An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry

Khan, Shah Khalid; Shiwakoti, Nirajan; Wang, Juntong; Xu, Haotian; Xiang, Chenghao; Zhou, Xiao; Jiang, Hongwei

doi:10.3390/futuretransp5010005

Open AccessArticle

An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry

by

Shah Khalid Khan

¹,

Nirajan Shiwakoti

^2,*

,

Juntong Wang

²,

Haotian Xu

²,

Chenghao Xiang

²,

Xiao Zhou

² and

Hongwei Jiang

²

¹

Centre for Cyber Security Research & Innovation, RMIT University, Melbourne 3000, Australia

²

School of Engineering, RMIT University, Melbourne 3000, Australia

^*

Author to whom correspondence should be addressed.

Future Transp. 2025, 5(1), 5; https://doi.org/10.3390/futuretransp5010005

Submission received: 6 September 2024 / Revised: 19 December 2024 / Accepted: 2 January 2025 / Published: 8 January 2025

Download

Browse Figure

Versions Notes

Abstract

:

In the rapidly evolving landscape of digital connectivity, airlines have integrated these advancements as indispensable tools for a seamless consumer experience. However, digitisation has increased the scope of risk in the cyber realm. Limited studies have systematically investigated cybersecurity risks in the airline industry. In this context, we propose a novel questionnaire model to investigate consumers’ perceptions regarding the cybersecurity of airlines. Data were collected from 470 Chinese participants in Nanjing City. The analytical approach encompassed a range of statistical techniques, including descriptive statistics, exploratory factor analysis, difference analysis, and correlation. The constructs based on Maddux’s Protective Motivation Theory and Becker’s Health Belief Model were reliable, indicating the suitability of the proposed scales for further research. The results indicate that gender significantly influences passengers’ perceptions of airline cybersecurity, leading to variations in their awareness and response to cybersecurity threats. Additionally, occupation affects passengers’ information protection behaviour and security awareness. On the other hand, factors such as age, education level, and Frequent Flyer Program participation have minimal impact on passengers’ cybersecurity perceptions. Based on questionnaire content and data analysis, we propose three recommendations for airlines to enhance consumer cybersecurity perception. First, airlines should provide personalised network security services tailored to different occupations and genders. Second, they should engage in regular activities to disseminate knowledge and notices related to network security, thereby increasing passengers’ attention to cybersecurity. Third, increased resources should be allocated to cybersecurity to establish a safer cyber environment. This study aims to improve the quality of transportation policy and bridge the gap between theory and practice in addressing cybersecurity risks in the aviation sector.

Keywords:

cyberattacks; aviation; air transport; cyber resilience; hacks

1. Introduction

In the aviation sector, digital connectivity is a communication medium for various domains [1]. These range from online ticket booking, online check-in, purchasing value-added services, managing passenger accounts, to other crucial functions to establish communication links with ground processors, air traffic controllers, and affiliated airports [2]. This digitisation has transitioned the aviation industry towards a more interconnected environment, aiming to enhance all aspects of efficient travel and seamless consumer experience. However, this transformation also brings about a notable rise in technical vulnerabilities and network deficiencies, substantially amplifying the security risks, particularly cyber risks within the aviation industry [3].

The potential consequences of cyber risks may include tampering, damage, or privacy breaches of sensitive information, such as consumers’ personally identifiable information (PII): names, addresses, phone numbers, credit card information, identity documents, and airline travel history. Additionally, network disruptions could severely impact normal airline operations, potentially causing irreparable harm to aircraft navigation systems [4]. Internal threats from deliberate or inadvertent employee data leaks further compound cybersecurity concerns [5]. The escalation of malicious cyberattacks directly results from the increasing prevalence and intricacy of internet technologies and mobile applications, posing a significant threat to overall cybersecurity [6].

Airline cybersecurity encompasses a set of practices, policies, and procedures designed to protect systems and data from unauthorised access, use, disclosure, disruption, modification, or destruction [7,8]. Its specific focus lies in safeguarding the PIIs of both passengers and employees [9,10]. The significance of cybersecurity in the aviation sector is underscored in the existing literature. For instance, Strohmeier and Schäfer [11] underscore the vulnerabilities and attacks targeting wireless air traffic communication technologies. Kagalwalla and Churi [12] delve into the necessity of cybersecurity in aviation, outlining potential threats and challenges the industry faces. Similarly, Alsaid and Gutub [13] concentrate on electronic crimes within the aviation sector that may result in the loss of passenger information.

Despite the growing importance of airline cybersecurity, there is a notable gap in empirical research on consumer perceptions. Certain studies, such as Cunningham and Gerlach [14], examine how perceived risk rises during Internet airline reservation services’ evaluation and purchase stages. In contrast, others, including Scott and Trimarchi [2], Klenka [15], focus on the network’s importance and the aviation industry’s vulnerability to cybersecurity risks. Similarly, Rubio-Andrada and CelemÃn-Pedroche [16] found that socio-demographic factors influence traveller satisfaction at smart airports. However, these studies fall short of elucidating the specific ramifications of these issues for different stakeholders, especially consumers. Milbredt and Popa [17] delve into the impacts of automation systems on travellers. However, their paper lacks an in-depth examination of the potential new network security vulnerabilities introduced by automation and digitisation. Furthermore, while most studies on cybersecurity behaviour concentrate on the impact of gender, there is a notable dearth of research examining whether other personal information may influence research findings. Nevertheless, the perspectives and expectations of passengers in the field remain relatively unexplored, as highlighted by [18]. Additionally, these studies often lack comprehensive data to substantiate the current state of cybersecurity in the aviation industry. This gap warrants further exploration in future studies.

To address the aforementioned knowledge gaps, we have developed a novel questionnaire model grounded in Maddux’s Protective Motivation Theory (PMT) and Becker’s Health Belief Model (HBM) to explore consumers’ perceptions of airline cybersecurity [19,20]. The significance of this study lies in its tailored focus on understanding how a passenger’s comprehension of personal information and awareness of its protection shape their perception of airline cybersecurity. Additionally, the study explores how passengers perceive and respond to airline cybersecurity threats, a crucial aspect of digital security’s ever-evolving landscape. A vital exploration area is understanding how airlines can enhance cybersecurity measures to improve passenger satisfaction. Notably, some airlines have demonstrated a tendency to downplay the severe consequences associated with cybersecurity issues, neglecting their inadequate cyber defence mechanisms and even refuting the escalating concerns related to cybersecurity [21]. Therefore, conducting a comprehensive examination of cybersecurity perception within the airline industry can catalyse raising awareness among airlines regarding the significance of network security issues.

2. Methodology

2.1. Conceptualisation of Constructs

The paper adopts a questionnaire-based approach to address the knowledge gaps identified in the previous section. The questionnaire design is primarily grounded in Maddux’s Protective Motivation Theory (PMT) [19] and Becker’s Health Belief Model (HBM) [20]. PMT and HBM are widely employed to explain individuals’ tendencies toward safety behaviours, perceptions of risk, and responses to safety threats to avoid potential dangers [22]. Specifically, HBM elucidates the motivations driving the adoption of healthy habits, encompassing components such as perceived severity, benefits, susceptibility, cues to action, and barriers. PMT extends HBM by incorporating factors such as perceived vulnerability, severity, susceptibility, response efficacy, and self-efficacy, which are essential in defining behaviours focused on self-protection.

Previous literature has successfully applied PMT and HBM to study cybersecurity behaviours and awareness [23,24,25,26]. In adapting these theories for the specific context of cybersecurity research, particularly tailoring them to the survey on passengers’ perception of airline cybersecurity, necessary adjustments were made via a meta-synthesis literature review—systematically reviewing and integrating qualitative airline cybersecurity literature [27,28] Consequently, both HBM and PMT were integrated in designing the questionnaire, structuring it into five dimensions. Furthermore, the revised version has undergone additional refinement based on the expert review, incorporating valuable insights from cybersecurity professionals, transportation industry experts, and academics. The expert review involved contributions from diverse professionals and academics. Specifically, the review included three cybersecurity professionals, three automotive industry experts, one industry expert and postdoctoral fellow, and five interdisciplinary research students. All experts hold doctoral degrees except for the five students. The selection of experts was based on the professional network of the research team, ensuring that feedback was gathered from individuals with relevant expertise in cybersecurity, transportation, and academia. Their input was instrumental in refining the questionnaire and enhancing its robustness and relevance. In addition, the STEM college HEAN committee has approved the ethics application for this study (following a number of revisions—reference number EC00237).

