Gender Differences in Information Security Management

A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks. Indeed, home users are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply and manage security across the differing technologies, operating systems and applications. Different factors such as age, education, age and gender can have an impact on information security management and awareness. This research tries to investigate and examine the effect of gender differences on information security management and online safety for internet users. An online questionnaire has been conducted and collected 434 participants (311 males and 132 females). The results show that there is a significant difference between males and females in four of the eight identified security practices and aspects. The findings show that males are likely to have better information security behaviour and being protected online more than females.


Introduction
The evolution of information technology is continuous and has become an essential part of our everyday life. Every home has at least one of these technologies from PCs, mobile phones, tablets and laptops to game consoles, smart TVs and the Internet of Things-each with different operating systems and a wide variety of online applications. ITU states that the number of internet users in the world rose from around 1 billion in 2005 to 3.90 billion in 2018 [1]. This number is highly likely to further increase and it is expected to reach 5 billion users in 2020 [2]. In addition, there are around 27 billion Internet of Things (IoT) connected devices worldwide in 2019, an increase from 15 billion devices in 2014 and it is expected to reach 75.44 billion devices by 2025 [3]. According to the Office for National Statistics [4], 90% of households in Great Britain had internet access in 2018 including 81% of British adults using smartphones to go online, 63% use laptops and 57 % have tablets to browse the internet.
Alongside this significant increase in the number of Internet users using different platforms, different devices and a wide range of online applications and services, a significant increase in cyber-related threats has also been experienced [5]. This paper focuses on investigating the role gender differences in information security awareness and behaviours. This can help in providing a better understanding for the individual differences in order to provide a better security awareness and management. This paper is organised into five sections. Section 2 presents a background and section 3 discusses the method which has been used to investigate the gender differences in information security behaviours. Section 4 presents the finding of the conducted questionnaire and the conclusion is presented in Section 5.

Background
The role of gender differences in information security behaviours and awareness has been investigated and examined by limited number of studies. However, the differences between males and females in the use of technology and digital devices have been studied and identified Broos [7], He and Freeman [8] found that females seem to be more concerned and anxious about using digital devices and information technology. It is found that men's technology usage decisions were more strongly influenced by their perceptions of usefulness. In contrast, women were more strongly influenced by perceptions of ease of use [9] [10]. It has been discovered that men have better information technology skills, knowledge and using computers more efficiently [8].
Differences have been identified between males and females in the field of information security and online safety. It is found that women are likely to be vic-tims and harmed by phishing attacks more than men [11] [12]. In addition, Gratian et al. [13] conducted a survey of 369 participants in order to identify the correlations between certain human traits and specific cyber security behavior intentions. They found that females have weaker password generation behaviors than males. In addition, it is found that females reported weaker proactive awareness intentions than males. Milne et al. [14] found that men are possible to have better privacy protecting behaviours than women. Several studies show that females are more concerned than males about different security aspects and issues [15] [16] [17].
Several studies have investigated the role of gender in information security and protection. It has been found that security behaviour and perception are influenced directly by gender differences [13] [18] [19]. While Garbarino and Strahilevitz examined gender differences in the perceived risk of buying online and the effects of receiving a site recommendation [20]. Mohamed and Ahmad [17] found females are more concerned with information privacy in social networking sites than the male group.
The above studies and findings indicate that the gender differences can have an impact on information security behavior and management. However, it was shown that there is a need to do more investigation and examination for the role of gender differences in information security management. Therefore, this study will try to provide further investigation by examining and exploring the influence of gender differences on information security management for different aspects and measures such as passwords, antivirus and back up.

Methods
The aim of the questionnaire is to measure and investigate the role of gender differences among home users in cyber security behaviour and awareness. This can help in understanding and identify differences between the two groups of users which might prevent them from managing their security controls and behaviour properly.

Target Participants
The target group of this study is home users who use digital devices such as computers, smartphones, tablets, smart TVs and watches. An online questionnaire was utilised to collect the required data. The questionnaire is designed for participants who are above 18 years of age (both genders) over different backgrounds, qualifications and experience. Respondents were informed on the first page of the survey that taking part in the survey is voluntary and their participation would be kept confidential in compliance with ethical approval rules.
The questionnaire was conducted via Qualtrics website. The questionnaire was distributed via e-mail targeting students, staff and colleagues at the University of Plymouth. In addition, social websites and applications were used to reach more participants.

