The Multidimensionality Of Cyberterrorism Vulnerability Behavior Among Millennial Employees In The Government: A Sequential Exploratory Mixed-Methods Approach
Article Sidebar
Main Article Content
Abstract
The increasing adoption of e-governance in the Philippines enhances government efficiency but also increases exposure to cyberterrorism threats. This study identified and validated the dimensions of cyberterrorism vulnerability behavior among millennial employees in the government. An exploratory sequential design was employed on 1,008 respondents from the different LGU employees in Region XII using purposive sampling for In-Depth Interviews (IDI) in the qualitative phase and stratified random sampling for the survey in the quantitative phase. The Exploratory Factor Analysis (EFA) identified eight dimensions: Organizational Cybersecurity Readiness (OCR), Cyberterrorism Awareness and Risk Perception (CAR), Risky Digital Behaviors (RDB), Personal Cybersecurity Practices (PCP), Secure IT Infrastructure (SII), Perceptions of Cybersecurity Training (PCT), Shared Security Accountability (SSA), and Perceived Cybersecurity Vulnerability (PCV). Using Confirmatory Factor Analysis (CFA), it achieved a strong model fit and high reliability.
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211.
Alghamdi, A. (2022). A systematic review on human factors in cybersecurity. IJCSNS International Journal of Computer Science and Network Security, 22(10), 282. https://doi.org/10.22937/IJCSNS.2022.22.10.36
Almansoori, A., Al-Emran, M., & Shaalan, K. (2023). Exploring the frontiers of cybersecurity behavior: A systematic review of studies and theories. Applied Sciences, 13(9), 5700. https://doi.org/10.3390/app13095700
Alotaibi, R. M., Houghton, L., & Sandhu, K. (2021). Exploring cybersecurity awareness in Saudi Arabia. Computers & Security, 104, 102203. https://doi.org/10.1016/j.cose.2021.102203
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98, 102003. https://doi.org/10.1016/j.cose.2020.102003
Alzubaidi, A. (2021). Measuring the level of cybersecurity awareness for cybercrime in Saudi Arabia. Heliyon, 7(1), e06016. https://doi.org/10.1016/j.heliyon.2021.e06016
Aurigemma, S., Mattson, T., & Leonard, L. (2019). Evaluating the core and full protection motivation theory nomologies for the voluntary adoption of password manager applications. AIS Transactions on Replication Research, 5, 1–21. https://doi.org/10.17705/1atrr.00035
Bakry, M., Syatar, A., Abubakar, A., Risal, C., Ahmad, A., & Amiruddin, M. M. (2021). Strengthening the cyber terrorism law enforcement in Indonesia: Assimilation from Islamic jurisdiction. International Journal of Criminology and Sociology, 10, 1267–1276. https://doi.org/10.6000/1929-4409.2021.10.146
Bülthoff, A., & Karnowski, V. (2019). Coping with cyber risks: Exploring protective motivation and preventive measures. Cyberpsychology, Behavior, and Social Networking, 22(7), 463–471. https://doi.org/10.1089/cyber.2018.0733
Caliwan, C. L. (2023). PNP-ACG probes “massive” data breach | Philippine News Agency. Pna.gov.ph. https://www.pna.gov.ph/articles/1199811
Cattell, R. B. (1966). The scree test for the number of factors. Multivariate Behavioral Research, 1(2), 245–276.
Center for Strategic and International Studies. (2023). Significant cyber incidents. CSIS. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
Chandrika, K. L., Adiperkasa, R. P., & Ningtyas, Y. (2018). Cyber terrorism in Indonesia. Bulletin of Social Informatics Theory and Application, 2(2), 65–72.
Choi, H., Lee, Y., & Kim, J. (2021). A model of cybersecurity behavior: The role of individual and organizational factors. Journal of Information Security and Applications, 58, 102800. https://doi.org/10.1016/j.jisa.2021.102800
Civil Service Commission. (2023). Statistics and reports. CSC. https://www.csc.gov.ph/downloads/statistics-and-reports/category/426-2023
Cohen-Almagor, R. (2018). Cyberterrorism. In The SAGE encyclopedia of the internet (pp. 169–171). SAGE Publications.