2.2. Questionnaire Design

The conceptual structural diagram of the study’s questionnaire is illustrated in Figure 1. The first part involves analysing theories such as PMT and HBM to establish a theoretical foundation (shown in the red dotted box). Next, the dimensions are conceptualized based on these theories (shown in the green dotted box). Finally, the third part focuses on formulating questions (shown in the purple dotted box) derived from the conceptualized dimensions.

The questionnaire itself is divided into three sections. The first section provides the participants with basic information about the project: “The purpose of this questionnaire is to gather insights from airline passengers about their attitudes towards cybersecurity when travelling. As we increasingly rely on technology to make travel safer and more efficient, it is important to understand how passengers perceive the risks associated with using technology in air travel”.

The second section focuses on the participants’ socio-demographic and technological attributes. These include several questions related to the frequency of travel, enrolment in the Frequent Flyer Program (FFP), preferred airline, booking app, and cabin selection—these are tailored to the distinct nature of the airline. These questions supplement the essential personal information, such as gender, age, and income. Factors like travel frequency and FFP membership indicate, to some extent, a passenger’s reliance on air travel [29]. A higher travel frequency or being a frequent flyer suggests more frequent interaction and engagement with airlines.

Consequently, individuals with such travel habits might harbour different concerns regarding cybersecurity, potentially due to their increased exposure to the aviation industry. Furthermore, choices related to airlines, booking applications, and cabin preferences somewhat reflect a passenger’s consumption habits. These preferences might influence perceptions of cybersecurity, as different consumption levels could impact how individuals perceive and approach security measures.

The third section is structured around five dimensions, as illustrated in Table A1 of Appendix A (and Figure 1). It utilises a 5-point Likert scale, ranging from 1 for ‘Strongly Disagree’ to 5 for ‘Strongly Agree’. The Likert scale enables the ease and organisation of conducting descriptive statistics, factor analysis, and regression analysis. Additionally, the consistent intervals in Likert scales allow for comparisons and analyses across different populations and historical periods [30].

The first part of this section involves the Personal Information (PI) scale, which is divided into two dimensions and encompasses 13 questions (PI1.1–1.4, PI2.1–2.9). These dimensions primarily aim to survey passengers’ essential personal information related to cybersecurity and information. How passengers perceive information itself and their daily attention to cybersecurity may significantly influence their subconscious awareness of cybersecurity, subsequently impacting their perceptions of airline cybersecurity. The division into dimensions is aligned with the Self-Efficacy concept in the Protection Motivation Theory (PMT). The concept of Self-Efficacy involves the assessment and evaluation of one’s own abilities. This concept is closely related to passengers’ self-understanding of information and cybersecurity within the context of the Personal Information section. Among the questions in this section, only PI2.2 refers to the literature [5]. Consequently, these two dimensions are designed to gather data on passengers’ perceptions of personally identifiable information (PI1.1–1.4) and their attention to and protection of information (PI2.1–2.9).

The second part of this section introduces the passenger’s airline cybersecurity awareness scale, which comprises two dimensions: Passengers’ Awareness of Airline Cybersecurity1 (PA1) and Passengers’ Awareness of Airline Cybersecurity2 (PA2), including a total of 10 questions (PA1.1–1.7, PA2.1–2.3) detailed in Table A1 of Appendix A. These dimensions are structured with reference to the perceived vulnerability in the Protection Motivation Theory (PMT), which is utilised to gauge users’ beliefs regarding risk. These two dimensions focus on passengers’ concerns about the level of cybersecurity of airlines (PA1.1–1.7) and passengers’ expectations regarding airlines’ cyber services (PA2.1–2.3), which are the direct perceptions of passengers about the cybersecurity of airlines. The dimensions data are helpful in analysing which aspects of airline network services passengers are currently more comfortable with, as well as passengers’ concerns and objective suggestions for airlines, which can help airlines adjust their corporate cybersecurity strategies according to passengers’ actual needs. The final segment in Section 3 introduces the Passengers’ Response and Self-cognition of the Cybersecurity Threats Scale. This scale has a singular dimension: Perceived Self-cognition and Self-response (SC) with 10 questions (SC1.1–1.10). Question SC1.2 draws from the literature [22], and SC1.3 is influenced by [31]. To measure the perception of the severe consequences of risk, perceived severity from the HBM theory is employed, while response efficacy from the PMT theory is used to assess the level of response. This dimension encapsulates passengers’ perceptions of cybersecurity threats and their self-response to cyber risks.

2.3. Participants

The survey gathered data through online questionnaires in mainland China. Two key arguments influenced the decision. Firstly, China is the world’s second-largest aviation market, experiencing significant growth in passenger volumes and air cargo movement within its domestic market since 2007. In 2018, the industry facilitated 611.7 million passengers and 7.4 million tonnes of air cargo [32]. It is noteworthy that China has achieved a Global Cybersecurity Index (GCI) score exceeding 90, reflecting its strong global commitment to cybersecurity [33,34]. Questionnaire Star, a popular data collection platform (in China), was employed, which allowed data export for subsequent processing and analysis [35].

The survey was conducted over a one-week period, from 28 April to 5 May 2023. Survey teams visited Nanjing Lukou International Airport and various communities in Nanjing city. As the questionnaire was completed online, respondents used their cell phones after being briefed about the survey’s purpose. Completion times, tracked through the Questionnaire Star backend, served as the basis for initial questionnaire screening, with completion times exceeding 250 s considered indicative of thoughtful consideration of the questions. Upon completion and confirmation by the survey team, respondents received a small pre-prepared gift as a token of appreciation. Data analyses were conducted using a total of 470 valid responses. Participant information is summarised in Table A2 of Appendix A.

2.4. Data Analysis

We performed a comprehensive data analysis employing various statistical methods. Descriptive statistics provided an overview of personnel distribution by detailing frequency and proportion. Then, Exploratory Factor Analysis (EFA) was conducted to determine the structure and internal reliability of the five factors [36]. Inferential statistics, such as t-tests and ANOVA, were employed to establish variable relationships [37] and difference analysis. Post hoc tests, specifically using the LSD method, further examined differences within the same groups. Moreover, correlation analysis used the Pearson correlation coefficient to assess relationships between scales, dimensions, and variables. All analyses were performed using SPSS software (Version 27).

3. Empirical Results

3.1. Descriptive Analysis

This section reflects the demographics and characteristics of the respondents. The age range of participants spanned from 18 to over 60, with more than 50% of individuals clustered within the 26–30 and 31–40 age groups. The groups aged 18–25 and 41–50 collectively comprised 30% of the total, while the population over 60 was the smallest group.

In terms of gender distribution, 51% of respondents identified as male, while 48% identified as female. Regarding annual income, over 30% of participants reported an income between 5001–10,000 (RMB), followed by 28% earning between 3001–5000. Approximately 15% reported an income below 3000, while 20% reported an income exceeding 10,000.

Educational attainment showed that more than 30 respondents held a bachelor’s degree, followed by those with a senior high school degree or below (26%) and a similar number with Certificate/Diploma degrees. The lowest proportion held a graduate degree (master’s and higher), at 13%.

Occupation-wise, over 60% of respondents worked in the private sector, with nearly 20% being freelancers and the rest being students, businesspeople, government workers, and retirees. Most participants flew one to four times a year, with a small percentage taking more than eight flights. Most respondents (80%) were not airline FFP program members.

The primary purposes for flying included holidays (38%), business travel (25%), visiting relatives and friends, and studying (16%). Economy class (57%) and premium economy class (36%) were the most preferred. Air China, China Eastern Airlines, and China Southern Airlines were the three most chosen carriers, with third-party apps such as Ctrip being commonly used to book flights.

The data revealed that most respondents had utilised airline services and were familiar with concepts of cybercrime and cybersecurity yet had not fallen victim to cybercrimes or scams previously. Most participants asserted themselves as having a high degree of knowledge regarding cybersecurity.

Regarding cybersecurity, most respondents had utilised the internet services provided by airlines and exhibited a general awareness of cybercrime-related concerns. However, only a tiny portion of the participants had encountered situations where they became victims of cybercrime.

