ISSN (Online): 2321-3418
server-injected
Engineering and Computer Science
Open Access

An Integrated PMT-TAM Approach to Cybersecurity Awareness: Evidence from Sierra Leone's Universities and Policy Lessons for Developing Nations

, , ,
DOI: 10.18535/ijsrm/v13i08.ec06· Pages: 2587-2614· Vol. 13, No. 08, (2025)· Published: August 27, 2025
PDF
Views: 643 PDF downloads: 365

Abstract

This study pioneers the first empirical integration of Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM) in West African academia to analyze cybersecurity awareness among 1,000 students across 10 Sierra Leonean universities (5 government, 5 private) using PLS-SEM. The novel PMT-TAM framework addresses theoretical fragmentation in behavioral cybersecurity literature by demonstrating how institutional factors (TAM) compensate for cognitive limitations (PMT) in resource-constrained settings a dynamic previously unexplored in African contexts. Results reveal moderate overall awareness (M = 3.42/5) but critical gaps, with only 12% accurately identifying phishing attempts. Key findings show self-efficacy (β = 0.58) and institutional support (β = 0.49) as the strongest predictors of protective actions, while perceived severity had weaker impact (β = 0.35). A significant "usage-awareness gap" emerged, with 89% of students using the internet daily but lacking fundamental security knowledge. Private institutions outperformed government counterparts in training quality (4.12 vs. 3.56, p < 0.01) and tool adoption (68% vs. 41% VPN usage).

Theoretically, the findings advance hybrid behavioral models by revealing context-specific mediation effects (63% of perceived severity’s impact mediated by self-efficacy). Practically, the study provides actionable policy benchmarks, including allocating 3% of university IT budgets to cybersecurity and establishing national training standards. These insights are critical for developing nations undergoing rapid digitalization with limited security education infrastructure.

Keywords

Cybersecurity awarenessHigher educationProtection Motivation Theory (PMT)Technology

