cases were recorded in 2020. Content related cases recorded the highest in 2019 with 298 cases and decreased in 2020, whereas vulnerabilities report recorded the highest in year 2020 with 117 cases. Besides, intrusion attempts recorded the highest in year 2018 with 1805 cases and decreased rapidly the following years. Furthermore, cyber harassment cases recorded the highest in year 2020 with 596 cases and malicious code recorded the highest cases in 2018 with 1700 cases followed by drastic fall in number of cases. As for intrusion, the number of cases recorded the highest in 2016 and followed by decreased number of cases. Then, fraud incidents recorded the highest cases in 2019, and spam recorded the highest in 2016 with decreased number cases in the upcoming years till year 2020.
The vulnerability towards cyber threats can be avoided if Internet users are aware of the safe Internet usage (Pitchan et al., 2019). Even though there are abundant number of research were conducted in Malaysia to study about information security awareness, the cybercrime cases keep arising, especially among youth. For instance, there are several studies focused about youth in Malaysia dealing with the issues of cybercrimes, such as cyberbullying (Chan et al., 2020;Sivabalan et al., 2020;Yusuf et al., 2020), phishing (Kassim et al., 2018;Manoharan et al., 2021;Nagalingam et al., 2015), hacking (Jafarkarimi et al., 2015;Kim et al., 2021), social networking threats (Hamzah, 2021;IskandarIshak, 2012;Kirwan, 2018), and many more studies related to handling security issues while using the Internet. In addition, there were some studies conducted in Malaysia analyzed a significant difference between gender and information security awareness (Fatokun et al., 2019;Ishak, 2012). Besides, there were no any research done in Malaysia to study the effect of age on information security awareness level among young Internet users. There was one study conducted among 300 senior adults aged from 50 until 60 and above to determine the information security awareness level (Wahid et al., 2021). Thus, this study is aimed to fill in the research gaps by studying effect of age on information security awareness level among young Internet users in Malaysia. The most significant step in a research is to identify a clear and precise research question. In this study, one main research questions were determined. Is there an impact of age on the information security awareness level among young Internet users in Malaysia? In accordance to the research question, the main objective of this current paper is to determine the effect of age on the information security awareness level among young Internet users in Malaysia.

Methodology
This present study aims to determine the effect of age on the information security awareness level among young Internet users in Malaysia. Hence, to accomplish the purpose of this study, this study applied a quantitative approach. A quantitative research basically deals with the search of knowledge, and it works in a quantifying approach to obtain study results (Apuke, 2017). Additionally, Hakansson (2013) stated that a quantitative research method can be classified into research strategies such as, survey, case study, experimental research, and many more. Hence, the current study used survey method as the research strategy to gain data. This study focuses on Internet users who aged from 18 to 40 years only of a population that are of interest. The sampling was decided upon the policy of National Youth Development Policy (NYDP) in 1997 which stated that youth defines individuals from 15 to 40 years old. The panel of researchers had several meetings and finally decided to avoid data collection in schools, instead conduct the data collection in public areas such as, restaurants and shopping malls, university, and so on. Hence, the sampling grouping was determined from 18 to 40 years old. This study used the purposive sampling by allowing researchers to describe the impact of the findings on the population. This survey began in the end of October 2019 and ended in January 2020. 400 respondents volunteered to participate in this study. According to Ponto (2015), a survey-based research deals with large population-based collection of data.
This study took part in the East of Malaysia only, which then divided into four zones of data collection (North, South, East and Central). Pulau Pinang and Kedah represents the North zone, Johor and Malacca represents the South zone, Terengganu, Kelantan, and Pahang represents the East Zone, finally Selangor and Negeri Sembilan represents the Central Zone. Each zone was determined to obtain 100 young Internet users as the respondents, which then sums up 400 respondents from four zones. The researchers analyzed some high potential search of young Internet users' location for data collection such as, shopping mall, restaurants, bus station, university, and so on. The measurement of information security awareness included items extracted from (Hammarstrand and Fu, 2015;Senthilkumar and Sathishkumar, 2017;Mahabi, 2010). Items in questionnaire under the information security awareness section mainly focuses on password usage (PU), data protection (DP), data backup (DBU), and personal data sharing (PDS). Table 2 below shows the variables of information security awareness, number of items, and the type of data measurement. From Table 2, we can see that the type of data measurement for the items varies. Items such as, password usage and data protection were measured using ordinal data which is a 5-point Likert scale. On the other hand, data back up and personal data sharing items were measured using nominal data. Hence, Table 3 below further illustrates the internal consistency and convergent validity of measurement of ordinal measurements (PU & DP) and Table 4 shows the value of chi-square using goodness-of-fit test of nominal measurements (DBU & PDS). One item from DBU and two items from PDS have been rejected because the p value of goodness of validity test needs to be less than 0.005 (p< .005). Hence, only 7 items from DBU and 8 items from PDS are taken into consideration in this study.