3.2. Exploratory Factor Analysis

The EFA employed the principal component analysis and the varimax rotation approach. Communalities, which indicate the level of variation in each dimension, were assessed. Table 1 displays commonalities for all items. The commonality values for all items are above 0.5, confirming their suitability for inclusion in the subsequent analysis.

Bartlett’s test of Sphericity evaluated the overall significance of the correlation matrix, with significant results observed (X² (n = 470) = 8117.51 (p < 0.000)), supporting the appropriateness of factor analysis. The Kaiser–Meyer–Olkin Sampling Adequacy (MSA) value was 0.947, indicating suitability for factor analysis (MSA > 0.800). Based on Eigenvalues (greater than 1) and scree plot results, the factor solution derived from this analysis revealed five scale factors, explaining 64.66% of the variance in the data [36].

The rotated component matrix in EFA simplifies the factor structure by maximising the variance explained by each factor and minimising cross-loadings. Table 2 displays the factor loadings for observed variables after rotation. This aids in interpreting the underlying factors and their relationships with the variables. Variables with high loadings (shown in light pink color) on a specific factor are considered to be strongly related to that factor, while variables with low loadings on a factor are less associated with it.

Cronbach’s alpha, composite reliability, and Average Variance Extracted (AVE) are presented in Table A3 (Appendix A). Both Cronbach’s alpha and composite reliability exceed 0.7, and AVE values fall within the theoretically acceptable range (above 0.5), indicating the reliability of the constructs for further analysis [38,39]. Similarly, the Fornell–Larcker criterion was employed to establish discriminant validity. The square root of AVE for each factor was calculated and compared with the constructs. The diagonal values in Table A4 (Appendix A) represent the square root of AVE, which are higher than the pair-wise correlations, confirming discriminant validity and indicating that the constructs measure distinct and separate concepts.

3.3. Difference Analysis

3.3.1. Gender and FFP

We analysed the differences between gender and FFP factors in each dimension of the questionnaire. Given that gender and FFP factors only have two values (0 and 1, respectively), we chose an independent sample T-test for the analysis. Results were evaluated based on the criteria established by [31], with significance deemed when p is less than 0.05. The detailed analysis results are presented in Table 3, revealing significant differences in all dimensions concerning gender. However, no significant difference was observed based on FFP and the five dimensions. Furthermore, Table 4 displays the mean values for gender, the ‘yes’ and ‘no’ values for the FFP factor, and the T-value and p-value for each dimension for both males and females.

3.3.2. Occupation

We utilised single-factor ANOVA analysis to assess the statistical significance among occupations (involving three or more variables). The results of the analysis are detailed in Table 5. With a significance level set at 0.05, our findings indicate no significant differences in occupations across the four dimensions. However, noteworthy variations were observed among occupations concerning information attention and protection measures (PI2). This discovery suggests that Chinese airlines may need to customise their network service strategies based on the unique needs of different occupations.

After determining that occupations differ in PI2, we conducted post hoc tests, and the results are presented in Table 6. The post hoc tests revealed that ‘Student’ was significantly different from other occupations. Additionally, ‘Business’ was found to be significantly different from ‘Private Sector’.

3.3.3. Other Factors

The additional factors included age, income, education level, consumption level, airline choices, ticket route, and travel frequency. These factors exhibited similar patterns in the analysis of differences, prompting their combination for discussion. Given that these factors comprised three or more variables, we conducted a single-factor ANOVA analysis. The results in Table 7 suggest that these factors do not differ significantly in each dimension.

3.4. Correlation Analysis

The correlation analysis presented in Table 8 reveals statistically significant relationships among the variables. Notably, there is a negative correlation between PI1 and PI2 (r = −0.308) and positive correlations among PI1, PA1, PA2, and SC (r = 0.250, 0.295, 0.453, respectively). This indicates that participants with a good understanding of personally identifiable information in airline cybersecurity have lower concerns about the attention and protection of information. Conversely, participants with a good understanding of personally identifiable information in airline cybersecurity exhibit higher self-judgment regarding the degree of attention that airlines attach to cybersecurity, expectations for airline network services, and self-cognition and self-response. Furthermore, there is a negative correlation between PI2 and PA1, PA2, and SC (r = −0.249, −0.176, −0.435, respectively). This suggests that participants showing deep concern for the attention and protection of information have less intent towards self-judgment about the attention degree airlines attach to cybersecurity, expectations for airline network services, and self-cognition and self-response. Additionally, a strong positive correlation emerges between SC and both PA1 (r = 0.499) and PA2 (r = 0.487), highlighting a robust association between these dimensions.

4. Discussion

The escalating global threat of cyberattacks has emphasised the critical importance of empirically analysing the digitally evolving facets of airline cybersecurity. As the aviation industry undergoes increased digitisation and networking, the potential threat to cybersecurity grows. Given that passengers directly engage with airline network services, their relationship with airline cybersecurity becomes crucial. However, there is currently limited exploration of passengers’ perceptions of airline cybersecurity in terms of the cybersecurity landscape and statistical research on the subject. Our study unravels passengers’ perceptions of airline cybersecurity in response to this imperative. We introduce a novel questionnaire to address gaps in cybersecurity research within the airline industry and shed light on specific aspects of airline cybersecurity that require heightened attention from the passenger’s standpoint.

The study holds significant implications for both theoretical understanding and practical application. From a theoretical standpoint, our exploration of passenger perceptions contributes to the ongoing discourse on airline cybersecurity, enriching existing frameworks and offering new insights into the dynamics of cyber threats in this domain. On a practical level, the findings have the potential to guide airlines in enhancing their cybersecurity measures by pinpointing areas that are particularly salient to passengers. This study bridges the gap between academia and industry by aligning theoretical advancements with practical considerations, fostering a comprehensive understanding of cybersecurity perceptions in the airline sector.

4.1. Implication for Research

This study has successfully integrated the HBM and PMT into the realm of airline network security research. Our data’s robust reliability and validity affirm that the new dimensions derived from these theories effectively contribute to the questionnaire’s validity and authenticity. This sets the stage for future research endeavours to build upon these dimensions, offering avenues for continued exploration and development.

While previous research in the airline industry has explored cybersecurity [15,22,40], it often focused on specific types of basic personal information, such as gender, age, or occupation. In contrast, our study delved into the collective impact of multiple basic personal information variables on passengers’ perceptions of airline cybersecurity. Our findings identified two significant factors, gender and occupation, shedding light on their influential role. This enriches the understanding of cybersecurity in the airline industry and serves as a valuable reference for further investigations across different dimensions of airline cybersecurity.

In examining whether passengers’ cybersecurity perceptions are influenced by personal information, our study aligns with previous research indicating that gender can impact users’ network awareness and behaviour [12,41]. Our survey, extending this notion to the context of airline cybersecurity, reveals that gender emerges as a primary influencing factor in passengers’ perceptions. Specifically, gender differences manifest in passengers’ awareness of airline cybersecurity and their self-cognition and response to cybersecurity threats. These insights contribute valuable nuances to the broader discussion on the intersection of personal information and cybersecurity perception.

As discussed in detail, the findings in Table 6 reveal noteworthy distinctions in mean scores between men and women across the PI, PA, and SC scales. Notably, men exhibit higher scores, indicating a greater perceived knowledge about cybersecurity and trust in the current state of airline cybersecurity compared to women. This suggests that men are more attuned to the intricacies of cybersecurity, expressing heightened concern for daily threat prevention and confidence in airlines’ cybersecurity measures. The gender-based differences may stem from distinct levels of knowledge about cybersecurity and information literacy.

These results indicate that males, perceiving themselves as more knowledgeable about cybersecurity, exhibit greater confidence in evaluating both the airline and them in terms of cybersecurity awareness and threat handling. This trend aligns with the significant correlation observed between the three dimensions. Conversely, females, perceiving themselves as having less knowledge about cybersecurity, tend to be less confident and concerned about cybersecurity threat handling. This nuanced insight also extends to their conservative outlook on the status of airline cybersecurity, highlighting the interconnectedness of the three dimensions.

