Risk and protective factors for intuitive and rational judgment of cybersecurity risks in a large sample of K-12 students and teachers

K-12 students and teachers are a vulnerable population for cybersecurity risks. Identifying both risk factors and protective factors associated with intuitive and rational judgment of cybersecurity risks would help them develop strategies to tackle cyber risks. A total of 2703 K-12 students and teachers from 45 GenCyber Summer Camps participated in the survey study at the beginning of the camps, and a total of 1021 K-12 students and teachers participated in the follow-up survey at the end of the camps. The Cybersecurity Judgment Questionnaire was developed and administered to assess intuitive and rational judgments of cybersecurity risks. Two major findings of the study include: (1) three significant risk factors associated with both intuitive and rational cybersecurity judgment were Age Group, Region, and Prior GenCyber Camp Experience. That is, younger students, the campers from the West region, and participants attending the camps before tended to have a lower level of cybersecurity judgment; and (2) two significant protective factors were Cyber Use Length and Current GenCyber Camp Experience, i.e., the experiences of both using computers, Internet, cellphones and participating in the current camps having significant advantages in judging cybersecurity risks intuitively and rationally. Thus, it is critical to use both the push strategy to minimize the risk factors and the pull strategy to maximize the protective factors. It is concluded with a summary of limitations and future studies, i.e., replicating the findings in regular K-12 schools, examining more risk and protective factors, conducting longitudinal studies, and studying underlying mechanisms.