READ ME File For 'Private Citizen Perceptions of Cybersecurity' Dataset DOI: https://doi.org/10.5258/SOTON/D2946 Date that the file was created: November, 2023 ------------------- GENERAL INFORMATION ------------------- ReadMe Author: Brian Pickering, University of Southampton [https://orcid.org/0000-0002-6815-2938] Date of data collection: November, 2021 Information about geographic location of data collection: UK residents (via Profilic.co) Related projects: H2020 ProTego (grant agreement No. 826284) -------------------------- SHARING/ACCESS INFORMATION -------------------------- Licenses/restrictions placed on the data, or limitations of reuse: CC BY 4.0 (https://creativecommons.org/licenses/by-sa/4.0/deed.en) Links: The questionnaire is available at https://zenodo.org/records/7589508 -------------------- DATA & FILE OVERVIEW -------------------- This dataset contains: a single XLSX workbook, including information about the data (Sheet: NOTES describes the fields Sheet: Raw Data contains the raw data Sheet: LOOKUP shows the categories for self-reported demographics (Gender Identity, Age Group, Cybersecurity expertise) Sheet: PMT Questions lists the assertions adapted from a previoulsy validated Protection Motivation Theory instrument) -------------------------- METHODOLOGICAL INFORMATION -------------------------- A crowd-sourced balanced cohort of 798 UK residents from Prolific.co responded to an anonymous survey hosted on Qualtrics; plus two non-UK residents (colleagues from the H2020 ProTego project; marked as "DIRECT" in Column A) NB responses were collected on two separate occasions: (a) Nov 2021 (the first 500 respondents) (b) Dec 2021 (the second 300 respondents) Participants were asked to read a short passage about cybersecurity threats, subsequently, they were randomly assigned to one of four contexts: (1) They were asked to rank the seriousness of common threats (2) They were asked to rank the effectiveness of common cybersecurity mitigations (3) They were asked to match mitigation to threat (4) They were asked to identify who might be responsible for implementing the mitigation This was followed by a set of assertions Assertions were derived from a previously validated PMT instrument (Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computer & Security,31(1), 83-95. https://doi.org/10.1016/j.cose.2011.10.007) Finally, participants were asked to self-report demographic categories; and were given an opportunity to leave any comments -------------------------- DATA-SPECIFIC INFORMATION -------------------------- Refer to the Sheet: NOTES NOTE: the matching task ((3) above) provided problematic for the first cohort (500); therefore, the survey was modified and rerun for an additional cohort of 300 respondents; individuals were randomly assigned to two matching conditions - one contained short descriptions of the threats and mitigations; the second contained more discursive descriptions of the threats and mitigations None of the questions was mandatory; in consequence, there may be missing responses. Response times (time taken to respond to the survey) is also provided.