The influence of gender on cybersecurity perceptions can be attributed to broader societal, psychological, and behavioural differences in risk assessment and interaction with technology. For instance, research on the perceived risks associated with purchasing airline tickets online has shown that women tend to perceive higher levels of performance, security, psychological, and overall risks compared to men [41]. Similarly, studies indicate significant gender differences in cybersecurity perceptions and behaviours. Women generally report heightened risk awareness in technology-related contexts [42], yet exhibit lower levels of security-related behaviours than men [43]. These disparities may stem from gender-specific variations in factors such as security self-efficacy, prior experience, and technological proficiency. For example, females often report lower confidence in their cybersecurity skills, which can influence their behaviours and engagement with security practices [22,44].

The study delved into various personal aspects, including age and income, to discern their potential impact on passengers’ network cognition. While occupation influenced passengers’ information protection behaviour and information security awareness, factors such as age, education level, and participation in an FFP showed minimal effects on passengers’ perceptions of airline cybersecurity. Moreover, our data analysis emphasises that occupation is pivotal in influencing passengers’ attitudes toward personal protection and information concerns [45]. Passenger concerns about cybersecurity are often rooted in their respective occupations, with these concerns intricately linked to specific professional contexts.

The relationship between demographic factors and cybersecurity cognition is multifaceted and often contradictory across studies. For instance, Fatokun and Hamid [46] found that age, gender, and educational level significantly influence students’ cybersecurity behaviours. Similarly, Hong and Chi [47] observed that exposure to full-time work environments moderates the relationship between knowledge, attitude, and behaviour in cybersecurity awareness. Research by Hadlington [48] suggests that older individuals tend to demonstrate lower levels of cybersecurity awareness and engagement, which may be attributed to limited exposure to digital environments and slower adoption of new technologies compared to younger cohorts. Additionally, Khan and Shiwakoti [49] highlight that in the context of consumer perceptions related to socio-demographic and technological attributes, older participants who have a middle income and low to middle levels of education but possess high cybersecurity knowledge and understanding of autonomous vehicles exhibit heightened anxiety about cyberattacks targeting these vehicles. Conversely, some studies suggest that demographic factors may not consistently influence cybersecurity awareness. Herath and Khanna [50] argue that demographic attributes do not necessarily affect cyber awareness among internet users. Future studies may aim to resolve these discrepancies and provide a more comprehensive understanding of the factors influencing cybersecurity awareness and behaviour across diverse populations.

Occupation and expertise significantly influence cybersecurity perceptions and behaviours. Cybersecurity experts tend to adopt more proactive and strategic approaches to online security compared to non-experts, leveraging their advanced knowledge and experience to mitigate risks effectively [51]. Social factors and cognitive biases affect cybersecurity perceptions and behaviours, with individuals often making mistakes in understanding risks and overestimating their group’s abilities [52,53]. Furthermore, divergent viewpoints on cybersecurity exist within groups, ranging from best practices to poor behaviours, highlighting the need for targeted educational interventions in both public and private sectors [54]. Nevertheless, job role is identified as the most crucial factor influencing cybersecurity training preferences and perceptions, suggesting that adaptive, role-specific training approaches are more effective than one-size-fits-all methods [55].

An intriguing finding was the high positive correlation observed among passengers’ basic information about cybersecurity, their awareness of airline cybersecurity, and their self-cognition and response to cybersecurity threats. This interconnection suggests a holistic understanding among passengers, where their general awareness aligns with their specific perceptions and responses to cybersecurity threats.

One of the most pressing concerns in airline cybersecurity is the risk of passenger personal data leakage, which directly impacts passengers. The formation of passengers’ perceptions of airline cybersecurity is intricately tied to their understanding and cognition of personal information. This understanding significantly influences how passengers comprehend airline cybersecurity and respond to associated risks. The results from the survey indicate that the mean for Personal Information (PI) is beyond 3.1, signifying a high level of understanding and awareness regarding personal information among participants. This awareness extends to the protection of personal information when utilising the Internet. For airlines, ensuring the security of passengers’ personal information during network use emerges as a pivotal factor in enhancing passenger satisfaction.

Meanwhile, one of the key aspects of passengers’ perceptions of airline cybersecurity is airline cybersecurity threats [56]. Passengers’ perceptions of airline cybersecurity threats may indicate how aware they are of such issues and if they think the airline has done an excellent job safeguarding cybersecurity. Responses to airline cybersecurity can show whether or not passengers understand and use some risk feedback measures provided by airlines. In this study, the mean SC (Self-cognition and Response to Cybersecurity Threats) was beyond 4, showing that people are aware of and have responded to the cybersecurity threat. Airlines should be aware of people’s attention to cyber threats and improve their cybersecurity level.

Other dimensions of cybersecurity may inadvertently receive less attention from passengers. Future investigations can explore the complex relationship between respondents’ cybersecurity views and their occupations, offering valuable insights into the nuanced dynamics of occupational influences on cybersecurity perceptions.

4.2. Implication for Practice

In recent years, the continuous development of technical solutions and information security procedures has attempted to address cybersecurity challenges; however, the magnitude of these challenges remains pronounced for many companies, reaching an intensified level [57]. This study contributes valuable insights for future research and offers a strategic reference for airline managers to adapt and enhance their cybersecurity strategies. Based on the outcomes of our survey and research, airline managers can implement tailored measures for passengers of different genders or occupations:

Customised Services: Airlines can personalise their services on mobile applications or official websites, emphasising specific aspects of cybersecurity that resonate with different genders in their network services. Incorporating gender-specific content and interactive elements can enhance engagement and ensure that passengers receive relevant cybersecurity information that aligns with their perspectives and preferences.

Educational Initiatives: Besides regularly disseminating cybersecurity-related knowledge or notices, airlines can establish comprehensive educational initiatives [58]. These initiatives may include the development of interactive cybersecurity modules accessible through airline platforms. Furthermore, the introduction of incentive programs, such as “cybersecurity knowledge wins discount”, can be expanded to encompass diverse learning formats, such as webinars, tutorials, or gamified experiences. This multifaceted approach aims to promote passengers’ attention and awareness of cybersecurity and encourage active participation and feedback, fostering a collaborative cybersecurity culture.

Increased Investment and Management Measures: Recognising the escalating concern about airline cybersecurity, airlines should consider substantial investments in cutting-edge technologies and robust management measures. This includes deploying advanced cybersecurity tools for real-time threat detection, implementing automated virus detection and elimination protocols, and maintaining a secure network environment. Airlines can also explore partnerships with cybersecurity experts to conduct regular audits and assessments. Additionally, allocating resources to comprehensive cybersecurity training programs for airline staff ensures a collective and informed response to potential threats. Strengthening emergency preparedness involves developing and regularly testing incident response plans to minimise passenger disruption and safeguard critical systems in the event of a cybersecurity incident.

5. Conclusions, Limitations, and Future Work

This study delves into passengers’ perspectives on airline cybersecurity in the evolving landscape of increasing attention to network security. Introducing a novel questionnaire model based on the HBM and PMT, we found that all scales in the proposed questionnaire demonstrated acceptable reliability. Our investigation reveals that gender significantly influences passengers’ perceptions of airline cybersecurity, impacting their awareness and responses to cybersecurity threats. Men, in particular, exhibit heightened awareness and concern regarding airline cybersecurity. Additionally, occupation emerges as a factor influencing passengers’ information protection behaviours and security awareness. In contrast, factors like age, education level, and FFP participation demonstrate minimal impact on passengers’ airline cybersecurity perceptions.

This study contributes to cybersecurity research in several ways. Firstly, it focuses on airline network security, shedding light on passengers’ understanding and prioritising airline cybersecurity. By analysing the questionnaire format, we identify deficiencies and potential issues in airline network security. Secondly, successfully integrating HBM and PMT theories enhances the research’s methodological robustness. The reliability and validity analysis supports the feasibility of this approach, providing a foundation for exploring new dimensions and directions in future research. Furthermore, exploring the impact of various aspects of basic personal information on airline network security perception identifies two pivotal factors: gender and occupation, offering valuable reference points for future cybersecurity studies.

We propose three recommendations for airlines to enhance cybersecurity measures based on our questionnaire content and data analyses. Firstly, personalised network security services tailored to different occupations and genders should be provided. Secondly, regularly disseminating cybersecurity-related knowledge or notices through various activities can elevate passengers’ awareness. Lastly, increased investment in cybersecurity is urged to foster a safer cyber environment.