Constantin, M., Bortea, A.-N., & Costovici, D.-A. (2020). Risks and vulnerabilities in digital public services: Threat of cyberterrorism vs. Romania’s cybersecurity strategy. Holistica Journal of Business and Public Administration, 11(2), 74–84. https://doi.org/10.2478/hjbpa-2020-0020
Creswell, J. W., & Creswell, J. D. (2018). Research design: Qualitative, quantitative, and Mixed Methods Approaches (5th ed.). SAGE Publications. https://extranet.ogs.edu/ogsdial/upload/OXFORD/2024/2643/resources/Creswell_2018.pdf
Dash, B., & Ansari, M. F. (2022). An effective cybersecurity awareness training model: First defense of an organizational security strategy.
Dear millennials, here is why you are a soft target for cybercriminals. (2017, October 10). The Economic Times. https://economictimes.indiatimes.com/tech/internet/dear-millennials-here-is-why-you-are-a-soft-target-for-cyber-criminals/articleshow/61020568.cms
Department of Information and Communications Technology. (2017). National Cybersecurity Plan 2022. https://dict.gov.ph/national-cybersecurity-plan-2022/
Department of Information and Communications Technology. (2019). E-Government Masterplan 2022. https://dict.gov.ph/ictstatistics/wp-content/uploads/2020/03/EGMP-2022.pdf
Dimock, M. (2019). Defining generations: Where Millennials end and Generation Z begins. Pew Research Center. https://www.pewresearch.org/fact-tank/2019/01/17/where-millennials-end-and-generation-z-begins
Fetters, M. D., & Tajima, C. (2022). Joint displays of integrated data collection in mixed methods research. International Journal of Qualitative Methods, 21, 160940692211045. https://doi.org/10.1177/16094069221104564
Fuentes, J. M., & Gono, E. R. (2023). Factors characterizing students’ attitude toward learning social studies: An exploratory factor analysis. European Journal of Social Sciences Studies, 8(4).
Ghazali, N. N., Hassan, S., & Ahmad, R. (2023). Fortifying against cyber fraud: Instrument development with the protection motivation theory. International Journal of Advanced Computer Science and Applications, 14(10).
GMA Integrated News. (2025). PH Army confirms “illegal access” attempt on cyber network. GMA News Online. https://www.gmanetwork.com/news/topstories/nation/937244/ph-army-confirms-illegal-access-attempt-on-cyber-network/story/
Gono Jr, E. R. (2024). Determining the students’ attitude towards research: An exploratory factor analysis. European Journal of Education Studies, 11(6).
Gono Jr, E. R., & Pacoy, E. P. (2021). Redefinition of the parameters of meaningful mathematics learning. Turkish Journal of Computer and Mathematics Education, 12(13), 6524–6542.
Gono, E. J., & Sales, S. L. T. (2024). Dimensionality of strategies in learning mathematics among engineering students: An exploratory factor analysis. TWIST, 19(1), 445–453. https://twistjournal.net/twist/article/view/180
Gorsuch, R. L. (1997). Factor analysis (2nd ed.). Lawrence Erlbaum Associates.
GOVPH. (2007). Republic Act No. 9372. Official Gazette of the Republic of the Philippines. https://www.officialgazette.gov.ph/2007/03/06/republic-act-no-9372/
GOVPH. (2021). Anti-Terrorism Act of 2020. Official Gazette of the Republic of the Philippines. https://www.officialgazette.gov.ph/downloads/2020/06jun/20200703-RA-11479-RRD.pdf
Herath, T. B. G., Khanna, P., & Ahmed, M. (2022). Cybersecurity practices for social media users: A systematic literature review. Journal of Cybersecurity and Privacy, 2(1), 1–18. https://doi.org/10.3390/jcp2010001
Jaymalin, M. (2023, October 19). PhilHealth: 13 million members affected by data breach. Philstar.com. https://www.philstar.com/headlines/2023/10/19/2304835/philhealth-13-million-members-affected-data-breach
John, Y. (2021). Generational differences: A quantitative study in employees' information security knowledge, attitudes, and behavioral intentions [Doctoral dissertation, ProQuest]. https://search.proquest.com/openview/f29a6688ab6b44c27feb513c835bc3f3/1?pq-origsite=gscholar&cbl=18750&diss=y
Kamalia, S., Indartono, S., & Islamiah, R. (2019, June). The role of families on internalization of the tolerance values for millennial generation to decrease the potential of intolerant conflict and radicalism behavior within the multi-religion society. In International Conference on Social Science and Character Educations (IcoSSCE 2018) and International Conference on Social Studies, Moral, and Character Education (ICSMC 2018) (pp. 316–325). Atlantis Press.