The Questionnaire Structure
The first section of the questionnaire includes classification questions to determine some demographic information, such as gender, age, qualification level and level of IT skills. The second part contains perception questions to investigate and understand how the participants implement, manage and controls the following security measures and controls in their digital devices: • Security controls for all the digital devices used by the participants.
• Operating system security.
• Internet browser security.
• Applications security and management.
• Security and management of the access points.

Responses Types
In this survey, all the provided questions were open-ended questions which need to be answered in accordance with the perceptions of the participants. The Likert-type scale, which is developed by Dr Rensis Likert at the University of Michigan, is one the most common tools used for assessing the opinion of the respondents [21]. Therefore, the participants were asked to measure their security behaviour and practices for different aspects and items in the questionnaire on a Likert-type scale, 5 points ranging from 1 to 5 as the following: always, very often, sometimes, rarely and never.

Validation of the Questionnaire
It argued that it is important to do a pilot survey in order to improve efficiency [22]. In addition, it helps to identify and fix any potential problems or issues in any section in the survey before starting the main study. In addition, it helps the researcher to determine whether the used approach and techniques would get reliable and accurate results. Therefore, the first pilot test was conducted with 8 researchers in the domain of information security. The second pilot test was conducted with 5 home users in order to get their feedback and suggestions about the questionnaire's aspects. Minor suggestions and changes were collected from the two pilot tests in terms of language and structure which can make the questionnaire easier to understand.

Conducting the Questionnaire
An online distribution technique was used in the study in order to cover the required sample size. The questionnaire was conducted via Qualtrics website. This F. Alotaibi, A. Alshehri web survey tool facilitates the distribution of the questionnaires with an appropriate link or QR code. In addition, it helps to monitor the received participation and provide the researcher with an initial report. The questionnaire was distributed via e-mail targeting students at different universities. In addition, social websites and applications were used to reach more participants and home users.

Results
A total of 434 completed responses have been received and used in the study.
The analysis of the survey shows that around 71% of the participants are males (311 participants) whilst the remaining respondents are females (132 participants). As is shown in Table 1, males are implementing and managing their security controls and measures more frequent than females. For example, only 2.3% of males never use or manage password settings in their digital devices while 5.7% of females never manage their passwords. In addition, it can be seen that security settings in internet browsers are always managed and checked by 23.2% of the males (mean = 3.36) and 13.8% of the females (mean=2.96). Furthermore, 5.1% of males never install or manage their anti-virus software while 14.6% never install antivirus in their digital devices.
As it can be seen in Table 2, there is significant difference between males and females in four of the eight security behaviours. There is a significant difference in the frequency of installing and managing antivirus software protection between males and females (χ 2 (2, N = 434) = 12.814, P = 0.012). It is also noticeable that there a significant difference between males and females in managing and securing their operating systems more frequently (χ 2 (2, N = 434) = 12.663, P = 0.013). There is also a significant difference in implement and managing security in internet browsers between males and females (χ 2 (2, N = 434) = 13.284, P = 0.010). In addition, a significant difference is found between males and females in managing and securing access points (modems) more frequently. However, no significant difference is found between males and females in using and managing passwords (χ 2 (2, N = 434) = 6.324, P = 0.176), backups (χ 2 (2, N = 434) = 5.277, P = 0.260), applications security (χ 2 (2, N = 434) = 8.704, P = 0.069) and parental controls (χ 2 (2, N = 434) = 7.362, P = 0.118). Table 3 presents level of IT skills which are owned by the participants. It can be noticed that males have better skills in dealing with technology and digital devices than females. For example, only 10.8% of males have poor skills while 20.9% of females have poor skills in technology. The result of chi-square tests shows that there is a significant difference in the level of IT skills between males and females (χ 2 (2, N = 434) = 9.124, P = 0.031).

Conclusions
In this research, we tried to examine the effect of gender differences on information security behaviour and online safety for internet users. Several studies have been discussed which show that how gender differences can have an impact on cyber security behaviour and awareness. The required data has been collected from 434 participants with a verity of backgrounds in terms of gender, age, there is a significant difference between males and females in four of the eight identified security practices and aspects. The findings show that males are likely to have better information security behaviour and being protected online more than females.
The outcomes of this research can improve the field of behavioural information security and cyber security awareness. These results, gender differences, can be considered during establishing security awareness campaigns, security education and training in order to achieve the main goals by improving security behaviour and awareness.