Sage Journals: Discover world-class research

Abstract

Cognitive processes, including understanding, thinking, and interpretation, are necessary to influence safe behaviour in cyberspace. However, among Technical and Vocational Education and Training (TVET) youth, educational focus prioritises technical skills development over cognitive and digital skills. Furthermore, systematic and coherent approaches are lacking to provide students with consistent, quality learning experiences that enhance their understanding of cyber ethics. The research model integrates the cognitive appraisal components based on the Protection Motivation Theory (PMT) with three social learning strategies: cyber ethical digital games, lecturer reminders, and motivational impact of achievement certificates, to understand TVET youth ethical decision-making in cyberspace refers to PAPA model (privacy, accuracy, property, and accessibility). The research employed a quantitative approach using a survey method with questionnaire instruments for data collection, with a random sample of 340 respondents selected from six community colleges around Selangor. Partial least squares structural equation modelling (PLS-SEM) analysis through SmartPLS version 4 software was used to analyse hypotheses and validate the developed model. Hypothesis testing revealed that 12 out of 14 hypotheses were significant, with Perceived Severity (PS), Self-Efficacy (SE), and Response Efficacy (RE) suggesting relationships in TVET youth’s cyber ethical behaviour. The three social learning strategies also demonstrated significant relationships with cyber threats’ appraisal and response processes. The developed Cyber Ethical Behavioural (CEB) model enhances the understanding of TVET youth’s cyber ethical behaviour and promotes the coordination of cyber ethics knowledge enhancement in TVET institutional environments, aligning with new technological developments such as Artificial Intelligence (AI).

Plain Language Summary

How Social Learning and Thinking Processes Shape Ethical Digital Behaviour Among Technical Education Students

This research explores how TVET (Technical and Vocational Education and Training) students make ethical decisions in digital spaces. While TVET programs focus heavily on technical skills, they often overlook the cognitive skills needed for safe digital behavior. The study aimed to understand how different learning approaches could help students make better ethical choices in cyberspace. The research model integrates the cognitive appraisal components based on the Protection Motivation Theory (PMT) with three social learning strategies: cyber ethical digital games, lecturer reminders, and motivational impact of achievement certificates, to understand TVET youth ethical decision-making in cyberspace refers to PAPA model (privacy, accuracy, property, and accessibility). They examined how these affected students’ ethical decisions about privacy, accuracy, property, and accessibility in the digital environment. The study surveyed 340 students from six community colleges in Selangor, Malaysia using questionnaires. Through questionnaires, the study collected data from 340 students across six community colleges in Selangor. Statistical analysis revealed strong support for 12 out of 14 research hypotheses. Notably, the three learning strategies demonstrated significant effectiveness in improving students’ understanding and response to cyber threats. The resulting Cyber Ethical Behavior model provides TVET institutions with a structured approach to teaching cyber ethics that remains adaptable to emerging technologies like AI.

Keywords

informal learning social learning strategies cyber ethics cognitive process

Introduction

New technological evolutions such as Artificial Intelligence (AI) and Internet of Things (IoT) applications are introduced to protect cyberspace from cyber threats that cause different harm to individuals, organisations, the economy, social harmony, and national security. However, using technology alone is insufficient to protect against cyber threats. Experts estimate that approximately 80% of cyber attacks result primarily from human behavioural errors (Amoresano & Yankson, 2023). Notably, seemingly innocuous human behaviours, such as posting social media status updates and leaving comments, can inadvertently expose users to cyber stalkers and compromise security. Moreover, sharing unverified current information can lead to misunderstandings and create societal confusion. Therefore, creating a safer cyber ecosystem requires a fundamental understanding of how humans respond to initiatives to improve compliance and behaviour in the face of escalating cybersecurity risks.

In the context of cyber technology development and internet usage, cyber ethical behaviour represents moral principles that limit human conduct from actions that could harm others. According to Xiang and Hasbullah (2023) and Harris (2022), cyber ethics encompasses moral aspects that touch on cyber-human values. Cyber human values serve as the foundation for evaluating actions taken toward oneself and others to rationalise attitudes and behaviours. The characteristics of cyber human values include respect, honesty, responsibility, peace, tolerance, and taking actions that align with basic human values (Xiang & Hasbullah, 2023). Therefore, this study defines cyber ethical behaviour as behavioural decisions based on cyber human values to establish healthy relationships, protect and prevent the misuse of others’ rights, and create well-being and security in cyberspace.

Statistics released by the Malaysian Communications and Multimedia Commission (MCMC) in 2022 revealed that young people, particularly post-secondary students in colleges and universities, represent the largest percentage of cyberspace users at 70.7%, as summarised in Table 1. The report also revealed that youth aged 18 to 24 spend the longest time in cyberspace, averaging 5 to 8 hr, with some users spending up to 18 hr online. Cyberspace has become an essential resource for TVET youth for academic purposes and social communication. However, they can easily become involved in unethical and irresponsible actions, especially with the creators of easily accessible and shareable online content, such as audio, video, and graphics, which can challenge their ability to make rational decisions. Even though these factors alone do not necessarily cause such behaviour, if cyber ethical behaviour is not given the attention it deserves, it may become normalised, reducing graduates’ sensitivity to cyber human values. This could lead to security vulnerabilities for others and organisations in their future employment sectors.

Table 1.

Statistics on the Use of Cyberspace by Students in Educational Institutions (MCMC, 2022).

Educational institution	2016 (%)	RSE	2020 (%)	RSE	2022 (%)	RSE
College/university	67.4	3.4	79.9	2.2	70.7	4.7
Secondary school	31.6	7.3	11.0	12.5	21.6	13.9
Primary school	0.9**	52.2	0.2**	63.1	7.5*	25.7

Note. RSE = relative sampling error.

Estimate has a relative standard error (RSE) between 25% and 50% and should be used with caution. **Estimate has a relative standard error (RSE) greater than 50% and is considered unreliable.

Ethical and responsible behaviour in cyberspace is directly linked to an individual’s cognitive ability to interpret, evaluate, and understand cyber threats. This necessitates continuous education to guide ethical and responsible online behaviour among TVET youth. However, preliminary studies at several TVET institutions reveal that cyber ethical behaviour is not consistently emphasised in their formal curriculum structure. Despite various awareness initiatives, including radio interviews, the National Principles Appreciation programme, campaigns for responsible social media use, and the NETHICS campaign promoting good social media ethics through webinars, there remains a lack of systematic and coherent approaches to provide students with consistent, quality learning experiences in cyber ethics. Consequently, many students remain unaware that their online behaviour, particularly on social media, significantly influences employers’ hiring decisions (BERNAMA, 2024).

This study uses the PAPA model, which includes privacy, accuracy, intellectual property, and accessibility, to understand the cognitive process in cyber ethical behaviour among TVET youth. The survey results discovered that the cyber ethical behaviour of youth, based on the PAPA model, is not comprehensive. Most studies focus on only one or two PAPA issues at a time, and most studies among youth focus on cyberbullying issues (Durak, 2019; J. Ma et al., 2024; Park & Bae, 2025), privacy (Zani et al., 2025) and interactions on social media (Baig & Nasreen, 2024; Dunmade, 2023; Kilicer et al., 2017; K. Mahmud et al., 2024; Saeed, 2019). In addition, studies on cognitive processes in cyber ethical behaviour models are still limited. Most behavioural models of information security protection associate cognitive processes with security policy compliance behaviour (Boyett, 2020; Hina et al., 2019; Quoc & Huu, 2023), the use of security software and hardware (L. Li et al., 2022), and password setting (Farooq et al., 2021; Mwagwabi & Jiow, 2021). Since cognitive processes involve thinking and judgment, information sources through non-formal learning are connected in the study model to determine appropriate learning strategies for cyber ethics education across the current curriculum. In particular, non-formal learning aims to develop students’ potential as a complement or substitute for formal education through the mastery of knowledge and skills (Syaadah et al., 2023). Some previous studies have referred to non-formal learning through Social Learning Theory (SLT) by Bandura (1986), who argued that learning occurs mainly through observing and imitating models in social settings. However, there is still a gap in the study of social learning strategies on students’ cognitive skills in cyber threat appraisal since most of the identified social learning strategies are more applied in the context of employees (Hina et al., 2019; Liang et al., 2023; Sepp, 2023) and public users (Justitia et al., 2022; Yuen et al., 2020).

In this study, we explored the relationship between social learning strategies and students’ threat and coping appraisal processes, as outlined in PMT. Therefore, this study aims to answer two research questions: “What is the relationship between the cognitive processes of TVET youth in cyber ethical behaviour?” and “How are social learning strategies related to students’ cognitive processes in promoting ethical behaviour in cyberspace?” We then developed a model of cyber ethical behaviour and gathered the perceptions of TVET youth at Malaysian Community Colleges regarding the relationship between cognitive processes and social learning strategies in cyber ethical behaviour. Accordingly, we constructed a theoretical model using Protection Motivation Theory (PMT) to examine and explain the cognitive processes of TVET youth when they engage in cyber ethical behaviour. In this context, cognitive processes refer to how TVET youth evaluate potential cyber ethical violations, take steps to avoid involvement, and employ coping strategies to deal with these threats.

The paper is organised as follows: We first present the study highlights, research model, and hypotheses, followed by the methodology and empirical results. We then discuss the findings, contributions, and implications, concluding with recommendations for future research.

Study Highlights

The PAPA model was developed by Manson in 1989, and although it has been three decades, the PAPA model is still used in recent studies (Aderibigbe et al., 2021; Başaran & Rukundo, 2018; Ndumbaro, 2018). Table 2 summarises the definition of cyber ethical issues based on the PAPA model by Mason (1986), cyber human values and the significance of behaviour in cyberspace for the protection of self and other people.

Table 2.

Summary of Cyber Ethical Issues Based on the PAPA Model, Cyber Human Values and the Importance of Behaviour in Cyberspace.

No.	Cyber ethical issues	Definitions	Cyber human values	Interests	Sources
1	Privacy	Cyber ethical behaviour to protect the confidential and personal information of others	Respect	Defending dignity and avoiding harm to others	Prathomwong and Singsuriya (2022)
1	Privacy		Honesty	Do not misuse other people’s details for your benefit	Yaokumah (2020)
2	Accuracy	Cyber ethical behaviour to ensure the information shared and communicated is accurate, to avoid confusion	Patience	Consideration to be careful and not hasty in making any information sharing, so as not to cause confusion and the spread of inaccurate information	Snoussi et al. (2021)
2	Accuracy		Honesty	Will not misrepresent information and disclose information collected in a manner that fosters an accurate understanding of others	Kołodziej et al. (2022)
3	Intellectual Property	Behaviour to prevent the misuse of intellectual property belonging to others	Respect	Related to issues of justice and compliance with the law	Althibyani and Al-Zahrani (2023)
			Responsibility	Protect the rights of others from being misused
			Honesty	Do not misuse others’ intellectual property for personal gain	Dumas-Mallet and Gonon (2022)
4	Accessibility	Behaviour to prevent system hacking activities and unauthorised access	Responsibility	Adhere to the trust given by others to protect information and information systems	Aiken et al. (2024)

Table 2 identifies four core ethical issues: privacy, accuracy, property, and accessibility. They are viewed through the lens of cyber human values, guided by value-based ethical reasoning. Recent literature argues that alignment between values such as respect, honesty, responsibility, and patience shapes safe and ethical behaviour in cyberspace. For instance, the issues of privacy and intellectual property are both anchored in the value of respect, which is conceptualised as adherence to legal compliance (Althibyani & Al-Zahrani, 2023) and highlights the ethical obligation to prevent harm to others (Prathomwong & Singsuriya, 2022). Similarly, the concept of honesty emerges across multiple ethical domains (privacy, accuracy, and intellectual property), with a typical application: to prevent the misuse of others’ data and ownership through acts such as information falsification (Yaokumah, 2020), plagiarism, digital content manipulation, and violations of copyright (Dumas-Mallet & Gonon, 2022) and online identity (Kołodziej et al., 2022).