Kegler, M. C., Raskind, I. G., Comeau, D. L., Griffith, D. M., Cooper, H. L. F., & Shelton, R. C. (2018). Study design and use of inquiry frameworks in qualitative research published in health education and behavior. Health Education and Behavior, 46(1), 24–31. https://doi.org/10.1177/1090198118795018
Khan, N. F., Ikram, N., Saleem, S., & Zafar, S. (2022). Cybersecurity and risky behaviors in a developing country context: A Pakistani perspective. Security Journal. https://doi.org/10.1057/s41284-022-00343-4
Klein, G., & Zwilling, M. (2023). The weakest link: Employee cyber-defense behaviors while working from home. Journal of Computer Information Systems, 1–15. https://doi.org/10.1080/08874417.2023.2221200
Lagura, G. (2025). Towards Digital Governance Divide Index Development: Evaluating City Government Websites in the Philippines. Journal of Community Development Research (Humanities and Social Sciences), 18(1), 1–17. https://doi.org/10.69650/jcdrhs.2025.717
Lema, K., & Flores, M. (2025, February 18). Philippines reports foreign cyber intrusions targeting intelligence data, but no breaches. Reuters. https://www.reuters.com/technology/cybersecurity/philippines-reports-foreign-cyber-intrusions-targeting-intelligence-data-no-2025-02-18/
MacCallum, R. C., Widaman, K. F., Zhang, S., & Hong, S. (1991). Sample size in factor analysis. Psychological Methods, 4(1), 84–99.
Mangosing, F., & Subingsubing, K. (2024, July). PH Navy foils “hundreds” of hacking attempts. INQUIRER.net. https://newsinfo.inquirer.net/1962403/ph-navy-foils-hundreds-of-hacking-attempts
Moşteanu, N. R. (2020). Challenges for organizational structure and design as a result of digitalization and cybersecurity. The Business and Management Review, 11(1), 278–286.
Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The role of user behavior in improving cyber security management. Frontiers in Psychology, 12(12). https://doi.org/10.3389/fpsyg.2021.561011
Murray, G. R., Albert, C. D., Davies, K., Griffith, C., Heslen, J., Hunter, L. Y., Jilani-Hyler, N., & Ratan, S. (2019). Toward creating a new research tool: Operationally defining cyberterrorism.
Naidoo, R., & Jacobs, C. (2023). Cyber warfare and cyber terrorism threats targeting critical infrastructure: A HCPS-based threat modeling intelligence framework. European Conference on Cyber Warfare and Security, 22(1), 311–318. https://doi.org/10.34190/eccws.22.1.1443
National Cybersecurity Alliance. (2021). Study: Millennials and Gen Z say they are bigger victims of cybercrime. https://staysafeonline.org/press-release/study-millennials-and-gen-z-say-they-are-bigger-victims-of-cybercrime
Norton. (2016). 2016 Norton Cyber Security Insights Report. https://asia.norton.com/cyber-security-insights-2016
Oliveira, T., Thomas, M., Baptista, G., & Campos, F. (2020). Information technology adoption: Going beyond UTAUT and integrating contextual factors. Information and Management, 57(5), 103284. https://doi.org/10.1016/j.im.2019.103284
Olkin, I., & Sampson, A. R. (2001). Multivariate analysis: Overview. ScienceDirect. https://www.sciencedirect.com/science/article/abs/pii/B0080430767004721
Ozeren, S. (2005). Global response to cyberterrorism and cybercrime: A matrix for international cooperation and vulnerability assessment [Doctoral dissertation, University of North Texas]. https://digital.library.unt.edu/ark:/67531/metadc4847/
Palinkas, L. A., Horwitz, S. M., Green, C. A., Wisdom, J. P., Duan, N., & Hoagwood, K. (2015). Purposeful sampling for qualitative data collection and analysis in mixed-method implementation research. Administration and Policy in Mental Health and Mental Health Services Research, 42(5), 533–544. https://doi.org/10.1007/s10488-013-0528-y
Plotnek, J. J., & Slay, J. (2021). Cyber terrorism: A homogenized taxonomy and definition. Computers and Security, 102, 102145. https://doi.org/10.1016/j.cose.2020.102145
Ramadhan, I. (2020). Cyber-terrorism in the context of proselytizing, coordination, security, and mobility. Journal of Islamic World and Politics, 4(2). https://doi.org/10.18196/jiwp.4252
Raubenheimer, J. E. (2004). An item selection procedure to maximize scale reliability and validity. SA Journal of Industrial Psychology, 30(4), 59–64.