We acknowledge the limitations of relying solely on Exploratory Factor Analysis (EFA) in the current study. Future research should prioritise the application of Confirmatory Factor Analysis (CFA) or Structural Equation Modelling (SEM) to test and refine the hypothesised relationships between variables. These advanced methodologies would allow for a more nuanced evaluation of the proposed theoretical model and its constructs. As statistical guidance suggests, it is important to note that performing both EFA and CFA on the same dataset is not recommended [59,60]. While the EFA conducted in this study successfully identified the latent factors shaping public perceptions of cybersecurity within the airline industry, leveraging CFA would allow researchers to test specific hypotheses regarding these factors’ structural composition and interrelationships.

Similarly, future investigations may examine passengers’ perceptions across diverse geographical regions, particularly in light of the impact of stringent data protection regulations. Cross-regional comparisons would be invaluable in elucidating how different regulatory environments shape public attitudes toward airline cybersecurity and data protection. This comparative lens could provide critical insights into regional variations, enriching the discourse on global cybersecurity challenges within the aviation sector.

Author Contributions

Conceptualisation, S.K.K.; methodology, S.K.K., N.S., J.W., H.X., C.X., X.Z. and H.J.; validation, S.K.K., N.S. and H.J.; formal analysis, S.K.K., N.S., J.W., H.X., C.X., X.Z. and H.J.; investigation, S.K.K., N.S., J.W., H.X., C.X., X.Z. and H.J.; data curation, J.W., H.X., C.X. and X.Z.; writing—original draft preparation, S.K.K., N.S., J.W., H.X., C.X., X.Z. and H.J.; writing—review and editing, N.S. and H.J.; supervision, H.J.; project administration, J.W., H.X., C.X. and X.Z. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

The survey study was approved by the Ethics Committee of RMIT University (approval number: SEHAPP 31-17).

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study. The participants voluntarily participated in this study.

Data Availability Statement

Data can be made available by contacting the last co-author, Hongwei Jiang ([email protected]).

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A

Table A1. Items and measurement scales.

Constructs	Items and Coding	Questions
Personal Information1 (PI1) The meaning of personally identifiable information (PI1)	PI1.1 PI1.2 PI1.3 PI1.4	While using airline services, I understand the meaning of personally identifiable information such as my name, address, phone number, credit card information, identity document, and airline travel history. I am comfortable sharing my personally identifiable information with the airline’s booking system. I believe that airlines only collect the personally identifiable information required for booking purposes. I understand the regulations that govern the collection and use of personally identifiable information by airline services.
Personal Information2 (P12) Attention and protection of information protection (PI2)	PI2.1 PI2.2 PI2.3 PI2.4 PI2.5 PI2.6 PI2.7	I am concerned about the privacy of personally identifiable information while using airline services. I feel uncomfortable when airlines use my personally identifiable information for marketing or promotional purposes. I feel uncomfortable with airlines sharing my personally identifiable information with third parties. I am concerned about a cybersecurity breach in the airline industry. I am concerned about cybercrime targeting the airline industry. I am concerned about the airline being hacked (by hackers). I am concerned about the cybersecurity of airlines during operations.
Passengers’ Awareness of Airline Cybersecurity1 (PA1) —Self-judgment about the attention degree that airlines attach to cybersecurity	PA1.1 PA1.2 PA1.3 PA1.4 PA1.5 PA1.6	I believe airlines view cybersecurity as a critical business issue that impacts their reputation and bottom line. I believe airlines have a strong culture of cybersecurity awareness and accountability. I believe that airlines have a clear and effective process for reporting and addressing cybersecurity incidents. I believe airlines communicate effectively with customers about potential cybersecurity risks. I believe airlines prioritise cybersecurity training for their employees. I believe that airlines stay up to date on the latest cybersecurity threats and technologies. I believe that airlines take customer feedback and complaints about cybersecurity seriously.
Passengers’ Awareness of Airline Cybersecurity2—Expectations for Airline network Services (PA2)	PA2.1 PA2.2 PA2.3	I would like airlines to provide stronger encryption and firewalls to improve the security of the wireless network service. I hope the airline can enhance its ability to resist hackers and prevent my devices from being hacked. I hope airlines can increase the security of their websites and avoid the spread of network viruses.
Self-cognition and Response to Cybersecurity Threats (SC) Self-cognition and self-response	SC1.1 SC1.2 SC1.3 SC1.4 SC1.5 SC1.6 SC1.7 SC1.8 SC1.9 SC1.10	I understand the potential consequences of a cybersecurity breach when using airline network services. I feel like I have a high chance of being exposed to cybersecurity threats. I trust airlines can protect my personal information when using their network services. I regularly take steps (such as changing passwords regularly) to protect my personal information when using airline network services. I would consider using airlines even after a cybersecurity breach in the airline industry. Not only passengers ourselves but airlines should require their third-party vendors to adhere to strict cybersecurity standards. I am willing to report suspicious activity or potential cybersecurity threats when using airline network services. I am willing to pay extra fees to ensure that airlines have strong cybersecurity measures in place. I believe that airlines should conduct regular vulnerability testing to identify potential cybersecurity threats. I believe that multi-factor authentication can be better to avoid cybersecurity threats.

Table A2. Respondents’ socio-technical demographics.

Category	Variable	Frequency	Percentage (%)
Gender	Male	244	51.9
Gender	Female	226	48.1
Age	18–25	98	20.9
	26–30	163	34.7
	31–40	114	24.3
	41–50	57	12.1
	51–60	30	6.4
	>60	8	1.7
Income (Monthly RMB)	<=3000	72	15.3
	3001–5000	135	28.7
	5001–10,000	163	34.7
	10,001–15,000	56	11.9
	15,001–20,000	33	7
	>20,000	11	2.3
Education	Senior high or lower	109	23.2
	Certificate/Diploma	125	26.6
	Bachelor	173	36.8
	Master or higher	63	13.4
Occupation	Student	2	0.4
	Business	41	8.7
	Owner	99	21.1
	Government sector	30	6.4
	Private sector	292	62.1
	Retired	6	1.3
	Travel Frequency (a year)
Travel Frequency (a year)	0	1	0.2
	1–4	276	58.7
	5–7	125	26.6
	8–10	60	12.8
	More than ten	8	1.7
Frequent Flyer Program (FFP)	Yes	92	19.6
Frequent Flyer Program (FFP)	No	378	80.4
Main Purpose	Business trip	118	25.1
	Holiday	181	38.5
	Visit friends and family	75	16
	Study	76	16.2
	Other	20	4.3
Class of Cabin	First class	10	2.1
	Business class	18	3.8
	Premier economy	173	36.8
	Economy class	269	57.2
Airlines	Three major airlines (Air China, China Eastern Airlines, and China Southern Airlines)	248	52.8
	Regional Airlines	138	29.4
	Low-Cost Airlines	75	16
	Others	9	1.9
Book Route	Airline’s official website or APP	122	26
	Third party apps (such as Ctrip)	265	56.4
	Offline booking	72	15.3
	Others	11	2.3
Whether you have used the Internet service provided by the airline?	Yes	371	78.9
	No	99	21.1
Have you heard of cybercrime or cybersecurity?	Yes	395	84
	No	68	14.5
	Not sure	7	1.5
Have you been victim of cybercrime in the past?	Yes	17	3.6
Have you been victim of cybercrime in the past?	No	453	96.4
How well do you understand cybercrime/cybersecurity?	Not well at all	7	1.5
	Slightly well	21	4.5
	Moderately well	73	15.5
	Very well	223	47.4
	Extremely well	146	31.1

Table A3. Cronbach’s alpha, composite reliability, and Average Variance Extracted.