The overlap of values across ethical domains suggests that honesty and the other three human values identified in this study, responsibility, respect, and honesty, are foundational in guiding ethical cyber behaviour. However, based on the Protection Motivation Theory (PMT) framework, a key question arises: to what extent do cognitive processes such as threat appraisal and coping appraisal among youth support the consistent internalisation and application of these values when engaging in digital interactions?

Protection Motivation Theory (PMT)

PMT offers a valuable lens for understanding how individuals assess cyber risks and determine appropriate behavioural responses. This theory refers to the cognitive abilities of individuals and the processes that mediate certain behaviours in response to danger (Shevchenko et al., 2023). The cognitive abilities involve the belief that the recommended delaying response can effectively prevent the occurrence of an aversive event (Rogers, 1975). For instance, when individuals perceive a cyber threat, they engage in two key cognitive processes such as threat appraisal and coping appraisal, which guide their motivation to adopt protective behaviour (Sulaiman et al., 2022).

Some recent studies have demonstrated the potential of PMT in predicting human behaviour for security protection, such as information security behaviour (Sharma & Aparicio, 2022; Torten et al., 2018) and cybersecurity (Sulaiman et al., 2022). Based on PMT, threat appraisal refers to the consideration of how negative the consequences of the threat (Perceived Severity, PS) and the possibility that the threat will occur in a way that will affect them directly, which is through the perception of weakness (Perceived Vulnerability, PV) (Rogers, 1975). Meanwhile, in coping appraisal, a person assesses whether engaging in the recommended action will eliminate the threat (Response Efficacy, RE), their level of confidence in acting (Self-Efficacy, SE), and the cost involved (response costs) (Rogers, 1975). Thus, threat and coping appraisal can lead to ethical behaviour through mechanisms such as denial or avoidance.

In this study’s context, not all components of the cognitive process were included. Based on the frequency of use and the significant relationship between the components in previous studies, four PMT components were selected: PS, PV, SE, and RE. The reward and response cost components have been underutilised in past studies. Notably, several cybersecurity and information security studies have been identified for not integrating these components into their security compliance behaviour model (Song et al., 2024; Sulaiman et al., 2022). Moreover, the reward component has a misleading interpretation since the consideration to perform inappropriate behaviour relies on the reward received from the action taken. Regarding response cost components, financial, time, and effort cost requirements in cyber ethical behaviour involving moral judgments are complex to interpret. Compared to cybersecurity and information security, consideration of response costs in terms of the need for financial costs, time, and effort in using anti-virus software or firewall hardware can be observed.

Social Learning Theory (SLT)

Bandura’s (1977) Social Learning Theory (SLT) provides a foundational framework for understanding how external cues influence individual attitudes and behaviours through observational learning. Rather than relying solely on direct experience, SLT posits that individuals acquire new behaviours by observing others in informal social contexts, cognitively processing those stimuli through mechanisms such as attention, retention, reproduction, and motivation. This reciprocal interaction between cognitive, behavioural, and environmental factors makes SLT particularly relevant for exploring how ethical behaviour is shaped in non-formal learning settings.

While SLT has been widely applied in fields such as entrepreneurship (Wasim et al., 2024), STEM education (Chiu et al., 2023), and health communication (Liu et al., 2022), its use in understanding digital moral behaviour—particularly in the context of cyber ethics among TVET youth—remains limited. This study addresses that gap by applying SLT to investigate how informal learning strategies can enhance cognitive processing toward ethical decision-making in cyberspace. The integration of three social learning strategies, such as cyber ethical digital games, lecturer reminders, and the motivational impact of achievement certificates, is grounded in the four sources of self-efficacy expectations proposed by Bandura: performance accomplishments, vicarious experiences, verbal persuasion, and emotional arousal.

Unlike traditional compliance settings where behaviour change is often driven by technical policies or rule enforcement, this study emphasises internalising ethical values through peer modelling, reflective engagement, and positive reinforcement. For instance, cyber ethical digital games provide vicarious and experiential learning through role simulations; lecturer reminders represent structured verbal persuasion that supports moral reasoning; and achievement certificates tap into performance accomplishments to reinforce positive behaviour. Moreover, this study highlights the emotional and cognitive interplay in social learning, particularly how vicarious experiences influence emotional control and ethical self-regulation (Müllner-Huber et al., 2022). Thus, the model developed in this study applies SLT in a new context and extends its application by integrating cognitive processes into the cyber environment to guide the development of safe and ethical online behaviour.

Research Model and Hypotheses Development

The research model is presented in Figure 1. Cyber ethical behaviour is directly influenced by threat appraisal, which consists of PS and PV, while coping appraisal consists of SE and RE. Three social learning strategies are used in this study: cyber ethical digital games, which are connected to the cognitive processes of PS, PV, SE, and RE. Meanwhile, the lecturer’s reminder affects the same four constituents, while the motivational impact of the achievement certificate affects two components of the cognitive process: SE and RE.

Figure 1.

Research model.

The research model developed in Figure 1 comprises 14 hypotheses, which will be elaborated in the following section.

Hypotheses Development

PS can be defined as an individual’s assessment of the consequences or threats associated with an event (Rogers, 1975). The higher the perceived threat, the more likely online users will take precautions. In the context of this study, assessing severity in terms of threats and harm to themselves or others influences students to practice ethical behaviour in cyberspace. This is attributed to the severity of the detected threat, which will increase the user’s desire to take action to reduce the threat through behaviour control. Based on these assumptions, the following hypothesis is developed:

H1: Perceived severity (PS) significantly influences the cyber ethical behaviour of TVET youth.

PV reflects an individual’s apprehension about cyberattacks and their perceived inability to implement adequate preventive measures (Rogers, 1975). It represents the degree to which a person believes they are susceptible to a specific threat (Muhammad et al., 2022). PV has been shown to influence employee information security behaviour significantly (Humaidi & Alghazo, 2022; X. Ma, 2022). However, research findings concerning PV among students in the context of information security behaviour are less consistent. For example, Zulkiplee et al. (2025) reported a positive relationship between PV and secure behaviour, whereas Mwagwabi and Jiow (2021) and Bottyán (2024) found a negative association. Despite these mixed results, the direction of the relationship remains theoretically consistent with the Protection Motivation Theory (PMT) assumptions. Based on this theoretical foundation, the hypothesis of this study is:

H2: Perceived vulnerability (PV) significantly influences the cyber ethical behaviour of TVET youth.

Self-efficacy (SE), defined as an individual’s belief in their ability to effectively manage cyber threats through appropriate preventive measures (Rogers, 1975), has been widely recognised as a critical determinant of secure behaviour. Research has demonstrated a consistent positive relationship between SE and information security behaviour across professional and educational contexts. Among employees, studies by L. Li et al. (2022), X. Ma (2022), and Sulaiman et al. (2022) highlight how high SE contributes to greater adherence to cybersecurity protocols. Similarly, investigations involving students (Alam et al., 2025; Mwagwabi & Jiow, 2021; Thompson & Oldfield, 2024) reinforce the role of SE in fostering secure and responsible online conduct. These consistent findings suggest that individuals with higher SE are more resilient and proactive in mitigating cyber risks. Indicated a positive relationship of SE in safety behaviour. As previous researchers emphasised, strong self-efficacy enhances individuals’ coping mechanisms when facing challenges and facilitates positive behavioural changes related to personal protection (Y. Chen et al., 2023; Norman & Kpeglo, 2023). These insights underscore the potential of SE to influence ethical behaviour in cyberspace, particularly among TVET youth. Based on this synthesis, the following hypothesis is proposed:

H3: Self-efficacy (SE) significantly influences the cyber ethical behaviour of TVET youth.

RE is the degree to which individuals believe that the recommended response will effectively reduce the threat to them (Rogers, 1975). However, previous studies examining the influence of RE on users’ password compliance behaviour have yielded diverse results. For instance, Simon et al. (2025) reported a significant positive effect, whereas Dodge et al. (2023) found no such relationship. In contrast, studies conducted in workplace settings consistently demonstrate that RE significantly influences information security compliance behaviour among employees (L. Li et al., 2022; Menard et al., 2017; Mwagwabi & Jiow, 2021). Drawing upon the assumptions of Protection Motivation Theory (PMT) and these varied outcomes, it is posited that students’ beliefs about the effectiveness of recommended responses—particularly in avoiding the negative consequences of unethical cyber behaviour—may shape their ethical actions in cyberspace. Accordingly, the following hypotheses are proposed to examine the relationship between response effectiveness and cyber ethical behaviour:

H4: Response efficiency (RE) significantly influences the cyber ethical behaviour of TVET youth.

Digital games (DGs) are gaining increasing traction among educators in both skills training and Higher Education Institutions (HEIs) due to their ability to simulate real-world scenarios in engaging, interactive visual formats. This approach captures students’ attention and facilitates deeper understanding through experiential learning. In cybersecurity, Alqahtani et al. (2020) demonstrated that DGs can effectively raise awareness and influence user behaviour to mitigate cyber threats. Beyond cybersecurity, studies in various domains have highlighted the pedagogical potential of DGs. For instance, Fatma Sukmawati et al. (2025) and Gruber and Faßbender (2025) found that DGs stimulate curiosity and engagement in STEM education. Similarly, research in entrepreneurship (Casau et al., 2023) and fire safety training (Kwok et al., 2022; Metallinou, 2022) shows that DGs provide immersive experiences that enhance learning outcomes. These findings suggest that DGs focused on cyber ethics can serve as powerful tools for social learning, offering realistic simulations of ethical dilemmas and behavioural threats in cyberspace. Such experiences can evoke emotional responses, shaping students’ ethical decision-making in real-life digital contexts. Supporting this view, psychological research by Hauke and Pokoyski (as cited in Scholl, 2018) indicates that emotional involvement enhances conceptual understanding. In light of these insights, this study proposes a hypothesis linking cyber ethics DGs’ use to activate cognitive processes underlying ethical behaviour in cyberspace.

H5: Cyber ethical digital games (DG) positively influence perceived severity (PS) towards cyber ethical behaviour of TVET youth.

H6: Cyber ethical digital games (DG) positively influence perceived vulnerability (PV) towards cyber ethical behaviour of TVET youth.

H7: Cyber ethical digital games (DG) positively influence self-efficacy (SE) towards cyber ethical behaviour of TVET youth.

H8: Cyber ethical digital games (DG) positively influence response efficacy (RE) towards cyber ethical behaviour of TVET youth.

Persuasive messages, such as warnings about the dangers of weak cybersecurity protection, often make headlines in the cybersecurity field. This message serves as a reminder that something should be done; however, very few of these messages tell what to do. In the context of behaviour in cyberspace, a more specific and clearer reminder from the closest people is crucial. Accordingly, LR is a source of verbal persuasion through persuasive messages that can guide students’ cognitive processes in cyberspace, which requires high-level thinking. Persuasive messages, also known as persuasive communication, significantly impact an individual’s confidence and ability to perform protective behaviours to defend themselves from threats Mourali et al., 2023). When faced with the temptation to engage in unethical cyber behaviour, lecturer reminders can indirectly shape students’ responses by promoting caution and ethical decision-making. Based on the above, four hypotheses are developed to link LR with threat and coping appraisal in cyber ethical behaviour:

H9: Lecturer reminders (LR) positively influence perceived severity (PS) towards cyber ethical behaviour of TVET youth.

H10: Lecturer reminders (LR) positively influence perceived vulnerability (PV) towards cyber ethical behaviour of TVET youth.

H11: Lecturer reminders (LR) positively influence self-efficacy (SE) towards cyber ethical behaviour of TVET youth.

H12: Lecturer reminders (LR) positively influence response efficacy (RE) towards cyber ethical behaviour of TVET youth.