Reuters. (2024, February 5). Philippines wards off cyber attacks from China-based hackers. Reuters. https://www.reuters.com/world/asia-pacific/philippines-wards-off-cyber-attacks-china-based-hackers-2024-02-05/
Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93–114.
Rutledge, P., & Hogg, J. L. (2020). In-depth interviews. International Encyclopedia of Media Psychology, 1–6. https://doi.org/10.1002/9781119011071.iemp0019
Security Brief Australia. (2020). A third of millennials think they’re ‘too boring’ to be victim of cyber attack. https://securitybrief.com.au/story/a-third-of-millennials-think-they-re-too-boring-to-be-victim-of-cyber-attack
Seissa, I. G., Ibrahim, J., & Yahaya, N. (2017). Cyberterrorism definition patterns and mitigation strategies: A literature review. International Journal of Science and Research (IJSR, 6(1), 180–186.
Sulaiman, N. S., Fauzi, M. A., Hussain, S., & Wider, W. (2022). Cybersecurity behavior among government employees: The role of protection motivation theory and responsibility in mitigating cyberattacks. Information, 13(9), 413. https://doi.org/10.3390/info13090413
Trong, D., Nguyen, Shih, M.-H., Srivastava, D., Tirthapura, S., & Xu, B. (2019). Stratified random sampling from streaming and stored data. https://www.ece.iastate.edu/snt/files/2019/01/sss-edbt-2019.pdf
Tyson, B. (2018). Generational examination of the factors perceived to affect organizational cybersecurity awareness: A quantitative correlation study [Doctoral dissertation, University of Phoenix].
Uchendu, B., Nurse, J. R. C., Bada, M., & Furnell, S. (2021). Developing a cybersecurity culture: Current practices and future needs. Computers & Security, 109, 102387. https://doi.org/10.1016/j.cose.2021.102387
United Nations Office on Drugs and Crime. (2019). Cybercrime Module 14 Key Issues: Cyberterrorism. Unodc.org. https://www.unodc.org/e4j/en/cybercrime/module-14/key-issues/cyberterrorism.html
United Nations. (2015). The 17 sustainable development goals. United Nations. https://sdgs.un.org/goals
United Nations: United Nations Office on Drugs and Crime. (2013). COMPREHENSIVE STUDY ON CYBERCRIME - Draft February 2013. https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf
Valeriia, M. (2022, May). Cyberterrorism as a threat to national security of modern states. In The 11th International Scientific and Practical Conference: International Scientific Innovations in Human Life (pp. 598). Cognum Publishing House.
Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425–478.
Watkins, M. W. (2018). Exploratory factor analysis: A guide to best practice. Journal of Black Psychology, 44(3), 219–246. https://doi.org/10.1177/0095798418771807
Willie, M. M. (2023). The role of organizational culture in cybersecurity: Building a security-first culture. Social Science Research Network. https://doi.org/10.2139/ssrn.4564291
Zubko, M. (2021). Cyberterrorism: A global threat to financial institutions. Financial Markets, 2021, 145.