Construct	Item	Loadings (>0.5)	Cronbach’s Alpha (>0.7)	Composite Reliability (>0.7)	Average Variance Extracted (>0.5)
Personal Information1 (PI1)	PI1.1	0.784	0.83	0.85	0.59
	PI1.2	0.77
	PI1.3	0.752
	PI1.4	0.768
Personal Information2 (P12)	PI2.1	0.763	0.82	0.92	0.62
	PI2.2	0.791
	PI2.3	0.771
	PI2.4	0.768
	PI2.5	0.815
	PI2.6	0.8
	PI2.7	0.8
Passengers’ Awareness of Airline Cybersecurity1	PA1.1	0.757	0.9	0.91	0.58
(PA1)	PA1.2	0.729
	PA1.3	0.762
	PA1.4	0.776
	PA1.5	0.744
	PA1.6	0.768
	PA1.7	0.782
Passengers’ Awareness of Airline Cybersecurity2	PA2.1	0.837	0.85	0.86	0.68
(PA2)	PA2.2	0.829
	PA2.3	0.803
Self-cognition and Response to Cybersecurity Threats	SC1.1	0.727	0.92	0.91	0.52
(SC)	SC1.2	0.725
	SC1.3	0.714
	SC1.4	0.698
	SC1.5	0.729
	SC1.6	0.796
	SC1.7	0.732
	SC1.8	0.671
	SC1.9	0.654
	SC1.10	0.736

Table A4. Discriminant validity.

Constructs	PI1	PI2	PA1	PA2	SC
PI1	0.77
PI2	0.30	0.79
PA1	0.25	0.24	0.76
PA2	0.29	0.17	0.22	0.82
SC	0.45	−0.43	0.49	0.48	0.72

References

Pereira, B.A.; Lohmann, G.; Houghton, L. Innovation and value creation in the context of aviation: A Systematic Literature Review. J. Air Transp. Manag. 2021, 94, 102076. [Google Scholar] [CrossRef]
Scott, B.I.; Trimarchi, A. The Digital Aviation Industry: A Balancing Act Between Cybersecurity and European Consumer Protection. Air Space Law 2017, 42, 443–463. [Google Scholar]
Filinovych, V.; Hu, Z. Aviation and the Cybersecurity Threats. In Proceedings of the International Conference on Business, Accounting, Management, Banking, Economic Security and Legal Regulation Research (BAMBEL 2021), Kyiv, Ukraine, 26–27 August 2021; pp. 120–126. [Google Scholar]
Khan, S.K.; Shiwakoti, N.; Diro, A.; Molla, A.; Gondal, I.; Warren, M. Space cybersecurity challenges, mitigation techniques, anticipated readiness, and future directions. Int. J. Crit. Infrastruct. Prot. 2024, 47, 100724. [Google Scholar] [CrossRef]
Posey, C.; Bennett, R.J.; Roberts, T.L. Understanding the mindset of the abusive insider: An examination of insiders’ causal reasoning following internal security changes. Comput. Secur. 2011, 30, 486–497. [Google Scholar] [CrossRef]
He, W. A survey of security risks of mobile social media through blog mining and an extensive literature search. Inf. Manag. Comput. Secur. 2013, 21, 381–400. [Google Scholar] [CrossRef]
Suo, D.; Siegel, J.E.; Sarma, S.E. Merging safety and cybersecurity analysis in product design. IET Intell. Transp. Syst. 2018, 12, 1103–1109. [Google Scholar] [CrossRef]
Khan, S.K.; Shiwakoti, N.; Stasinopoulos, P.; Chen, Y.; Warren, M. The impact of perceived cyber-risks on automated vehicle acceptance: Insights from a survey of participants from the United States, the United Kingdom, New Zealand, and Australia. Transp. Policy 2024, 152, 87–101. [Google Scholar] [CrossRef]
Tong, L.; Kwan, M. Ensuring cyber security in airlines to prevent data breach. Comput. Sci. IT Res. J. 2022, 3, 66–73. [Google Scholar] [CrossRef]
Khan, S.K.; Shiwakoti, N.; Stasinopoulos, P.; Chen, Y. Cyber-attacks in the next-generation cars, mitigation techniques, anticipated readiness and future directions. Accid. Anal. Prev. 2020, 148, 105837. [Google Scholar] [CrossRef]
Strohmeier, M.; Schäfer, M.; Pinheiro, R.; Lenders, V.; Martinovic, I. On perception and reality in wireless air traffic communication security. IEEE Trans. Intell. Transp. Syst. 2016, 18, 1338–1357. [Google Scholar] [CrossRef]
Kagalwalla, N.; Churi, P.P. Cybersecurity in aviation: An intrinsic review. In Proceedings of the 2019 5th International Conference on Computing, Communication, Control and Automation (ICCUBEA), Pune, India, 19–21 September 2019; pp. 1–6. [Google Scholar]
Alsaid, A.Y.; Gutub, A.A.-A.; AlKhodaidi, T. Cybercrime on Transportation Airline. J. Forensic Res. 2019, 10, 1–4. [Google Scholar]
Cunningham, L.F.; Gerlach, J.; Harper, M.D. Assessing perceived risk of consumers in Internet airline reservations services. J. Air Transp. 2004, 9, 21. [Google Scholar]
Klenka, M. Aviation cyber security: Legal aspects of cyber threats. J. Transp. Secur. 2021, 14, 177–195. [Google Scholar] [CrossRef]
Rubio-Andrada, L.; CelemÃn-Pedroche, M.S. Passengers satisfaction with the technologies used in smart airports: An empirical study from a gender perspective. J. Air Transp. Manag. 2023, 107, 102347. [Google Scholar] [CrossRef]
Milbredt, O.; Popa, A.; Doenitz, F.-C.; Hellmann, M. Aviation security automation: The current level of security automation and its impact. J. Airpt. Manag. 2022, 16, 184–208. [Google Scholar] [CrossRef]
Xu, H.; Mahenthiran, S.J.I.; Security, C. Users’ perception of cybersecurity, trust and cloud computing providers’ performance. Inf. Comput. Secur. 2021, 29, 816–835. [Google Scholar] [CrossRef]
Maddux, J.E.; Rogers, R.W.J.J.o.e.s.p. Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. J. Exp. Soc. Psychol. 1983, 19, 469–479. [Google Scholar] [CrossRef]
Janz, N.K.; Becker, M.H. The health belief model: A decade later. Health Educ. Q. 1984, 11, 1–47. [Google Scholar] [CrossRef]
Fox, S.J. Flying challenges for the future: Aviation preparedness–in the face of cyber-terrorism. J. Transp. Secur. 2016, 9, 191–218. [Google Scholar] [CrossRef]
Anwar, M.; He, W.; Ash, I.; Yuan, X.; Li, L.; Xu, L. Gender difference and employees’ cybersecurity behaviors. Comput. Hum. Behav. 2017, 69, 437–443. [Google Scholar] [CrossRef]
Ng, B.-Y.; Kankanhalli, A.; Xu, Y.C. Studying users’ computer security behavior: A health belief perspective. Decis. Support Syst. 2009, 46, 815–825. [Google Scholar] [CrossRef]
Vatka, M. Information Behaviour and Data Security: Health Belief Model Perspective. Master’s Thesis, Governance of Digitalization, Åbo Akademi University, Turku, Finland, 2019. [Google Scholar]
Dodge, C.E.; Fisk, N.; Burruss, G.W.; Moule Jr, R.K.; Jaynes, C.M. What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory. Criminol. Public Policy 2023, 22, 849–868. [Google Scholar] [CrossRef]
Khan, N.F.; Ikram, N.; Murtaza, H.; Javed, M. Evaluating protection motivation based cybersecurity awareness training on Kirkpatrick’s Model. Comput. Secur. 2023, 125, 103049. [Google Scholar] [CrossRef]
Lachal, J.; Revah-Levy, A.; Orri, M.; Moro, M.R. Metasynthesis: An original method to synthesize qualitative literature in psychiatry. Front. Psychiatry 2017, 8, 269. [Google Scholar] [CrossRef]
Walsh, D.; Downe, S. Meta-synthesis method for qualitative research: A literature review. J. Adv. Nurs. 2005, 50, 204–211. [Google Scholar] [CrossRef] [PubMed]
Weber, K.; Sparks, B. Consumer attributions and behavioral responses to service failures in strategic airline alliance settings. J. Air Transp. Manag. 2004, 10, 361–367. [Google Scholar] [CrossRef]
Jebb, A.T.; Ng, V.; Tay, L. A review of key Likert scale development advances: 1995–2019. Front. Psychol. 2021, 12, 637547. [Google Scholar] [CrossRef]
Li, L.; He, W.; Xu, L.; Ash, I.; Anwar, M.; Yuan, X. Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inf. Manag. 2019, 45, 13–24. [Google Scholar] [CrossRef]
USQA. An Overview of China’s Recent Domestic and International Air Transport Policy. 2020. Available online: https://research.usq.edu.au/download/a5aa70e833558d726b061b238d91a5285e38d3e3d2d35e1abab5819b94a1338f/321582/Submitted%20Chapter.pdf (accessed on 3 March 2024).
ITU. Global Cybersecurity Index. Available online: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx (accessed on 23 June 2023).
SEON. Global Cybercrime Report: Which Countries Are Most at Risk? 2022. Available online: https://resources.cdn.seon.io/uploads/2023/04/Cybersecurity_countries-min.pdf (accessed on 23 June 2023).
Question Star. 2023. Available online: https://www.questionstar.com/ (accessed on 3 March 2024).
Fabrigar, L.R.; Wegener, D.T. Exploratory Factor Analysis; Oxford University Press: Oxford, UK, 2011. [Google Scholar]
Pallant, J. SPSS Survival Manual: A Step by Step Guide to Data Analysis Using IBM SPSS; McGraw-Hill Education (UK): London, UK, 2020. [Google Scholar]
Shrestha, N. Factor analysis as a tool for survey analysis. Am. J. Appl. Math. Stat. 2021, 9, 4–11. [Google Scholar] [CrossRef]
Ab Hamid, M.; Sami, W.; Sidek, M.M. Discriminant validity assessment: Use of Fornell & Larcker criterion versus HTMT criterion. J. Phys. Conf. Ser. 2017, 890, 012163. [Google Scholar]
Aljohni, W.; Elfadil, N.; Jarajreh, M.; Gasmelsied, M. Cybersecurity awareness level: The case of Saudi Arabia University students. Int. J. Adv. Comput. Sci. Appl. 2021, 12, 276–281. [Google Scholar] [CrossRef]
Kim, L.H.; Qu, H.; Kim, D.J. A study of perceived risk and risk reduction of purchasing air-tickets online. J. Travel Tour. Mark. 2009, 26, 203–224. [Google Scholar] [CrossRef]
Gustafsod, P.E. Gender Differences in risk perception: Theoretical and methodological erspectives. Risk Anal. 1998, 18, 805–811. [Google Scholar] [CrossRef]
McGill, T.; Thompson, N. Gender differences in information security perceptions and behaviour. In Proceedings of the 29th Australasian Conference on Information Systems, Sydney, Australia, 3–5 December 2018. [Google Scholar]
Khan, S.K.; Shiwakoti, N.; Stasinopoulos, P.; Warren, M. A multinational empirical study of perceived cyber barriers to automated vehicles deployment. Sci. Rep. 2023, 13, 1842. [Google Scholar] [CrossRef]
Anwar, M.; He, W.; Yuan, X. Employment status and cybersecurity behaviors. In Proceedings of the 2016 International Conference on Behavioral, Economic and Socio-cultural Computing (BESC), Durham, NC, USA, 11–13 November 2016; pp. 1–2. [Google Scholar]
Fatokun, F.B.; Hamid, S.; Norman, A.; Fatokun, J.O. The impact of age, gender, and educational level on the cybersecurity behaviors of tertiary institution students: An empirical investigation on Malaysian universities. J. Phys. Conf. Ser. 2019, 1339, 012098. [Google Scholar] [CrossRef]
Hong, W.C.H.; Chi, C.; Liu, J.; Zhang, Y.; Lei, V.N.-L.; Xu, X. The influence of social education level on cybersecurity awareness and behaviour: A comparative study of university students and working graduates. Educ. Inf. Technol. 2023, 28, 439–470. [Google Scholar] [CrossRef]
Hadlington, L. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon 2017, 3, e00346. [Google Scholar] [CrossRef] [PubMed]
Khan, S.K.; Shiwakoti, N.; Stasinopoulos, P.; Chen, Y.; Warren, M. Exploratory factor analysis for cybersecurity regulation and consumer data in autonomous vehicle acceptance: Insights from four OECD countries. Transp. Res. Interdiscip. Perspect. 2024, 25, 101084. [Google Scholar]
Herath, T.B.; Khanna, P.; Ahmed, M. Cybersecurity practices for social media users: A systematic literature review. J. Cybersecur. Priv. 2022, 2, 1–18. [Google Scholar] [CrossRef]
Theofanos, M.; Stanton, B.; Furman, S.; Prettyman, S.S.; Garfinkel, S. Be prepared: How US government experts think about cybersecurity. In Proceedings of the Workshop on Usable Security (USEC), San Diego, CA, USA, 26 February 2017; Internet Society: Reston, VA, USA, 2017. [Google Scholar]
McAlaney, J.; Benson, V. Cybersecurity as a social phenomenon. In Cyber Influence and Cognitive Threats; Elsevier: Cambridge, MA, USA, 2020; pp. 1–8. [Google Scholar]
Khan, S.K.; Shiwakoti, N.; Stasinopoulos, P.; Warren, M. Driving a safer future: Exploring cross-country perspectives in automated vehicle adoption by considering cyber risks, liability, and data concerns. IET Intell. Transp. Syst. 2024, 18, 1999–2014. [Google Scholar] [CrossRef]
Ramlo, S.; Nicholas, J.B. The human factor: Assessing individuals’ perceptions related to cybersecurity. Inf. Comput. Secur. 2021, 29, 350–364. [Google Scholar] [CrossRef]
Salamah, F.B.; Palomino, M.A.; Papadaki, M.; Furnell, S. The importance of the job role in social media cybersecurity training. In Proceedings of the 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, 6–10 June 2022; pp. 454–462. [Google Scholar]
Menzel, D.; Hesterman, J. Airport security threats and strategic options for mitigation. J. Airpt. Manag. 2018, 12, 118–131. [Google Scholar] [CrossRef]
Soomro, Z.A.; Shah, M.H.; Ahmed, J. Information security management needs more holistic approach: A literature review. Int. J. Inf. Manag. 2016, 36, 215–225. [Google Scholar] [CrossRef]
Zwilling, M.; Klien, G.; Lesjak, D.; Wiechetek, Ł.; Cetin, F.; Basim, H.N. Cyber security awareness, knowledge and behavior: A comparative study. J. Comput. Inf. Syst. 2022, 62, 82–97. [Google Scholar] [CrossRef]
Hurley, A.E.; Scandura, T.A.; Schriesheim, C.A.; Brannick, M.T.; Seers, A.; Vandenberg, R.J.; Williams, L. Exploratory and confirmatory factor analysis: Guidelines, issues, and alternatives. J. Organ. Behav. 1997, 18, 667–683. [Google Scholar] [CrossRef]
Thompson, B. Exploratory and Confirmatory Factor Analysis: Understanding Concepts and Applications; American Psychological Association: Washington, DC, USA, 2004; Volume 10694. [Google Scholar]