Effectively providing tangible rewards increases motivation and performance, especially for tasks that may not be immediately attractive. According to X. Li et al. (2022), student motivation is vital at the higher education level since it is the basis for their achievement in the professional life they pursue. Ronald (1985) asserted that a person’s motivation to perform an act in the future is if he gets a reward for that act (positive reinforcement). In this study, certificates of achievement for students who demonstrate ethical behaviour in the cyber world while at educational institutions, and awareness of cyber security is a significant reward. This certificate confirms the student’s commitment to ethical online behaviour and helps develop performance and responsibility that impact their professional career. Studies related to student behaviour suggest that giving certificates motivates student’s performance (Ostermaier, 2018), engagement (Dogan, 2015; Nayir, 2017), and learning behaviour (Phungphai & Boonmoh, 2021). Therefore, two hypotheses are developed to observe the student perception of the motivation impact of the achievement certificate on their SE and RE towards cyber ethical behaviour:

H13: Motivational impact of achievement certificates (AC) positively influences self-efficacy (SE) towards cyber ethical behaviour of TVET youth.

H14: Motivational impact of achievement certificates (AC) positively influences response efficacy (RE) towards cyber ethical behaviour of TVET youth.

Research Methodology

This study employed a cross-sectional design, in which data were collected at a single point in time using a structured questionnaire administered to TVET students. This approach was chosen because the aim was to examine the relationships between cognitive processes, social learning strategies, and cyber ethical behaviour, rather than to observe changes over time. The cross-sectional design also allowed for efficient data collection from a large sample within the limited timeframe and resources of the study (Thomas, 2020). Questionnaires require students to think independently to answer a question and are easy to process and synthesise. The detailed questionnaire items for each construct are provided in Appendix A.

Participants

This study involved students from Community Colleges in the Selangor zone who were enrolled in certificate-level programs. Selangor was selected as the accessible population due to its high student density, strategic location near the national administrative centre, and established role as a pilot zone for policy implementation by the Department of Community College Education (JPPKK). Seven of the 11 Community Colleges in Selangor were categorised as urban institutions and four as rural. Based on Krejcie and Morgan’s (1970) sample size table, the minimum required sample was 335 students from the total accessible population of 2,574.

To ensure a balanced and representative sample, stratified random sampling was applied. Samples were drawn from six colleges—three urban and three rural—selected based on stratified criteria, including geographic classification and enrolment size (with only colleges having more than 100 registered students deemed eligible). Within each selected college, participants were recruited proportionally according to student enrolment, ensuring equal selection probability. A target of 168 students was set per zone category. In total, 377 responses were collected, but after data cleaning to exclude incomplete or invalid entries, 340 valid responses were retained for final analysis. This rigorous sampling strategy enabled the collection of a diverse and representative dataset reflecting urban and rural student populations.

Questionnaire Development

The questionnaire is divided into two main parts. Part I of the question is a closed Likert scale type. The Likert scale is used since it has an even format, which makes it easier for the researcher to analyse the data obtained. Meanwhile, Part II uses nominal and ordinal data, which include demographic factors such as gender, ethnicity, religion, age, specialisation, semester, college community, internet usage time, and user feedback regarding awareness of the importance of cyber ethics for cybersecurity protection. The survey instrument was developed by adopting questions from previous research and adapting them to the context of the study, while also including new questions for constructs that previously lacked question items. The questionnaire was developed in Bahasa Malaysia. The questionnaire requested respondents to answer each item using a 5-point Likert scale ranging from (1) strongly disagree to (5) strongly agree. A 5-point Likert scale makes it easier for respondents to understand and make more accurate answer choices.

To ensure clarity and gather valuable feedback, this study employs three types of validity: face validity, content validity, and construct validity, to eliminate any ambiguous questions from the survey. Face validity ensures the items’ clarity, question appropriateness, adequate response time, and, most importantly, that they measure what they are intended to measure. To assess face validity, three experts evaluate the questionnaire using a dichotomous scale: “Suitable” and “Not Suitable” refer to Patel and Desai (2020). As a result of the face validity assessment, lengthy questions were shortened, ambiguous terms were clarified, and synonymous English words were used for better understanding. Meanwhile, content validity was further assessed to ensure that the measured domain fully represents the intended content. The Content Validity Index (CVI) was used to determine whether each question item met a predetermined validity threshold (Bohari et al., 2022). Three experts evaluated the questions, rating each item using the scale proposed by Davis (1992): 1 = Not suitable, 2 = Needs modification, 3 = Suitable but needs refinement, and 4 = Suitable. Following Koohi Rostami and Jahnifar (2022), ratings were recorded as 1 (for relevance scales 2 or 4) or 0 (for relevance scales 1 or 2) before calculating the CVI. The calculation results indicated that all question items achieved a value of 1, as recommended by Polit and Beck (2006) for studies involving three experts. However, several question items were revised based on expert feedback and suggestions.

Construct validity aims to observe how well an instrument accurately measures what it is supposed to measure before the test is deemed valid. A pilot study was conducted at Selayang Community College with the Selangor State Peer Counselling Psychology Programme. A total of 42 forms were completed for analysis. To determine the level of reliability of the developed questionnaire, the data obtained from the pilot study was analysed using Statistical Package for Social Sciences (SPSS) software version 27. The internal consistency reliability, as measured by Cronbach’s Alpha coefficient, is summarised in Table 3.

Table 3.

Reliability Analysis of Research Instruments.

No.	Construct	Number of indicators	Reliability statistics (Cronbach’s alpha)
1	Perceived severity (PS1–PS4)	4	.834
2	Perceived vulnerability (PV1–PV4)	4	.834
3	Self-efficacy (SE1–SE4)	4	.866
4	Respond efficacy (RE1–RE4)	4	.820
5	Lecturer reminders (LR1–LR4)	4	.924
6	Cyber ethical digital dames (DG–DG4)	4	.891
7	Motivational impact of achievement certificates (AC1–AC4)	4	.726
	Cyber ethical behaviour (CEB)
8	Privacy (P1–P5)	5	.964
	Accuracy (ACC1–ACC5)	5	.954
	Intellectual property (IP1–IP4)	4	.944
	Accessibility (ASS1–ASS4)	4	.867

The reliability analysis results, summarised in Table 3, show that the Cronbach’s alpha values for all constructs exceeded 0.7, indicating acceptable internal consistency. In addition to statistical analysis, three students were asked to provide feedback on item clarity. Based on their input and the reliability results, several items were refined. The final version of the instrument consisted of 46 items. Construct validity, including convergent and discriminant validity, was further evaluated during the main study using Confirmatory Factor Analysis (CFA) with a larger sample (n = 340), as reported in Section “Measurement Model.”

Data Collection

The administration for the collection began with the researcher submitting a letter of application for permission to the Department of Polytechnic Education and the community college to conduct the research at the University. After receiving permission, the application letter to conduct the study was sent to the selected community colleges in Selangor. An appointment was made with the Head of the Research, Innovation, and Commercial Unit at the community college to set a suitable date for the study. The researcher proceeded to the field to survey receiving approval. Before distributing the questionnaire, the researcher facilitated an online cybersecurity digital game activity titled Aggie LIFE, developed by Texas A&M University. This interactive game simulates real-life decision-making scenarios involving cyber safety, such as password use, phishing detection, and data privacy. The game was chosen to cognitively engage participants and prime their awareness of ethical and unethical behaviour in cyberspace. Participants were given a link to the game and allotted approximately 15 to 20 min to complete a full session individually using their own devices. The activity aimed to standardise participants’ exposure to basic cybersecurity concepts before they responded to the questionnaire, ensuring that a shared baseline understanding of cybersecurity ethics challenges informed their answers. Each class session allocated for questionnaire administration lasted approximately 30 to 45 min, including instructions and completion time.

Data Preparation

The results of the descriptive analysis using Microsoft Excel software reveal that all variables and questionnaire items have less than 10% missing data. The mean imputation technique was applied to address missing data. The analysis also revealed that 46 survey responses were identified and eliminated due to the presence of straight-line responses. A set of questionnaires with a straight-line response pattern that is not removed will trigger an inflated correlation (Hair et al., 2018). In addition, the z-score approach was used to detect extreme values. Of the 377 survey responses analysed, 37 were reported to have extreme values, scored above 3.29, and were excluded from the dataset. As a result, 340 survey responses remained, meeting the required total data target of 101%.

Respondents cannot write their names in the questionnaire in the recovery procedural method to protect their identity. Respondents were also asked to answer honestly, apart from being informed that there are no right or wrong answers. The statistical recovery method involves Harman’s single factor test to determine if there is bias in the questionnaire data by all indicator variables that measure dependent and independent variables, which were analysed based on factor analysis without rotation using IBM SPSS statistical software version 27. The analysis results indicate that the first factor explains 47.068% of the variance, below the 50% threshold for total variance. Therefore, these results suggest that the sampling method used in this study is not affected by standard method variance bias and aligns with Hair et al. (2017) recommendations. To assess the data’s multivariate normality, skewness and kurtosis values were examined using SPSS software. The results confirm that the data distribution is normal, with the standard error of each variable considered. Most of the data fall within the recommended skewness and kurtosis range of ±2.00, as Hair et al. (2014) suggested.

Empirical Analysis and Results

Descriptive Analysis

All participating community colleges are located in Selangor, with 28% from Selayang CC, 24% from Kuala Langat Community College, 19% from Hulu Langat Community College, 19% from Sabak Bernam Community College, 7% from Hulu Selangor Community College and 5% from Kelana Jaya Community College. Twelve certificate programmes are involved, including the following: Information Technology (27%), Computer and Network (7%), Basic Culinary (9%), Hotel Operations (3.2%), Pastry (10%), Food Processing and Quality Control (6%), Business Operations (6%), Refrigeration and Air Conditioning (10%), Interior Design (5%), Light Vehicle Service (5%), and Electrical Technology (12%). Students are primarily from the first semester (62%), followed by the third semester (20%) and the second semester (18%). Approximately 58% of the respondents are female, and 42% are male. Most respondents are 18 years old (51%), followed by 19 years old (37%). The remaining respondents are 20 years (8%), 21 years (2%), 22 years (1%), and 23 years (1%). Respondents’ feedback on internet usage indicates that 20% use the internet for 1 to 3 hr, 40% for 4 to 5 hr, and 40% for more than 6 hr a day. Additionally, 23% of respondents report using a computer for more than 6 hr daily. Regarding awareness of the significance of cyber ethics for cybersecurity protection, 35% are unaware, 40% are somewhat aware, and 25% are very aware.

Assessment of the Theoretical Model

This study employed Partial Least Squares Structural Equation Modelling (PLS-SEM) using SmartPLS 4.0 due to its suitability for exploratory research and prediction-oriented analysis. The conceptual model, developed from prior literature, examined the predictive relationships between cognitive and behavioural constructs such as perceived severity, perceived vulnerability, self-efficacy, response efficacy, and informal learning strategies. PLS-SEM was selected for its ability to handle complex models, including a second-order construct (cyber ethical behaviour) with four first-order dimensions, and its robustness to non-normal data distributions.

The analysis involved two main stages: evaluating the measurement model to assess the constructs’ reliability and validity, then testing the structural model to examine the hypothesised relationships. This approach allowed for validation of the research instrument and in-depth assessment of the proposed theoretical model.

Measurement Model

A Confirmatory Factor Analysis (CFA) was conducted to assess construct validity using data from 340 respondents, which meets the recommended sample size for structural equation modelling, particularly for complex models (Hair et al., 2019). This analysis was carried out to verify the unidimensionality and adequacy of each construct in the measurement model. During CFA, indicators with factor loadings below 0.4 or above 0.95 were removed, as recommended by Hair et al. (2019). For example, item AC4, which had a factor loading of 0.588, was excluded from further analysis due to insufficient contribution to its construct. Indicators with loadings below 0.6 were also excluded due to weak inter-item correlation.

The final CFA results demonstrated acceptable measurement properties. All retained items had factor loadings ranging from 0.685 to 0.948, indicating strong indicator reliability. The internal consistency reliability was confirmed with Cronbach’s alpha values ranging from 0.920 to 0.965, and Composite Reliability (CR) values above 0.7 (ranging from 0.914 to 0.947). Furthermore, Average Variance Extracted (AVE) for all constructs exceeded the minimum threshold of 0.5, confirming convergent validity. These results confirm that the constructs used in this study demonstrate both validity and reliability, as summarised in Table 4.

