Cybersecurity Literacy and Online Risk Management among First-Year IT Students
by Alvin M. Boncales, Eric B. Bulala, Kristine T. Soberano, Mark Angelou A. Balonga
Published: April 30, 2026 • DOI: 10.51244/IJRSI.2026.1304000071
Abstract
This research examined the cybersecurity literacy and online risk management behaviors of first-year Information Technology (IT) students at three colleges in the Philippines. The study's objectives were to evaluate students' understanding of cybersecurity threats, pinpoint prevalent risky online behaviors, and analyze the correlation between cybersecurity literacy and online risk management practices. A descriptive quantitative research design was utilized, and data were gathered from 250 first-year IT students through a structured questionnaire assessing cybersecurity knowledge and online risk management.
The results revealed that, despite students exhibiting a generally high degree of confidence in their ability to manage online risks, certain insecure practices persisted. Many respondents reported infrequent password updates (38% changing passwords only once a year and 29.6% rarely or never updating). The results also revealed that a large proportion of students entered the IT program with minimal formal cybersecurity training (32.4% had not taken any IT-related courses at all), as most respondents came from non-technical Senior High School strands (70%). Statistical analysis showed no significant differences in cybersecurity literacy and online risk management practices between male and female students (p = 0.815). Furthermore, Pearson correlation analysis revealed a statistically significant but weak positive relationship between cybersecurity literacy and online risk management (r = 0.27, p = 0.001).
The research findings indicated a discrepancy between students' self-assessed cybersecurity preparedness and their actual online behaviors. Specifically, students' expressed confidence did not always correlate with secure practices. Consequently, the study suggested incorporating practical, scenario-driven cybersecurity instruction into the foundational IT curriculum. This integration aimed to boost students' digital resilience and encourage safer online conduct.