Figure 1. The conceptualisation of the questionnaire (author’s synthesis).

Table 1. Commonalities.

	Initial	Extraction
PI1.1	1.000	0.670
PI1.2	1.000	0.658
PI1.3	1.000	0.632
PI1.4	1.000	0.679
PI2.1	1.000	0.634
PI2.2	1.000	0.684
PI2.3	1.000	0.651
PI2.4	1.000	0.633
PI2.5	1.000	0.704
PI2.6	1.000	0.705
PI2.7	1.000	0.683
PA1.1	1.000	0.615
PA1.2	1.000	0.609
PA1.3	1.000	0.619
PA1.4	1.000	0.649
PA1.5	1.000	0.641
PA1.6	1.000	0.637
PA1.7	1.000	0.656
PA2.1	1.000	0.769
PA2.2	1.000	0.784
PA2.3	1.000	0.757
SC1.1	1.000	0.636
SC1.2	1.000	0.605
SC1.3	1.000	0.584
SC1.4	1.000	0.573
SC1.5	1.000	0.657
SC1.6	1.000	0.563
SC1.7	1.000	0.624
SC1.8	1.000	0.560
SC1.9	1.000	0.561
SC1.10	1.000	0.613

Note: extraction method—Principal Component Analysis.

Table 2. Rotated component matrix.