Results and Discussion
Based on the analysis, Table 5 below displayed the demographic profile of young Internet users in Malaysia. In this study, Internet were mostly used by female (61.5%) and youth who aged from 21 to 30 years old (57.3%). Besides, Malay respondents (48.3%) mostly participated in this study. Additionally, the highest education level of respondents were bachelor degree (34.0%), followed by SPM certificate (27.3%). Furthermore, respondents with a permanent job mostly participated in this study (39.8%) and 38% of respondents were unemployed. This is because most of them are pursuing their studies or looking for a job. Then, more than half the respondents are still single (76.3%) and 22.5% of participants are married. (see Table 5)

Age and Level of Information Security Awareness
In term of level of information security awareness among young Internet users by age group in Malaysia, measurement of variables was used using Likert scale. Scale 1 indicated 'not aware at all' and the awareness level increases till scale 5 which is 'very aware'. Result shows that the level of information security awareness among youth aged from 21 to 30 years indicates the highest level of awareness (mean 4.099) as compared to other two categorical age group (18-20 years & 31-40 years). The second highest mean score was age group 31 to 40 years old (mean 4.021). The lowest mean score of information security awareness was recorded from category of age 18 to 20 years (mean=3.655) (see Table 6).   Further, Kruskal Wallis H Test were used to measure the significant relationship between age and ordinal variables (Password usage, Data protection) (see Table 7). The Kruskal Wallis H Test is used because the nominal data (age) has three categories (18-20 years old; 21-30 years old; 31-40 years old). Hence, the Kruskal Wallis H Test is the most suitable non-parametric test for this current study. On the other hand, to measure the statistical significant value between age and nominal variables (Data Backup, Personal Data Sharing), cross tabulation (Cramer's V test) is used (see Table 8).   Table 8 indicates that there is a strong significant relationship between data back up and age (p=0.030). However, there is no significant relationship between age and personal data sharing (p=0.471). From Table 6, it can be concluded that young Internet users who aged from 21 to 30 years old showed more concern about information security awareness. Nevertheless, all the respondents were aware of cybercrimes, but they were not able to differentiate between the types of threats. Previous study by Wahid et al. (2021) discussed that two out of three factors (social & individual) were found to be less significant towards cyber security awareness among respondents who aged between 50 and above 60. The current study and previous study by Wahid et al (2021) shows that more awareness on information security is needed to be emphasised among young Internet users.

Conclusion and Recommendation
The main aim of this study is to determine the effect of age on the information security awareness level among young Internet users in Malaysia. This study shows that there is a strong significant relationship between password usage & age, data protection & age, and data backup & age. However, there was no any significant relationship between age and personal data sharing. It was found that Internet users are mainly young people who aged from 21-30 years old. Internet is a space which has lots of positive and negative implications as well. The negative implication while using cloud environment mostly happens when one is not aware of the online threats. Besides, based on observation, some of the respondents do not understand some of the security terms used in the questionnaire.
With the high number of research about information security awareness, nonetheless, online threats and security breaches cannot be controlled or avoided completely. There is still a lot more effort in terms of education needed to be nurtured among youth for safe Internet usage environment. On the other hand, the Malaysian government has been very helpful in handling the spike of cybercrime cases daily. However, policies and laws related to the cybercrime legislation needs to be enforced and emphasized more to create a protected cloud environment. For future researchers, it is recommended to conduct a study with a larger sample size because almost 90% of Malaysian citizens used Internet in year 2020. In conclusion, it is hoped that this current study would provide an insight to the government by educating the young generation to create a safe cloud environment for them and others as well.