Table 4.

Latent Variable, Loadings (Confirmatory Factor Analysis, CFA), Cronbach’s Alpha, Composite Reliability, and AVE.

Item	Latent variable	Indicator	Loadings	Cronbach α	Composite reliability (CR)	AVE
1	Cyber ethical digital games (DG)	DG1	0.893	0.927	0.931	0.821
		DG2	0.926
		DG3	0.919
		DG4	0.885
2	Lecturer reminders (LR)	LR1	0.931	0.946	0.947	0.860
		LR2	0.919
		LR3	0.941
		LR4	0.918
3	Motivational impact of achievement certificates (AC)	AC1	0.931	0.924	0.925	0.868
		AC2	0.948
		AC3	0.916
4	Perceived severity (PS)	PS1	0.935	0.944	0.945	0.857
		PS2	0.907
		PS3	0.923
		PS4	0.937
5	Perceived vulnerability (PV)	PV1	0.908	0.920	0.921	0.806
		PV2	0.903
		PV3	0.889
		PV4	0.892
6	Self-efficacy (SE)	SE1	0.902	0.931	0.933	0.828
		SE2	0.927
		SE3	0.883
		SE4	0.928
7	Response efficacy (RE)	RE1	0.925	0.930	0.933	0.828
		RE2	0.931
		RE3	0.914
		RE4	0.867
8	Cyber Ethical Behaviour (CEB)
	Privacy (P)	P1	0.879	0.965	0.914	0.632
		P2	0.858
		P3	0.821
		P4	0.806
		P5	0.867
	Accuracy (ACC)	ACC1	0.704
		ACC2	0.705
		ACC3	0.692
		ACC4	0.685
		ACC5	0.733
	Intellectual property (IP)	IP1	0.879
		IP2	0.858
		IP3	0.821
		IP4	0.806
	Accessibility (ASS)	ASS1	0.748
		ASS2	0.762
		ASS3	0.764
		ASS4	0.879

The Fornell-Larcker criterion was applied to assess discriminant validity. This method compares the square root of the Average Variance Extracted (AVE) for each construct with the correlations among constructs. As shown in Table 5, the square roots of AVE (diagonal elements) are all higher than the corresponding inter-construct correlations, confirming that each construct is distinct from the others in the model. These results prove adequate discriminant validity (Fornell & Larcker, 1981).

Table 5.

Fornell-Larcker Criterion.

Constructs	SE	RE	PV	PS	LR	DG	AC	CEB
SE	0.910
RE	0.485	0.910
PV	0.645	0.392	0.898
PS	0.785	0.454	0.711	0.926
LR	0.647	0.388	0.509	0.557	0.927
DG	0.506	0.301	0.515	0.676	0.443	0.906
AC	0.583	0.312	0.482	0.543	0.486	0.311	0.937
CEB	0.773	0.530	0.591	0.730	0.547	0.438	0.483	0.795

Note. The bold diagonal values represent the square roots of the Average Variance Extracted (AVE) for each construct. The values below the diagonal represent the correlations between constructs. Discriminant validity is achieved when each diagonal value $(\sqrt{AVE})$ is greater than the corresponding inter-construct correlations.

Based on the Heterotrait-Monotrait (HTMT) ratio correlation approach from the multitrait-multimethod matrix, the discriminant validity of a construct is considered valid if the HTMT value is less than 0.85 (Henseler et al., 2015) or less than 0.90 (Teo et al., 2008). A discriminant validity value that exceeds 0.85 indicates that there is a serious problem with discriminant validity. Table 6 indicates that the HTMT value is below the stricter criterion of ≤0.85, indicating that the respondents distinguish the eight constructs as separate, demonstrating strong discriminant validity.

Table 6.

Heterotrait-Monotrait (HTMT) Ratio.

Constructs	SE	RE	PV	PS	PP	SG	RW
SE
RE	0.519
PV	0.687	0.413
PS	0.541	0.323	0.470
PP	0.696	0.422	0.545	0.557
SG	0.836	0.484	0.588	0.720	0.763
RW	0.631	0.340	0.516	0.331	0.521	0.582
CEB	0.838	0.576	0.588	0.476	0.646	0.787	0.534

Note. The bold diagonal values represent the Heterotrait–Monotrait (HTMT) ratios for each construct. Discriminant validity is achieved when all HTMT values are below 0.85 (Henseler et al., 2015).

Assessment of the Structural Model

The variance inflation factor (VIF) values were assessed to ensure the absence of multicollinearity. As shown in Table 7, all VIF values ranged from 1.244 to 3.238, well below the commonly accepted threshold of 7. This indicates that multicollinearity is not a concern in this study (Hair et al., 2019).

Table 7.

VIF Values of Predictor Constructs.

Endogenous construct	Exogenous construct	VIF
Cyber Ethical Behaviour (CEB)	Self-efficacy (SE)	2.852
	Response efficacy (RE)	1.338
	Perceived vulnerability (PV)	2.114
	Perceived severity (PS)	3.238
Self-efficacy (SE)	Lecturer reminders (LR)	1.492
Response efficacy (RE)		1.492
Perceived vulnerability (PV)		1.244
Perceived severity (PS)		1.244
Self-efficacy (SE)	Cyber ethical digital games (DG)	1.263
Response efficacy (RE)		1.263
Perceived vulnerability (PV)		1.244
Perceived severity (PS)		1.244
Self-efficacy (SE)	Motivational impact of achievement certificates (AC)	1.328
Response efficacy (RE)		1.328

This study employed a one-tailed t-test because all hypothesised relationships between constructs were expected to be positive, based on supporting theoretical foundations. This test was chosen because the study’s objective was not to compare two groups in general but rather to determine whether a construct has a significant effect in a specific direction on another construct being tested.

The study employed 5,000 samples for the bootstrap procedure, as Hair et al. (2017) recommended, to ensure consistent values. Notably, a structural relationship between exogenous and endogenous constructs is accepted if the t value is greater than 1.645 (t > 1.645) and the significant level value p is less than the set significant value level, which is 0.05 (p < 0.05), as suggested by Hair et al. (2017). First, the relationship between the four exogenous constructs: PS, PV, SE, and RE and the endogenous construct CEB was analysed. The obtained values are as follows: PS → CEB (β = 0.273, p < 0.001), PV → CEB (β = 0.037, p < 0.460), SE → CEB (β = 0.454, p < 0.001), and RE → CEB (β = 0.169, p < 0.001). The results of this analysis suggest that all exogenous constructs are positively related to the endogenous constructs of CEB, except for PV. Therefore, H1, H3, and H4 are supported, while H2 is rejected.

Next, the relationship between the exogenous DG and the four endogenous constructs: PS, PV, SE, and RE was examined. The obtained values are as follows: DG → PS (β = 0.534, p < 0.001), DG → PV (β = 0.360, p < 0.001), DG → SE (β = 0.235, p < 0.001), and DG → RE (β = 0.143, p < 0.041), indicating that hypotheses H5, H6, H7, and H8 are all supported.

Then, the relationship between the exogenous construct LR and the four endogenous constructs: PS, PV, SE, and RE was examined. The obtained values are as follows: LR → PS (β = 0.320, p < 0.001), LR → PV (β = 0.350, p < 0.001), LR → SE (β = 0.385, p < 0.001), and LR → RE (β = 0.251, p < 0.003), indicating that hypotheses H9, H10, H11, and H12 are all supported.

Finally, the relationship between the exogenous construct AC and the two endogenous constructs, SE and RE, was examined. The obtained values are as follows: LR → SE (β = 0.328, p < 0.001), and LR → RE (β = 0.151, p < 0.061). This indicates that H13 is supported while H14 is not. The results of the hypothesis test are presented in Table 8.

Table 8.

Hypothesis Test Results.

Hypothesis	Construct relationships	Path coefficient (β)	Standard error	t-Value	Significant level (p)	BCI LL	BCI UL	Results
H1	PS → CEB	.273	0.064	4.276	<.001	0.156	0.405	Supported
H2	PV → CEB	.037	0.050	0.740	.460	−0.058	0.138	Not supported
H3	SE → CEB	.454	0.066	6.891	<.001	0.317	0.573	Supported
H4	RE → CEB	.169	0.046	3.637	<.001	0.080	0.263	Supported
H5	DG → PS	.534	0.055	9.787	<.001	0.422	0.640	Supported
H6	DG → PV	.360	0.065	5.569	<.001	0.232	0.483	Supported
H7	DG → SE	.235	0.058	4.050	<.001	0.121	0.350	Supported
H8	DG → RE	.143	0.070	2.047	.041	0.008	0.279	Supported
H9	LR → PS	.320	0.057	5.592	<.001	0.211	0.438	Supported
H10	LR → PV	.350	0.064	5.428	<.001	0.226	0.477	Supported
H11	LR → SE	.385	0.064	5.963	<.001	0.254	0.509	Supported
H12	LR → RE	.251	0.085	2.959	.003	0.086	0.417	Supported
H13	AC → SE	.328	0.063	5.180	<.001	0.199	0.448	Supported
H14	AC → RE	.151	0.081	1.872	.061	−0.006	0.312	Not supported

Note. BCI LL = Bias confidence interval lower limit; BCI UL = Bias confidence interval upper limit.

β is significant if t > 1.64 and p < .05.

The squared multiple correlation (R²) was analysed to assess the variation explained by the endogenous variables. The R² value for the endogenous variable CEB is 0.663, indicating that the four predictors, PS, PV, SE, and RE, explain 66.3% of the variance in CEB. Meanwhile, the R² values for the PS and PV variables are 0.539 and 0.364, indicating that the two predictors, namely SG and LR, explain 53.9% and 36.4% of the variance in PS and PV. Moreover, the R² values of the endogenous variables SE and RE are 0.560 and 0.189, suggesting that the three predictors DG, LR, and AC explain 56% and 18.9% of the variance in SE and RE. In conclusion, the analysis of the prediction model’s accuracy, based on the R² value, reveals a moderate level of accuracy for all endogenous variables: SE, PV, PS, and Cyber Ethical Behaviour (CEB) while it demonstrates a weak accuracy for Response Efficacy (RE), refer to Chin et al. (1998).

Discussion

This section discusses the findings related to the relationship between threat and coping appraisal components and cyber ethical behaviour (CEB), as well as the influence of social learning strategies on these cognitive processes. It also includes a critical reflection on non-significant findings, outlines the study’s theoretical and practical contributions, and offers implications and recommendations for future research.

The Relationship Between Threat Appraisal Components (Perceived severity and Perceived vulnerability) and CEB

In this study, threat appraisal includes perceived severity and perceived vulnerability. Perceived severity captures how seriously individuals view the consequences of violating cyber ethics, while perceived vulnerability reflects their belief in how likely they are to experience cyber threats personally. The test of the relationship between the perceived severity construct and TVET youth CEB (Hypothesis H1) exhibited a significant correlation. However, the relationship between the perceived vulnerability construct and TVET youth CEB (Hypothesis H2) revealed no significant effect. In contrast, the relationship between perceived vulnerability (PV) and cyber ethical behaviour (CEB) was found to be statistically non-significant (H2). This finding aligns with previous studies involving youth, public users, and employees, which suggest that perceived exposure to cyber threats alone does not strongly predict ethical conduct (Boerman et al., 2021; Ekanem, 2023; Jamil, 2022; Mtambeka et al., 2023; Naufal & Hadee, 2022; Sulaiman et al., 2022). While TVET youth may recognise cyber risks, such awareness is not necessarily translated into ethical behaviour.