	Component
	1	2	3	4	5
PI1.1	0.176	−0.094	0.095	0.784	0.082
PI1.2	0.193	−0.147	0.074	0.770	0.029
PI1.3	0.160	−0.124	0.103	0.752	0.122
PI1.4	0.240	−0.148	0.053	0.768	0.086
PI2.1	−0.170	0.763	−0.140	−0.042	−0.029
PI2.2	−0.185	0.791	−0.111	−0.090	−0.061
PI2.3	−0.185	0.771	−0.072	−0.095	−0.088
PI2.4	−0.142	0.768	−0.076	−0.126	−0.039
PI2.5	−0.118	0.815	−0.054	−0.146	−0.031
PI2.6	−0.227	0.800	−0.092	−0.070	0.001
PI2.7	−0.176	0.800	−0.084	−0.076	−0.013
PA1.1	0.117	−0.128	0.757	0.103	0.028
PA1.2	0.248	−0.098	0.729	0.079	0.018
PA1.3	0.154	−0.078	0.762	0.086	0.019
PA1.4	0.177	−0.100	0.776	0.027	0.071
PA1.5	0.262	−0.075	0.744	0.096	0.062
PA1.6	0.199	−0.070	0.768	−0.007	0.059
PA1.7	0.186	−0.066	0.782	0.047	0.064
PA2.1	0.208	−0.070	0.106	0.092	0.837
PA2.2	0.289	−0.050	0.063	0.085	0.829
PA2.3	0.294	−0.050	0.058	0.139	0.803
SC1.1	0.727	−0.191	0.183	0.129	0.144
SC1.2	0.725	−0.132	0.155	0.193	0.037
SC1.3	0.714	−0.160	0.205	0.068	0.049
SC1.4	0.698	−0.175	0.166	0.071	0.153
SC1.5	0.729	−0.182	0.196	0.178	0.150
SC1.6	0.796	−0.201	0.222	0.142	0.190
SC1.7	0.732	−0.150	0.169	0.136	0.138
SC1.8	0.671	−0.213	0.143	0.166	0.131
SC1.9	0.654	−0.122	0.268	0.149	0.155
SC1.10	0.736	−0.123	0.147	0.095	0.161

Notes: extraction method: Principal Component Analysis. Rotation method: Varimax with Kaiser normalization.

Table 3. Difference analysis: gender and FFP.

		Levene’s Test for Equality of Variances (Sig.)	t-Test for Equality of Means Sig. (2-Tailed)
Gender
PI1	Equal variances assumed	<0.001	<0.001
PI1	Equal variances not assumed		<0.001
PI2	Equal variances assumed	0.002	<0.001
PI2	Equal variances not assumed		<0.001
PA1	Equal variances assumed	<0.001	<0.001
PA1	Equal variances not assumed		<0.001
PA2	Equal variances assumed	<0.001	<0.001
PA2	Equal variances not assumed		<0.001
SC	Equal variances assumed	<0.001	<0.001
SC	Equal variances not assumed		<0.001
FFP
PI1	Equal variances assumed	0.124	0.997
PI1	Equal variances not assumed		0.997
PI2	Equal variances assumed	0.179	0.870
PI2	Equal variances not assumed		0.862
PA1	Equal variances assumed	0.448	0.518
PA1	Equal variances not assumed		0.505
PA2	Equal variances assumed	0.326	0.277
PA2	Equal variances not assumed		0.263
SC	Equal variances assumed	0.683	0.300
SC	Equal variances not assumed		0.312

Table 4. Gender and FFP.

Gender	Male	Female	T	p
PI1	4.12 ± 0.71	3.80 ± 0.93	4.178	<0.001
PI2	2.21 ± 0.61	2.42 ± 0.73	−3.340	<0.001
PA1	3.90 ± 0.71	3.51 ± 0.98	4.887	<0.001
PA2	3.90 ± 0.90	3.35 ± 1.10	5.871	<0.001
SC	4.49 ± 0.57	3.57 ± 0.70	15.643	<0.001
FFP	FFP	No FFP	T	p
PI1	3.96 ± 0.92	3.96 ± 0.82	−0.004	0.997
PI2	2.32 ± 0.62	2.31 ± 0.69	0.164	0.870
PA1	3.66 ± 0.84	3.73 ± 0.88	−0.647	0.518
PA2	3.74 ± 0.99	3.61 ± 1.04	1.088	0.277
SC	4.12 ± 0.81	4.03 ± 0.78	1.038	0.300

Table 5. Difference analysis: occupation.

ANOVA
	F	p
PI1	1.022	0.404
PI2	2.964	0.012
PA1	0.781	0.564
PA2	0.953	0.446
SC	2.209	0.052

Table 6. Post hoc (LSD) test: occupation.

Sig.	Student	Business	Owner	Government-Sector	Private Sector
Student
Business	0.001
Owner	0.002	0.353
Government Sector	0.004	0.302	0.718
Private Sector	0.004	0.045	0.162	0.648
Retired	0.003	0.848	0.543	0.459	0.310

Table 7. ANOVA: other factors.

		F	p
Age	PI1	0.229	0.950
	PI2	0.645	0.665
	PA1	1.066	0.378
	PA2	1.755	0.121
	SC	0.391	0.855
Income	PI1	1.185	0.316
	PI2	0.237	0.946
	PA1	2.185	0.055
	PA2	0.358	0.877
	SC	0.943	0.453
Education Level	PI1	0.581	0.627
	PI2	0.037	0.990
	PA1	1.142	0.332
	PA2	0.993	0.396
	SC	1.216	0.303
Consumption Level	PI1	1.077	0.358
	PI2	0.407	0.748
	PA1	0.736	0.531
	PA2	0.356	0.785
	SC	0.833	0.476
Airline Choices	PI1	2.587	0.052
	PI2	0.317	0.813
	PA1	0.332	0.802
	PA2	1.058	0.367
	SC	1.090	0.353
Ticket Route	PI1	0.683	0.563
	PI2	1.668	0.173
	PA1	1.281	0.280
	PA2	0.416	0.742
	PI	1.846	0.138
Travel Frequency	PI1	0.112	0.978
	PI2	0.458	0.766
	PA1	0.264	0.901
	PA2	0.530	0.714
	SC	0.411	0.801

Table 8. Correlation analysis.

	PI1	PI2	PA1	PA2	SC
PI1	1
PI2	−0.308 **	1
PA1	0.250 **	−0.249 **	1
PA2	0.295 **	−0.176 **	0.227 **	1
SC	0.453 **	−0.435 **	0.499 **	0.487 **	1

** Correlation is significant at the 0.01 level (2-tailed).

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

Share and Cite

MDPI and ACS Style

Khan, S.K.; Shiwakoti, N.; Wang, J.; Xu, H.; Xiang, C.; Zhou, X.; Jiang, H. An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry. Future Transp. 2025, 5, 5. https://doi.org/10.3390/futuretransp5010005

AMA Style

Khan SK, Shiwakoti N, Wang J, Xu H, Xiang C, Zhou X, Jiang H. An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry. Future Transportation. 2025; 5(1):5. https://doi.org/10.3390/futuretransp5010005

Chicago/Turabian Style

Khan, Shah Khalid, Nirajan Shiwakoti, Juntong Wang, Haotian Xu, Chenghao Xiang, Xiao Zhou, and Hongwei Jiang. 2025. "An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry" Future Transportation 5, no. 1: 5. https://doi.org/10.3390/futuretransp5010005

APA Style

Khan, S. K., Shiwakoti, N., Wang, J., Xu, H., Xiang, C., Zhou, X., & Jiang, H. (2025). An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry. Future Transportation, 5(1), 5. https://doi.org/10.3390/futuretransp5010005

Article Menu

An Investigation on Passengers’ Perceptions of Cybersecurity in the Airline Industry

Abstract

1. Introduction

2. Methodology

2.1. Conceptualisation of Constructs

2.2. Questionnaire Design

2.3. Participants

2.4. Data Analysis

3. Empirical Results

3.1. Descriptive Analysis

3.2. Exploratory Factor Analysis

3.3. Difference Analysis

3.3.1. Gender and FFP

3.3.2. Occupation

3.3.3. Other Factors

3.4. Correlation Analysis

4. Discussion

4.1. Implication for Research

4.2. Implication for Practice

5. Conclusions, Limitations, and Future Work

Author Contributions

Funding

Institutional Review Board Statement

Informed Consent Statement

Data Availability Statement

Conflicts of Interest

Appendix A

References

Share and Cite

Article Metrics

Article Access Statistics

Further Information

Guidelines

MDPI Initiatives

Follow MDPI