CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


Inkyoung Hur

Committee Member

Ling Wang

Committee Member

Souren Paul


computer security, information systems, malware, ransomware, social pressures, threat avoidance behavior


Ransomware security incidents have become one of the biggest threats to general computer users who are oblivious to the ease of infection, severity, and cost of the damage it causes. University networks and their students are susceptible to ransomware security incidents. College students have vast technical skills and knowledge, however they risk ransomware security incidents because of their lack of mitigating actions to the threats and the belief that it would not happen to them. Interaction with peers may play a part in college students’ perception of the threats and behavior to secure their computers. Identifying what influences students’ threat avoidance behavior in the face of ransomware security incidents is essential to managing students’ behaviors to protect their personal and university computer systems. The goal of this research is to empirically examine threat avoidance behavior in the context of ransomware security incidents among college students. The research model extends the Technology Threat Avoidance Theory with the addition of the factors of subjective norm, attitude toward knowledge sharing, and experience of threat. The study focuses on the effects these factors have on threat avoidance behavior. These factors determine if externalities such as social pressures or previous experiences of threat influence avoidance behavior.

This study was a quantitative and empirical study using a non-probability design for gathering data. The convenience sampling method was used to collect data using a survey instrument. The items of the survey instrument were designed using the 7-point Likert Scale. The data was collected from 174 United States college students using an online survey tool. Prior to the main data collection effort, an expert panel review and a pilot study were conducted. Pre-analysis data screening was conducted before analyzing the data. Data analysis with survey data was conducted using Partial Least Square Structural Equation Modeling (PLS-SEM) using SmartPLS 3.0.

The results of the study showed a positive and significant relationship between avoidance motivation and threat avoidance behavior. Subjective norm was found to have a positive effect on attitude towards knowledge sharing. However, the relationship between subjective norm and response efficacy was not significant. The study contributes to the body of knowledge by providing empirical evidence about the effect of factors of threat avoidance behavior on ransomware security incidents among college students. It provides insight into the experience and preparedness of students to deal with the threat of ransomware.