The Relationship Between Coping Appraisal Components (Self-efficacy and Response efficacy) and CEB

This study explores the relationship between the components of coping appraisal and self-efficacy, which refers to the ability to effectively respond to cyber threats, and response efficiency, which involves the belief that taking action against a threat can prevent cyber ethical violations. The test of the self-efficacy construct and TVET youth CEB (Hypothesis H3) tested a significant relationship. Similarly, the test of the relationship between the response efficiency construct and TVET youth CEB (Hypothesis H4) also revealed an important relationship. This finding is consistent with previous research, which identifies self-efficacy and response efficacy as the most consistent predictors of youth security protection behaviour, particularly in areas such as privacy management (Meng & Feng, 2022; Thongmak, 2022), password hygiene (Jiow & Tay, 2025), protection against phishing attacks (Lee et al., 2023), and the adoption of IoT-based home security devices (A. Mahmud et al., 2023). This suggests that TVET youth possess a high level of self-efficacy in making appropriate behavioural decisions and tend to act ethically in the cyber environment. Accordingly, TVET youth are also able to ensure that the actions taken are based on strong ethical principles to prevent exposing themselves and others to cybersecurity threats. Therefore, it is crucial to provide training that can strengthen these two competencies among TVET students, enabling them to oversee increasingly complex cyber issues more ethically and effectively in their future workplace.

The Relationship of Social Learning Strategies and Cognitive Process in CEB

This study links three learning strategies: cyber ethical digital games, lecturer reminders, and motivational impact of achievement certificates with cognitive process components, threat appraisal (perceived severity and perceived vulnerability) and coping appraisal (self-efficacy and response efficacy). The following section will discuss the findings of this relationship.

The Relationship Between Cyber Ethical Digital Games and the Cognitive Process

Cyber ethical digital games are defined as a source of experience involving visual observation and interactive elements within social learning. Testing was conducted to observe the students’ perception of the relationship between cyber ethical digital games with perceived severity, perceived vulnerability, self-efficacy, and response efficacy, a hypothesis as H5, H6, H7, and H8. The results revealed a significant relationship between cyber ethical digital games and all the cognitive process components. This finding explains that cyber ethical digital games can stimulate students’ cognitive abilities towards threat and coping appraisal in influencing the TVET youth CEB. This result is in line with previous studies, which discovered that digital games has an impact on students’ cognitive processes on water saving (Chang & Yang, 2023), cyber well-being literacy (Wang et al., 2023), STEM learning (Ishak et al., 2022), mathematical learning (Annamalai et al., 2022), and entrepreneurial thinking (Gatti, 2022; Junior & Kim, 2025). These findings support previous studies that indicate digital games are a source of experiential learning (Metallinou, 2022) and promote student engagement in addressing cybersecurity threats (Tay et al., 2024; Winger et al., 2024).

The Relationship Between the Lecturer’s Reminder and the Cognitive Process

The lecturer’s reminder is a form of social learning through persuasive messages or persuasion, which plays an essential role in influencing cognitive processes, confidence, and the ability of individuals to perform ethical behaviour in cyberspace. This study has linked the lecturer’s reminder with two components of the cognitive process: threat assessment and coping assessment. Testing was conducted to observe the student’s perception of the relationship between the student’s perception construct and perceived severity, perceived vulnerability, self-efficacy, and response efficacy, which are hypotheses H9, H10, H11, and H12. The results of the analysis revealed a significant relationship between the lecturer’s reminder and all the components of the connected cognitive process. These results explain that lecturers play an essential role in influencing students’ behavioural decisions in cyberspace by influencing students’ assessment and response to cyber threats. This finding is consistent with studies that highlight the influence of verbal persuasion on self-efficacy among young people, particularly in promoting protective behaviours related to environmental (Han et al., 2025; Syabania et al., 2023) and health (Hwang et al., 2023; Kollerup et al., 2025; Riniasih et al., 2022; Taheri et al., 2025) issues. Overall, this elucidates that social learning through communication or continuous memory from lecturers with emphasis on lectures, guidance, or discussion of responsibility aspects in cyberspace is a fundamental, easy, and available social learning strategy. Therefore, every lecturer needs to improve their knowledge about cyber ethics so that the emphasis on responsible behaviour in cyberspace can be implemented continuously. Not only lecturers in the field of specialisation in information technology and computer networks, but also all lecturers need to take this role.

The Relationship Between the Motivational Impact of Achievement Certificates and the Cognitive Process

Motivational impact of achievement certificates is a source of information to increase the individual’s confidence and ability to maintain correct behaviour. This study has linked the motivational impact of achievement certificates with the cognitive process component of coping appraisal. The test was conducted to observe students’ perception of the relationship between the motivational impact of achievement certificates, self-efficacy, and response efficiency. The result revealed a significant relationship between the motivational impact of achievement certificates and self-efficacy (H3). This is in line with previous studies that reported intrinsic and extrinsic motivation has a substantial effect on the self-efficacy of medical students in their academic achievement (Wu et al., 2020), students actively participating in physical exercise (N. Li et al., 2023), and student’s achievement in English language proficiency (El Haj & Benhima, 2024). The result shows the role of achievement certificates in reinforcing students’ self-efficacy, a key cognitive factor, thereby encouraging sustained ethical conduct in digital environments beyond their academic setting. However, the results revealed no significant relationship between the motivational impact of achievement certificates and students’ response efficacy (H4) in cyber behaviour. This indicates that the motivational impact of achievement certificates does not guarantee the effectiveness of responses to prevent threats, as negligence and disregard for cyber human values can still occur.

In conclusion, the findings indicate that PMT and the social learning process can be combined to predict the cyber ethical behaviour of TVET youth. The findings of the study demonstrate that students who receive social learning can influence threat appraisal (support for H1, H2, H5, and H6) and coping appraisal by affecting students’ self-efficacy and response efficiency (support for H7, H8, H11, H12, and H13). The research outcome is summarised in the path modelling results shown in Figure 2.

Figure 2.

Path modelling results.

Critical Reflection on Non-significant Findings

While most of the hypothesised relationships in this study were supported with significant results, a few were found to be statistically insignificant. These non-significant findings warrant further attention, as they may reveal important theoretical insights and practical limitations that were not immediately apparent. In particular, the absence of significant relationships between perceived vulnerability (PV) and cyber ethical behaviour (CEB), as well as between the motivational impact of achievement certificates (AC) and response efficacy (RE), prompts a deeper analysis. The following sub-sections critically examine these outcomes and explore possible explanations grounded in existing literature, contextual factors, and theoretical frameworks such as Protection Motivation Theory (PMT) and Social Learning Theory (SLT).

Perceived Vulnerability and CEB

The finding that perceived vulnerability (PV) does not influence cyber ethical behaviour (CEB) suggests that perceived susceptibility to threats alone is insufficient to drive ethical cyber behaviour among TVET students, unless it is supported by other elements such as emotional engagement, a sense of responsibility, and belief in one’s ability and the effectiveness of their actions. Although students know cyber risks, they often underestimate these threats, relying solely on technical safeguards like antivirus software and firewalls, while overlooking the broader ethical consequences of their actions on others.

Furthermore, students often perceive cyber threats as stemming solely from technological weaknesses, without recognising that individual responsibility is critical in mitigating risks and fostering a safer, more ethical digital environment. This attitude indicates that awareness of one’s vulnerability is unlikely to translate into behavioural change unless accompanied by a deeper understanding of ethical values and the broader impact of one’s actions on the digital community.

The finding that PV does not significantly influence CEB challenges the original Protection Motivation Theory (PMT) assumptions, which posits a direct link between perceived threat and protective behaviour. However, this study suggests that such a relationship may be conditional and mediated by other psychological constructs. In particular, the efficacy components namely, self-efficacy and response efficacy, which showed significant influence in this study, may act as mediators that strengthen the impact of PV on ethical behaviour. This mediation is likely more effective when cyber human values are consistently emphasised within educational interventions. As Bandura (1977) suggests, efficacy beliefs are essential in converting perceived threats into meaningful behavioural change.

Motivational Impact of Achievement Certificate and Response Efficacy

The study found that while the motivational impact of achievement certificates can enhance self-efficacy, they are insufficient to strengthen individuals’ belief in the effectiveness of their actions (response efficacy) when addressing cyber ethical issues. Confidence in one’s ability to respond appropriately in cyberspace may be undermined or uncertain, particularly as new technologies and emerging threats evolve rapidly. Each advancement in technology is often accompanied by the emergence of new and increasingly complex cyber threats, which can challenge individuals’ preparedness and perceived ability to respond effectively (SentinelOne, 2025). Technological developments bring convenience and efficiency in daily life and open up space for abuse, ethical violations, and more serious data security and privacy risks. Therefore, fostering adaptive ethical competence through sustained, value-based digital education is essential to ensure individuals are not only aware of threats but also confident in addressing them responsibly.

Therefore, although achievement certificates can serve as a motivational boost, they do not fully guarantee that students will avoid behaviour contrary to cyber ethics. Theoretically, these findings suggest that AC is not a direct driver of response efficacy, but it is still relevant as a supporting element to strengthen students’ self-efficacy. Its effectiveness can be enhanced through active learning approaches such as ethical digital games and lecturer reminders relevant to technological advances and the latest cyber challenges.

Contribution

This study has made a significant contribution to the field of cyber security, especially concerning cyber ethical behaviour. Compared to previous studies on developing cybersecurity behaviour models, the observed cognitive mediating process focuses on behaviours related to software, hardware, and compliance with security regulations. In contrast to this study, the cognitive mediating process is linked to behaviours that emphasise moral principles grounded in cyber human values aimed at protecting themself and others from cyber threats. Thus, this study strengthens the cybersecurity behaviour model by developing a CEB model based on cognitive mediating process components by integrating PMT theory and SLT theory.

The study also contributes to empirically validating the PMT and SLT components from the developed CEB model. The study results suggest that the cognitive components of PMT, namely perceived severity, self efficacy, and response efficacy, are related to the cyber ethical behaviour of TVET youth. However, the cognitive mediating component of PMT related to perceived vulnerability, which refers to a person’s belief that they are at risk from cyber threats, does not relate to TVET youth’s cyber ethical behaviour. This indicates that TVET youth are aware of the seriousness of cyber threats but underestimate their potential exposure to these threats due to carelessness and poor judgment resulting from irresponsible behaviour in cyberspace. Furthermore, empirical results also confirm that social learning strategies through cyber ethical digital games, lecturer reminders, and the motivational impact of achievement certificates are related to the development of the cognitive mediating process of youth.

Previous studies on safety protection behaviour among students have primarily focused on cyberbullying and privacy issues. However, other critical issues outlined in the PAPA model, such as content accuracy, intellectual property, and accessibility, also require attention and further study in the context of students today. Therefore, this study highlights cybersecurity behaviour issues encompassing security threats and the impacts of victimisation, exposure to illegal activities, and violations of moral values and responsibilities.

Implication

The findings of this study carry important implications for both educational practice and policymaking, particularly in the context of preparing TVET graduates to navigate ethical challenges in cyberspace:

(a) Curriculum Design & Cybersecurity Awareness

Educators should integrate structured modules on cyber threats and ethical behaviour into TVET curricula. The model developed in this study can guide educators in assessing students’ cognitive readiness and tailoring learning materials to enhance resilience against cyber threats. This supports the Malaysia Cyber Security Strategy (2020–2024) by fostering collaborative content development across institutions.

(b) Policy Development for Future-Ready Graduates

Policymakers can leverage the model to update institutional policies and national guidelines on 21st-century skills, ensuring TVET graduates are equipped for global digital challenges. This aligns with Phase 3 of the Malaysia Education Blueprint (2015–2025), emphasising adaptability and innovation in institutional governance.

Educators should embed cyber human values—such as responsibility, respect, and accountability—into soft skills training, enabling TVET graduates to meet ethical standards demanded by IR 4.0 industries. Policymakers can support this through national-level training frameworks.

(d) Long-Term Ethical Planning for Emerging Tech

Policymakers should develop anticipatory guidelines to manage ethical risks posed by technologies such as AI. This study highlights the urgency for ethical foresight in TVET, ensuring sustainable and responsible digital citizenship in a rapidly evolving landscape.

Limitations and Directions for Future Research

While this study provides valuable insights into the cognitive and ethical behaviour of TVET youth in cyberspace, several limitations should be acknowledged. First, the study relied on self-reported questionnaire data, which may be influenced by social desirability bias or limited self-awareness among respondents. Future studies could incorporate observational or behavioural measures to triangulate findings. Second, the sample was drawn from community colleges within a specific region, which may limit the generalizability of results to all TVET institutions nationwide. Expanding the sampling frame to include a more diverse demographic and institutional background would enhance representativeness. Lastly, the study employed a cross-sectional design, which restricts causal interpretation. Future research may consider longitudinal or experimental designs to explore changes in ethical behaviour over time or in response to targeted interventions.

Conclusion

This study offers a meaningful contribution by proposing a cyber ethics model that integrates cognitive processes and human values to explain ethical digital behaviour among youth. While grounded in the Malaysian TVET context, the model’s foundational elements such as ethical awareness, reasoning, peer influence, and responsible digital behaviour are applicable across cultural and educational settings. The incorporation of social learning strategies and value-driven constructs enables adaptability to various institutional environments, including vocational, secondary, or tertiary education systems globally. This model can be tailored to reflect local values and norms in multicultural or digitally diverse societies while preserving its core emphasis on ethical conduct in cyberspace. As such, the model has the potential to inform digital ethics education internationally, especially in efforts to develop responsible digital citizens in an increasingly interconnected world.

Footnotes

Appendix

Appendix A.

Questionnaire Items.

No.	Construct	Indicator	Question item (R = reverse coded)
	Cyber ethics behaviour (CEB)		While using the internet, I…
1	Privacy (P)	P1	do not share images that could embarrass my friends.
2		P2	do not share videos that could embarrass my friends.
3		P3	avoid discussing other people’s problems on social media.
4		P4	believe that tagging a friend on Facebook or Instagram without their consent is a violation of privacy.
		P5	use other people’s details for personal gain (e.g., misusing their health issues or tragedies to collect donations) (R)
6	Accuracy (ACC)	ACC1	am careful when giving opinions.
7		ACC2	avoid rushing to share information.
8		ACC3	check the authenticity of information before sharing it.
9		ACC4	refrain from making statements without consideration.
10		ACC5	provide honest comments when leaving feedback in the comment section.
11	Intellectual property (IP)	IP1	copy entire articles to use as my assignment (R)
			copy entire articles to use as my assignment (R)
12		IP2	always indicate the reference source when using content or material taken from others.
13		IP3	encourage friends to download software illegally (other than from iTunes, shareware, demo, etc.) (R)
14		IP4	am aware that copying other people’s ideas to sell for profit is wrong.
15	Accessibility (ASS)	ASS1	believe that attempting to access a webpage using someone else’s password is wrong.
16		ASS2	will not check a friend’s exam results without their knowledge.
17		ASS3	am aware that revealing other people’s secrets on the internet is wrong (e.g., uploading a friend’s exam results to a social media site).
18		ASS4	keep my passwords secure and prevent misuse by others, including immediate family members.
			I realise that the act of…
19	Perceived severity (PS)	PS1	sharing private information can lead to misuse by others.
20		PS2	disseminating information is monitored by the relevant authorities.
21		PS3	distributing other people’s intellectual property is illegal (e.g., eBooks, paid software, graphic design, images, audio, or movies).
22		PS4	hacking can lead to the leakage of information.
			I am exposed to cybersecurity threats and risks if…
23	Perceived vulnerability (PV)	PV1	take easy in protecting private information
24		PV2	I re-share content without examining the source and its accuracy.
25		PV3	I ignore the negative effects of spreading other people’s intellectual property.
26		PV4	I read other people’s emails or WhatsApp messages without permission.
			I’m confident I can…
27	Self-efficacy (SE)	SE1	protect other people’s private or confidential information (e.g., passwords, ID card numbers).
28		SE2	only share information that I believe to be valid.
29		SE3	download intellectual property only for personal use, as permitted.
30		SE4	change my password at least three times a year.
			I will make sure…
31	Response efficacy (RE)	RE1	my comments on social media do not violate cyber laws.
32		RE2	the information I share does not cause confusion.
33		RE3	I do not distribute copyrighted material to others.
34		RE4	I use passwords that are difficult to guess.
			Exposure to cybersecurity threats through digital games can…
35	Cyber ethical digital games (DG)	DG1	capture my attention.
36		DG2	improve my memory.
37		DG3	facilitate my understanding of the importance of cyber ethics.
38		DG4	provide a representation of real life in the form of a game.
			Lecturer reminders…
39	Lecturer reminders (LR)	LR1	made me aware of the importance of privacy.
40		LR2	prevent me from hacking.
41		LR3	reminded me not to misuse other people’s intellectual property.
42		LR4	prevent me from spreading false information.
			Awarding certificates of achievement to students who demonstrate ethical behaviour in cyberspace can…
43	Motivational impact of achievement certificates (AC)	AC1	increased my confidence in maintaining good behaviour in cyberspace.
44		AC2	motivates me to be more responsible while in cyberspace.
45		AC3	affects my behaviour, even in the future workplace.
46		AC4	give added value to my personal development.

ORCID iDs

Hanimastura Hashim

Umi Asma’ Mokhtar

Nur Fazidah Elias

Ethical Considerations

This study of survey participants received formal approval from the Department of Polytechnic and Community College Education (JPPKK), Ministry of Higher Education Malaysia. Permission was subsequently obtained from the participating institutions prior to data collection. All respondents were informed of the purpose of the study and gave their consent before completing the questionnaire. Participation was voluntary, and all data were treated with strict confidentiality and used solely for academic purposes.

Author Contributions

Hanimastura Hashim: Conceptualization—Ideas; formulation or evolution of overarching research goals and aims. Data curation—Management activities to annotate (produce metadata), scrub data and maintain research data (including software code, where it is necessary for interpreting the data itself) for initial use and later re-use. Writing—original draft—Preparation, creation and/or presentation of the published work, specifically writing the initial draft (including substantive translation). Writing—review & editing, preparation, creation and/or presentation of the published work by those from the original research group, specifically critical review, commentary or revision—including pre- or post-publication stages.

Umi Asma’ Mokhtar: Supervision and Project Administration—Management and coordination responsibility for the research activity planning and execution.

Atif Ahmad: Supervision—Oversight and leadership responsibility for the research activity planning and execution, including mentorship external to the core team.

Nur Fazidah Elias: Supervision—Oversight and leadership responsibility for the research activity planning and execution, including mentorship external to the core team.

Amelia Natasya Abdul Wahab: Supervision—Oversight and leadership responsibility for the research activity planning and execution, including mentorship external to the core team.

Megat Zuhairy Megat Tajuddin: Industry Collaboration—Strategic leadership in planning and executing cybersecurity research initiatives through industry partnerships.

Azlina Ab Aziz: Industry Collaboration—Strategic leadership in planning and executing cybersecurity research initiatives through industry partnerships.

Funding

The authors disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research is funded by the GUP-2024-045.

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data Availability Statement

The data that support the findings of this study are available from the corresponding author upon reasonable request.

The Disclosure of AI Usage

The authors declare they have used AI services, specifically ChatGPT, to generate or edit parts of our analytical script. They carefully reviewed the script to ensure its correctness.

References

Aderibigbe

Ocholla

Britz

(2021). Differences in ethical cyber behavioural intention of Nigerian and South African students: A multi-group analysis based on the theory of planned behaviour. Libri, 71(4), 389–406. https://doi.org/10.1515/libri-2019-0062

Aiken

M. P.

Davidson

J. C.

Walrave

Ponnet

K. S.

Phillips

Farr

R. R.

(2024). Intention to hack? Applying the theory of planned behaviour to youth criminal hacking. Forensic Sciences, 4(1), 24–41. https://doi.org/10.3390/forensicsci4010003

Alam

S. S.

Ahsan

Kokash

H. A.

Alam

Ahmed

(2025). A students’ behaviors in information security: Extension of Protection Motivation Theory (PMT). Information Security Journal: A Global Perspective, 34(3), 191–213. https://research.ebsco.com/linkprocessor/plink?id=04a648c8-f6c8-3c62-bca9-4c9926a12f51

Alqahtani

Kavakli

Alrowaily

(2020, July 19–24). The impact of gamification factor in the acceptance of cybersecurity awareness augmented reality game (CybAR) [Conference session]. HCI for Cybersecurity, Privacy and Trust: Second International Conference, Copenhagen, Denmark. https://doi.org/10.1007/978-3-030-50309-3

Althibyani

H. A.

Al-Zahrani

A. M.

(2023). Investigating the effect of students’ knowledge, beliefs, and digital citizenship skills on the prevention of cybercrime. Sustainability (Switzerland), 15(15), 11512. https://doi.org/10.3390/su151511512

Amoresano

Yankson

(2023). Human error—A critical contributing factor to the rise in data breaches: A case study of higher education. HOLISTICA—Journal of Business and Public Administration, 14(1), 110–132. https://doi.org/10.2478/hjbpa-2023-0007

Annamalai

Omar

A. C.

Salam

S. N. A.

(2022). A computational thinking model for game based learning to enhance students’ mathematical problem solving skills. International Journal of Business and Technology Management, 6, 1–13. https://repo.uum.edu.my/id/eprint/29328/

Baig

M. S. Y.

Nasreen

(2024). Development and validation of the social media self-esteem scale for adolescents. Pakistan Journal of Humanities and Social Sciences Volume, 12(4), 1–13. https://doi.org/10.4018/IJCBPL.2020100101

Bandura

(1977). Self-efficacy: Toward a unifying theory of behavioral change. Advances in Behaviour Research and Therapy, 1(4), 139–161. https://doi.org/10.1016/0146-6402(78)90002-4

10.

Başaran

Rukundo

(2018). University students’ and faculty’s views on ethical use of facebook within ict context. INTED2018 Proceedings, 1, 3679–3688. https://doi.org/10.21125/inted.2018.0706

11.

BERNAMA. (2024). Literasi digital: MCMC anjur program etika penggunaan media sosial. Astro Awani. https://www.astroawani.com/berita-malaysia/literasi-digital-mcmc-anjur-program-etika-penggunaan-media-sosial-477292

12.

Boerman

S. C.

Kruikemeier

Borgesius

F. J. Z.

(2021). Exploring motivations for online privacy protection behavior: Insights from panel data. Communication Research, 48(7), 953–977. https://doi.org/10.1177/0093650218800915

13.

Bohari

N. M.

Jamal

A. H. M. @

Mazlili

(2022). Kesahan Kandungan Bagi Instrumen Kemahiran Pembelajaran Sepanjang Hayat dalam Kalangan Guru Reka Bentuk dan Teknologi. Proceeding International Conference on Educational Leadership and Management, 1986, 138–148.

14.

Bottyán

(2024). Feeling safe online and experience with cyber incidents among university students. Gradus, 11(1), 1–6. https://doi.org/10.47833/2024.1.csc.001

15.

Boyett

P. D.

(2020). The impact of behavioral factors on information security policy guideline compliance. Dissertation Abstracts International: Section B: The Sciences and Engineering, 81(6-B), 1–111. http://ezproxy.leedsbeckett.ac.uk/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=psyh&AN=2020-04050-209&site=ehost-live&scope=site

16.

Casau

Dias

M. F.

Amorim

Bratitsis

(2023). Advancing entrepreneurship competences in higher education: A systematic literature review of game-based learning applications. Creative Education, 14(13), 2703–2720. https://doi.org/10.4236/ce.2023.1413172

17.

Chang

C. C.

Yang

S. T.

(2023). Interactive effects of scaffolding digital game - based learning and cognitive style on adult learners ’ emotion, cognitive load and learning performance. International Journal Education Tehcnology Higher Education, 7, 16.

18.

Chen

Wang

Liu

Hong

Zheng

Jiao

Zhang

(2023). Belief in a just world and bullying defending behavior among adolescents: Roles of self-efficacy and responsibility. Current Psychology, 42(25), 21532–21540. https://doi.org/10.1007/s12144-022-03198-5

19.

Chin

W. W.

Chinn

W. W.

Chin

W. W.

(1998). The partial least squares approach to structural equation modelling. In Marcoulides

G. A.

(Ed.). Modern methods for business research (Vol. 295, No. 2, pp. 295–336). Lawrence Erlbaum Associates Publishers.

20.

Chiu

T. K. F.

Ismailov

Zhou

Xia

C. K.

Chai

C. S.

(2023). Using self-determination theory to explain how community-based learning fosters student interest and identity in integrated STEM education. International Journal of Science and Mathematics Education, 21, 109–130. https://doi.org/10.1007/s10763-023-10382-x

21.

Davis

L. L.

(1992). Instrument review: Getting the most from a panel of experts. Applied Nursing Research, 5(4), 194–197.

22.

Dodge

C. E.

Fisk

Burruss

G. W.

Moule

R. K.

Jaynes

C. M.

(2023). What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory. Criminology and Public Policy, 22(4), 849–868. https://doi.org/10.1111/1745-9133.12641

23.

Dogan

(2015). Student engagement, academic self-efficacy, and academic motivation as predictors of academic performance. Anthropologist, 20(3), 553–561. https://doi.org/10.1080/09720073.2015.11891759

24.

Dumas-Mallet

Gonon

(2022). Citation misuses in the biomedical literature and its effects on public health. In Faintuch

Faintuch

(Eds.), Integrity of scientific research: Fraud, misconduct and fake news in the academic, medical and social environment (pp. 417–426). Springer.

25.

Dunmade

A. O.

(2023). Social media use and its implications on cyberethical behaviour in Nigeria?: Perspectives of generation Z girls. Journal of Cyberspace Studies, 7(1), 23–44. https://doi.org/10.22059/JCSS.2023.351174.1082

26.

Durak

H. Y.

(2019, March 13–19). Cyber human values displayed by university students in online social networking sites: The relationship of cyber human values to cyberbullying and cyber victimization behaviors displayed [Conference session]. INTED2019 Conference, Valencia, Spain (pp. 10035–10038).

27.

Ekanem

I. G.

(2023). Cybersecurity behaviour intensions in students [Master’s thesis, National College of Ireland]. National College of Ireland Repository. https://norma.ncirl.ie/id/eprint/7433

28.

El Haj

Benhima

(2024). The effect of motivation on self-efficacy of English department students with mediational effects of learning styles and learning. The Journal of Quality in Education, 14, 61–91.

29.

Farooq

Dubinina

Virtanen

Isoaho

(2021). Understanding dynamics of initial trust and its antecedents in password managers adoption intention among young adults. Procedia Computer Science, 184, 266–274. https://doi.org/10.1016/j.procs.2021.03.036

30.

Fornell

Larcker

D. F.

(1981). SEM with unobservable variables and measurement error: Algebra and statistics. Algebra and Statistics, 18, 382–388.

31.

Gatti

(2022). Learning through playing and designing games: A design thinking approach to entrepreneurship education. University of Calgary. https://doi.org/10.11575/prism/40545

32.

Gruber

Faßbender

(2025). Digital educational escape game design for STEM higher education. Frontiers in Education, 10, 1–10. https://doi.org/10.3389/feduc.2025.1497291

33.

Hair

J. F.

Black

W. C.

Babin

B. J.

Anderson

R. E.

(2019). Multivariate data analysis (8th ed.). Cengage Learning EMEA.

34.

Hair

J. F.

Risher

J. J.

Sarstedt

Ringle

C. M.

(2018). When to use and how to report the results of PLS-SEM. European Business Review, 31(1), 2–24. https://doi.org/10.1108/EBR-11-2018-0203

35.

Hair

J. F.

Jr. Sarstedt

Ringle

C. M.

Gudergan

S. P.

(2017). Advanced issues in partial least squares structural equation modeling. Sage publications.

36.

Hair

J. F.

Sarstedt

Hopkins

Kuppelwieser

V. G.

(2014). Partial least squares structural equation modeling (PLS-SEM). European Business Review, 26(2), 106–121. https://doi.org/10.1108/EBR-10-2013-0128

37.

Han

Jiang

(2025). Stimulating Chinese college students’ organizational citizenship behavior toward the environment: The role of pro-environmental organizational climate, green self-efficacy and intrinsic motivation. International Journal of Sustainability in Higher Education. Advance online publication. https://doi.org/10.1108/IJSHE-04-2024-0281

38.

Harris

K. M. A.

(2022). Secularisation of ethics and contemporary moral crisis. Afkar, 23(2), 121–170. https://doi.org/10.22452/afkar.vol23no2.4

39.

Henseler

Ringle

C. M.

Sarstedt

(2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115–135. https://doi.org/10.1007/s11747-014-0403-8

40.

Hina

Panneer Selvam

D. D. D.

Lowry

P. B.

(2019). Institutional governance and protection motivation: Theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Computers and Security, 87, Article 101594. https://doi.org/10.1016/j.cose.2019.101594

41.

Humaidi

Alghazo

S. H. A.

(2022, June 6–7). Procedural information security countermeasure awareness and cybersecurity protection motivation in enhancing employee’s cybersecurity protective behaviour [Conferencesession]. 2022 10th International Symposium on Digital Forensics and Security (ISDFS), Istanbul, Turkey (pp. 1–10). https://doi.org/10.1109/ISDFS55398.2022.9800834

42.

Hwang

McPhillips

M. V.

Huang

Perez

G. A.

Hodgson

N. A.

(2023). Better caregiver mastery is associated with less anxiety in individuals with cognitive impairment. BMC Nursing, 22(1), 1–10. https://doi.org/10.1186/s12912-023-01471-x

43.

Ishak

S. A.

Din

Othman

Gabarre

(2022). Rethinking the ideology of using digital games to increase individual interest in STEM. Sustainability, 14, 1–19. https://doi.org/10.3390/su14084519

44.

Jamil

(2022). Factors affecting users cybersecurity practices: A study of Australian Microbusinesses (Issue September). Charles Sturt University.

45.

Jiow

H. J.

Tay

(2025). Using protection motivation theory to encourage healthy cyber hygiene behaviours. In Rahman

(Ed.), Digital citizenship and building a responsible online presence (pp. 307–332). IGI Global. https://doi.org/10.4018/979-8-3693-6675-2.ch012

46.

Junior

W. G.

Kim

(2025). Game modding: A design cognitive perspective in entrepreneurship education. Journal of Applied Learning & Teaching, 8(1), 25–34. http://journals.sfu.ca/jalt/index.php/jalt/index

47.

Justitia

Ambarrina

Raharjana

I. K.

Dina

N. Z.

Iahad

N. A.

(2022). Influences of Social Learning on Customer’s Intention to Download an Application from a Start-up Company. TEM Journal, 11(4), 1640–1652. https://doi.org/10.18421/TEM114-27

48.

Kilicer

Coklar

A. N.

Ozeke

(2017). Cyber human values scale (i-value): The study of development, validity and reliability. Internet Research, 27(5), 1255–1274. https://doi.org/10.1108/IntR-10-2016-0290

49.

Kollerup

N. K.

Cox

S. R.

Van Berkel

(2025, April 26–May 1). Enhancing self-efficacy in health self-examination through conversational agent’s encouragement [Conference session]. CHI ‘25: Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems, Yokohama, Japan.

50.

Kołodziej

Repetto

Duzha

(2022). Cybersecurity of digital service chains-challenges, methodologies, and tools. Springer. https://www.dropbox.com/s/awhe9jvel1igyba/978-3-031-04036-8.pdf?dl=0

51.

Koohi Rostami

Jahnifar

(2022). Development and validation of the information behavior measurement scale in the crisis. Sciences and Techniques of Information Management, 8(2), 427–454. https://doi.org/10.22091/stim.2021.6466.1511

52.

Krejcie

R. V.

Morgan

D. W.

(1970). Determining sample size for research activities. Educational and Psychological Measurement, 30(3), 607–610.

53.

Kwok

A. P. K.

Yan

Deng

X. H.

Chen

X. Y.

Huang

Y. T.

(2022). Exploring the facilitating and obstructing factors of using virtual reality for 5S training: An exploratory qualitative study from students’ perspectives in an industrial engineering undergraduate course. Computer Applications in Engineering Education, 30(4), 1072–1085.

54.

Lee

Y. Y.

Gan

C. L.

Liew

T. W.

(2023). Thwarting instant messaging phishing attacks: The role of self-efficacy and the mediating effect of attitude towards online sharing of personal information. International Journal of Environmental Research and Public Health, 20(4), 3514. https://doi.org/10.3390/ijerph20043514

55.

(2022). The effects of antecedents and mediating factors on cybersecurity protection behavior. Computers in Human Behavior Reports, 5, Article 100165. https://doi.org/10.1016/j.chbr.2021.100165

56.

Yang

Zhao

(2023). The relationship between achievement motivation and college students’ general self-efficacy: A moderated mediation model. Frontiers in Psychology, 13, Article 1031912. https://doi.org/10.3389/fpsyg.2022.1031912

57.

Phakdeephirot

(2022). The influence of achievement motivation on college students’ employability: A chain mediation analysis of self-efficacy and academic performance. Frontiers in Psychology, 13, 1–14. https://doi.org/10.3389/fpsyg.2022.972910

58.

Liang

Suntrayuth

Sun

(2023). Positive verbal rewards, creative self-efficacy, and creative behavior: A perspective of cognitive appraisal theory. Behavioral Sciences, 13(3), 229. https://doi.org/10.3390/bs13030229

59.

Liu

Gaiha

S. M.

Halpern-felsher

Sciences

States

(2022). School-based programs to prevent adolescent e-cigarette use: A report card. Current Problems in Pediatric and Adolescent Health Care, 52(6), 1–13. https://doi.org/10.1016/j.cppeds.2022.101204.School-based

60.

Sheng

Liu

Zhang

Yang

Xiao

(2024). Analysis of prevalence and related factors of cyberbullying–victimization among adolescents. Children, 11(10), 1–14. https://doi.org/10.3390/children11101193

61.

(2022). IS professionals’ information security behaviors in Chinese IT organizations for information security protection. Information Processing and Management, 59(1), Article 102744. https://doi.org/10.1016/j.ipm.2021.102744

62.

Mahmud

Yusoff

M. N.

Husin

M. H.

(2023). Generation Z’s adoption of IoT: Protection motivation theory as the underlying model and gender as a moderator. Journal of Systems & Information Technology, 25(2), 133–159. https://doi.org/10.1108/JSIT-02-2022-0054

63.

Mahmud

Ahmed

Islam

Billah

Banarjee

Islam

(2024). Freedom of expression in cyberspace: Society, law and its effects in Bangladesh’s perspective. Library Progress International, 44(4), 843–847.

64.

Malaysian Communications and Multimedia Commission. (2022). Internet users survey. https://www.mcmc.gov.my/skmmgovmy/media/General/pdf/Internet-Users-Survey-2018-(Infographic).pdf

65.

Mason

R. O.

(1986). Four ethical issues of the information age. Computer Ethics, March, 41–48. https://doi.org/10.4324/9781315259697-8

66.

Menard

Bott

G. J.

Crossler

R. E.

(2017). User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203–1230. https://doi.org/10.1080/07421222.2017.1394083

67.

Meng

Feng

(2022). Online taxi users’ optimistic bias: China youths’ digital travel and information privacy protection. Frontiers in Psychology, 13, Article 1049925. https://doi.org/10.3389/fpsyg.2022.1049925

68.

Metallinou

M. M.

(2022, May 11–12). Virtual reality support of cognitive processes in firefighter skills training [Conference session]. 2022 1st IEEE International Conference on Cognitive Aspects of Virtual Reality (CVR), Budapest, Hungary (pp. 27–34). https://doi.org/10.1109/CVR55417.2022.9967649

69.

Mourali

Benham

J. L.

Lang

Fullerton

M. M.

Boucher

J.-C.

Cornelson

Oxoby

R. J.

Constantinescu

Tang

Marshall

D. A.

(2023). Persuasive messages for improving adherence to COVID-19 prevention behaviors: Randomized online experiment. JMIR Human Factors, 10, e41328. https://doi.org/10.2196/41328

70.

Mtambeka

Mtegha

C. Q.

Chigona

Tuyeni

T. T.

(2023). Factors affecting how university students comply with cybersecurity measures: A case of South Africa. Proceedings of NEMISA Digital Skills Conference, 5, 1–16. https://doi.org/10.29007/bkw1

71.

Muhammad

A. D. S.

Priharsari

Hanggara

B. T.

(2022). Tampilan Analisis Kesediaan Berbagi Identitas digital berdasarkan PMT. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 6(11), 5532–5540.

72.

Müllner-Huber

Anton-Boicuk

Pronizius

Lengersdorff

Olsson

Lamm

(2022). The causal role of affect sharing in driving vicarious fear learning. PLOS ONE, 17(11), e0277793. https://doi.org/10.1371/journal.pone.0277793

73.

Mwagwabi

Jiow

J. H.

(2021). Compliance with security guidelines in teenagers: The conflicting role of peer influence and personal norms. Australasian Journal of Information Systems, 25, 1–25. https://doi.org/10.3127/AJIS.V25I0.2953

74.

Naufal

Hadee

(2022). The adoption of cybersecurity?: An analysis of Maldivian internet users ’ behaviour using the health belief model. Environmental Science, Pollution Research and Management, 2022(2), 1–35. https://doi.org/10.37722/ESPRAM.2022203

75.

Nayir

(2017). The relationship between student motivation and class engagement levels. Eurasian Journal of Educational Reserach, 2017(71), 59–77. https://doi.org/10.14689/ejer.2017.71.4

76.

Ndumbaro

(2018). Role of information ethics in the provision of library and information services in university libraries in Tanzania [Doctoral dissertation, University of KwaZulu-Natal, Pietermaritzburg, South Africa, pp. 1–285]. University of KwaZulu-Natal.

77.

Norman

I. D.

Kpeglo

E. D.

(2023). Assess self-efficacy of individuals for personal protection in Ghana. Journal of Emergency Management and Disaster Communications, 4(2), 153–177. https://doi.org/10.1142/s2689980923500100

78.

Ostermaier

(2018). Incentives for students: Effects of certificates and deadlines on student performance. Journal of Business Economics, 88, 65–96. https://doi.org/10.1007/s11573-017-0865-5

79.

Park

S. R.

Bae

S. M.

(2025). The moderating effect of internet ethics on the relationship between cyberbullying victimization and perpetration among Korean Adults. Psychiatry Investigation, 22(1), 47–56. https://doi.org/10.30773/pi.2024.0127

80.

Patel

Desai

(2020). ABC of Face Validity for Questionnaire. International Journal of Pharmaceutical Sciences Review and Research, 65(1), 164–168. https://doi.org/10.47583/ijpsrr.2020.v65i01.025

81.

Phungphai

Boonmoh

(2021). Students’ perception towards the use of rewards to enhance their learning behaviours and self-development. Journal of English Education, 7(1), 39–55. https://doi.org/10.30606/jee.v7i1.637

82.

Prathomwong

Singsuriya

(2022). Ethical framework of digital technology, artificial intelligence, and health equity. Asia Social Issues, 15(5), 252136. https://doi.org/10.48048/asi.2022.252136

83.

Quoc

T. N.

Huu

B. N.

(2023). Study on the intention and behavior complying with accounting information system security policy: The case of Vietnam [Conference session]. International Conference on Emerging Challenges: Strategic Adaptation in The World of Uncertainties (ICECH 2022). Ho Chi Minh City, Vietnam, November 3–5, 2022. Atlantis Press. https://doi.org/10.2991/978-94-6463-150-0

84.

Riniasih

Purwati

N. H.

Rayasari

(2022). Factor analysis related to self efficacy obesity management in students faculty of nursing science. Jurnal Keperawatan, 14, 1059–1068.

85.

Rogers

R. W.

(1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93–114. https://doi.org/10.1080/00223980.1975.9915803

86.

Ronald

(1985). Deviant behavior: A social learning approach (pp. 111–132). Wadsworth Pub. Co.

87.

Saeed

(2019). An assessment on the cyber human values of EMU students based on their behavior of social media. Eastern Mediterranean University.

88.

SentinelOne. (2025). 10 cyber security trends for 2025. https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-trends/

89.

Sepp

(2023). Sources influencing primary school student teachers’ self-efficacy beliefs in their music studies. Music Education Reserach, 25(1), 36–48.

90.

Sharma

Aparicio

(2022). Organizational and team culture as antecedents of protection motivation among IT employees. Computers and Security, 120, Article 102774. https://doi.org/10.1016/j.cose.2022.102774

91.

Shevchenko

Zhdanova

Shevchenko

Nehodenko

Spasiteleva

(2023). Information security risk management using cognitive modeling. CEUR Workshop Proceedings, 3550, 297–305.

92.

Scholl

(2018). Play the game! Analogue gamification for raising information security awareness. Journal of Systematics, Cybernetics and Informatics, 16(3), 32–35.

93.

Simon

Watson

S. J.

van Sintemaartensdijk

(2025). Response-efficacy messages produce stronger passwords than self-efficacy messages … for now: A longitudinal experimental study of the efficacy of coping message types on password creation behaviour. Computers in Human Behavior Reports, 17, Article 100615. https://doi.org/10.1016/j.chbr.2025.100615

94.

Snoussi

Radwan

A. F.

Mousa

S. A.

(2021). Knowledge, understanding, and adherence to social media regulations by youth in the united arab emirates. Arab Media and Society, 30, 23–41.

95.

Song

C. H.

Lee

J. H.

Roh

(2024). Exploring the cloud storage service adoption through the dual perspectives: Protection Motivation Theory (PMT) and the Extended Unified Theory of Technology Acceptance Model (UTAUT2). International Journal of Human-Computer Interaction, 41(4), 2745–2762. https://doi.org/10.1080/10447318.2024.2327219

96.

Sukmawati

Qodr

T. S.

Rutambuka

(2025). Integrating digital games into project-based learning to enhance student achievement in STEM education. International Journal of Recent Educational Research, 6(2), 294–315.

97.

Sulaiman

N. S.

Fauzi

M. A.

Hussain

Wider

(2022). Cybersecurity behavior among government employees: The role of protection motivation theory and responsibility in mitigating cyberattacks. Information (Switzerland), 13(9), 413. https://doi.org/10.3390/info13090413

98.

Syaadah

Ary

M. H. A. A.

Silitonga

Rangkuty

S. F.

(2023). Pendidikan formal, Pendidikan non formal Dan Pendidikan informal. Pema (Jurnal Pendidikan Dan Pengabdian Kepada Masyarakat), 2(2), 125–131. https://doi.org/10.56832/pema.v2i2.298

99.

Syabania

Muhdhar

M. H. I.

Al Landriany

Setiawan

N. R.

Nugraha

B. A.

Mardiyanti

(2023). The link between self-efficacy and environmental literacy of students. AIP Conference Proceedings, 2569(1), 1–6. https://doi.org/10.1063/5.0112433

100.

Taheri

A. M.

Hidarnia

Zarei

(2025). Investigating the relationships among oral health-related knowledge, attitude, practice, and self-ef fi cacy in predicting oral health behaviors among female Iranian students. Frontiers in Oral Health, 6, Article 1533519. https://doi.org/10.3389/froh.2025.1533519

101.

Tay

Hayes

Wilson

Hall

Kaufman

(2024). Gamified cybersecurity education through the lens of the information search process: An exploratory study of capture-the-flag competitions. Issues in Informing Science and Information Technology, 21, 1.

102.

Teo

T. S. H.

Srivastava

S. C.

Jiang

L. I.

(2008). Trust and electronic government success: An empirical study. Journal of Management Information Systems, 25(3), 99–132.

103.

Thomas

(2020). Cross-sectional study | Definition, uses & examples. Scribbr. https://www.scribbr.com/methodology/cross-sectional-study/

104.

Thompson

Oldfield

(2024). Affective responses to information security threats: The role of threat context and influence on perceived severity [Conference session]. Australasian Conference on Information Systems (ACIS 2024), Sydney, Australia, 4–6 December, 2024 (pp. 1–7).

105.

Thongmak

(2022). Protecting privacy in Pokémon Go: A multigroup analysis. Technology in Society, 70, Article 101999. https://doi.org/10.1016/j.techsoc.2022.101999

106.

Torten

Reaiche

Boyle

(2018). The impact of security awarness on information technology professionals’ behavior. Computers and Security, 79, 68–79. https://doi.org/10.1016/j.cose.2018.08.007

107.

Wang

Liu

Zhang

Zhong

Luo

Huang

(2023). Effects of digital game-based learning on students’ cyber wellness literacy, learning motivations, and engagement. Sustainability, 15(7), 5716.

108.

Wasim

Youssef

M. H.

Christodoulou

Reinhardt

(2024). The path to entrepreneurship: The role of social networks in driving entrepreneurial learning and education. Journal of Management Education, 48(3), 459–493. https://doi.org/10.1177/10525629231219235

109.

Winger

Ellis

Glover

(2024). Bridging the digital gap: Teaching cyber strategy and policy through a crisis simulation. International Studies Perspectives, 25(2), 145–163. https://doi.org/10.1093/isp/ekad001

110.

Zheng

Guo

(2020). Medical students’ motivation and academic performance: The mediating roles of self-efficacy and learning engagement. Medical Education Online, 25(1), Article 174296. 4https://doi.org/10.1080/10872981.2020.1742964

111.

Xiang

C. S.

Hasbullah

(2023). Cybersecurity awareness, cyber human values and cyberbullying among university students in Selangor, Malaysia. International Journal of Advanced Research in Technology and Innovation, 5(2), 1–11. https://doi.org/10.55057/ijarti.2023.5.2.1

112.

Yaokumah

(2020). Predicting and explaining cyber ethics with ethical theories. International Journal of Cyber Warfare and Terrorism, 10(2), 46–63. https://doi.org/10.4018/IJCWT.2020040103

113.

Yuen

K. F.

Cai

Wang

(2020). Cruise traveling behavior post-COVID: An integrated model of health protection motivation, travel constraint and social learning. Frontiers in Psychology, 13, Article 949288.

114.

Zani

A. A. A.

Norman

A. A.

Ghani

N. A.

Sianturi

R. S.

(2025). Navigating social media: How offline ethics, online etiquette, and protection behavior shape self-disclosure. IEEE Access, 13, 70598–70615. https://doi.org/10.1109/ACCESS.2025.3555548

115.

Zulkiplee

S. M. S.

Shukran

M. A. M.

Isa

M. R. M.

Khairuddin

M. A.

Wahab

Hidayat

(2025). Examining the impact factors influencing Higher Education Institution (HEI) students’ security behaviours in cyberspace environment. International Journal on Informatics Visualization, 9(1), 146–152. https://doi.org/10.62527/joiv.9.1.2296

Social Learning Strategies and Cognitive Mediating Process in Cyber Ethical Behaviour Among TVET Youth

Abstract

Plain Language Summary

Keywords

Introduction

Study Highlights

Protection Motivation Theory (PMT)

Social Learning Theory (SLT)

Research Model and Hypotheses Development

Hypotheses Development

Research Methodology

Participants

Questionnaire Development

Data Collection

Data Preparation

Empirical Analysis and Results

Descriptive Analysis

Assessment of the Theoretical Model

Measurement Model

Assessment of the Structural Model

Discussion

The Relationship Between Threat Appraisal Components (Perceived severity and Perceived vulnerability) and CEB

The Relationship Between Coping Appraisal Components (Self-efficacy and Response efficacy) and CEB

The Relationship of Social Learning Strategies and Cognitive Process in CEB

The Relationship Between Cyber Ethical Digital Games and the Cognitive Process

The Relationship Between the Lecturer’s Reminder and the Cognitive Process

The Relationship Between the Motivational Impact of Achievement Certificates and the Cognitive Process

Critical Reflection on Non-significant Findings

Perceived Vulnerability and CEB

Motivational Impact of Achievement Certificate and Response Efficacy

Contribution

Implication

Limitations and Directions for Future Research

Conclusion

Footnotes

Appendix

ORCID iDs

Ethical Considerations

Author Contributions

Funding

Declaration of Conflicting Interests

Data Availability Statement

The Disclosure of AI Usage

References