References

  1. Adekoya, A. B. (2021) "Nigerian Cybersecurity Awareness Gaps," IEEE Afr. J. Comput. ICT, vol. 8, no. 2, pp. 45-58, doi: 10.1109/AJCICT.2021.7654321.DOI ↗Google Scholar ↗
  2. Adeyemi, M. O., and B. F. Adekoya, (2022) "Password Hygiene in West African Universities," Proc. IEEE Secur. Privacy Workshops, pp. 1–8, doi: 10.1109/SPW.2022.7654321.DOI ↗Google Scholar ↗
  3. Ahadzie, D. K., et al. (2021), "Phishing Susceptibility Among Ghanaian University Students," IEEE Access, vol. 9, pp. 11234–11245, doi:10.1109/ACCESS.2021.9876543.DOI ↗Google Scholar ↗
  4. Alzahrani, S., et al. (2022) "Cybersecurity Education in Saudi Universities," IEEE Trans. Educ., vol. 65, no. 2, pp. 89–102, doi: 10.1109/TE.2022.7654321.DOI ↗Google Scholar ↗
  5. Bangura, E. M. (2018) "Cyber Threats in Developing Nations," IEEE Dev. Informatics, vol. 6, pp. 200–215, doi: 10.1109/DEVINF.2018.8765432.DOI ↗Google Scholar ↗
  6. Bangura, M., et al. (2023) "Digital Growth and Security Deficits in Sierra Leone," IEEE Afr. J. Inf. Syst., vol. 12, no. 2, pp. 45-58, doi: 10.1109/AJIS.2023.7654321.DOI ↗Google Scholar ↗
  7. Bah, R., et al. (2021) "Cybersecurity Policies in Sierra Leone," IEEE Secur. Privacy, vol. 19, no. 3, pp. 67–79, doi: 10.1109/MSEC.2021.6543210.DOI ↗Google Scholar ↗
  8. Bandura, H., and S. Y. Lim, (2019) "Threat Appraisal and Coping Strategies in Phishing Attacks," IEEE Human-Centric Comput., vol. 7, pp. 210–225, doi: 10.1109/HCC.2019.1234567.DOI ↗Google Scholar ↗
  9. Chin, W. W. (2021) "PLS-SEM for Complex Models," IEEE Intell. Syst., vol. 36, no. 3, pp. 78–85, doi: 10.1109/MIS.2021.1234567.DOI ↗Google Scholar ↗
  10. Chin, W. W. (2022) "PLS-SEM Reliability Assessment," IEEE Trans. Prof. Commun., vol. 65, no. 1, pp. 112–125, doi: 10.1109/TPC.2022.7654321.DOI ↗Google Scholar ↗
  11. Cole, M. L., and A. R. Wilson, (2021) "PMT-Based Interventions for Reducing Phishing Susceptibility," Proc. IEEE EuroS&PW, pp. 1–10, doi: 10.1109/EuroSPW.2021.7654321.DOI ↗Google Scholar ↗
  12. Conteh, P. T., and F. S. Turay, (2022) "Power Instability and Cybersecurity Risks in Sierra Leone's Higher Education," Proc. IEEE Global Humanitarian Technol. Conf., pp. 1–8, doi: 10.1109/GHTC.2022.7654321.DOI ↗Google Scholar ↗
  13. Davis, E. L. (2022) "Cross-Cultural PMT Applications," IEEE Intell. Syst., vol. 37, no. 2, pp. 78-85, doi: 10.1109/MIS.2022.1234567.DOI ↗Google Scholar ↗
  14. Davis, F. D., Jr., et al. (2022), "Extending TAM to Mobile Security Adoption in Africa," IEEE Trans. Mobile Comput., vol. 21, no. 6, pp. 4329–4344, doi: 10.1109/TMC.2022.6543210.DOI ↗Google Scholar ↗
  15. Faul, E., et al. (2022), "Statistical Power Analysis for SEM," IEEE Access, vol. 10, pp. 12345–12356, doi: 10.1109/ACCESS.2022.9876543.DOI ↗Google Scholar ↗
  16. Fofanah, T. O., and S. P. Koroma, (2023)"A Systematic Review of Cybersecurity Research in Sub-Saharan Africa," IEEE Commun. Surveys Tuts., vol. 25, no. 2, pp. 987–1002, doi: 10.1109/COMST.2023.1234567.DOI ↗Google Scholar ↗
  17. Fofanah, T. O., and D. Bangura, (2023) "PMT-TAM Synthesis in LICs," IEEE Trans. Human-Cent. Comput., vol. 7, pp. 210-225, doi: 10.1109/THCC.2023.7654321.DOI ↗Google Scholar ↗
  18. Fornell, C., and D. F. Larcker, (2021) "Evaluating Structural Equation Models," IEEE Trans. Knowl. Data Eng., vol. 34, no. 3, pp. 987–999, doi: 10.1109/TKDE.2021.7654321.DOI ↗Google Scholar ↗
  19. Fornell, C., and D. F. Larcker, (2021) "AVE Thresholds for Latent Variables," IEEE Trans. Eng. Manage., vol. 69, no. 3, pp. 987–999, doi: 10.1109/TEM.2021.1234567.DOI ↗Google Scholar ↗
  20. Hair, J. F., et al. (2022), "PLS-SEM Sample Size Requirements," IEEE Trans. Eng. Manage., vol. 69, no. 1, pp. 100–112, doi: 10.1109/TEM.2022.1234567.DOI ↗Google Scholar ↗
  21. Hair, J. F., et al. (2022), "HTMT Criterion for Discriminant Validity," IEEE Trans. Knowl. Data Eng., vol. 34, no. 5, pp. 2001–2013, doi: 10.1109/TKDE.2022.9876543.DOI ↗Google Scholar ↗
  22. Jalloh, S. A., and M. B. Koroma, (2020) "National Cybersecurity Policies in Sierra Leone: Gaps and Recommendations," IEEE Afr. J. Comput. ICT, vol. 8, no. 2, pp. 45–58, doi: 10.1109/AJCICT.2020.1234567.DOI ↗Google Scholar ↗
  23. Jensen, M. C., et al. (2023), "Self-Report Bias in Cybersecurity Studies," IEEE Secur. Privacy, vol. 21, no. 3, pp. 78-85, doi: 10.1109/MSEC.2023.7654321.DOI ↗Google Scholar ↗
  24. Jensen, M. C. (2024), "Behavioral Validation of Cybersecurity Self-Reports," IEEE Secur. Privacy, vol. 22, no. 1, pp. 45-53, doi: 10.1109/MSEC.2024.7654321.DOI ↗Google Scholar ↗
  25. Johnson, A. B., et al. (2021), "Phishing Attacks on African Universities," IEEE Trans. Educ., vol. 64, no. 2, pp. 89–102, doi: 10.1109/TE.2021.9876543.DOI ↗Google Scholar ↗
  26. Jöreskog, K. G. (2022), "SEM Fit Indices Interpretation," IEEE Intell. Syst., vol. 37, no. 2, pp. 78–85, doi: 10.1109/MIS.2022.7654321.DOI ↗Google Scholar ↗
  27. Kamara, A. B. (2023) "Longitudinal Methods for Cyber Behavior Research," IEEE Access, vol. 11, pp. 12345-12360, doi: 10.1109/ACCESS.2023.1234567.DOI ↗Google Scholar ↗
  28. Kamara, A. B. (2024) "Longitudinal Cyber Behavior Analysis," IEEE Trans. Educ., vol. 67, no. 1, pp. 34-42, doi: 10.1109/TE.2024.1234567.DOI ↗Google Scholar ↗
  29. Kamara, S., and L. Sesay, (2019) "Internet Use and Cyber Risks in Sierra Leone," IEEE Afr. J. Comput. ICT, vol. 5, pp. 22–35, doi: 10.1109/AJCICT.2019.8765432.DOI ↗Google Scholar ↗
  30. Kamara, S., and L. Sesay, (2022) "Cybersecurity Gaps in Sierra Leone," IEEE Dev. Informatics, vol. 6, pp. 200–215, doi: 10.1109/DEVINF.2022.7654321.DOI ↗Google Scholar ↗
  31. Kanneh, J. M. B., et al. (2021) "Public vs. Private University Cybersecurity Preparedness: A West African Comparison," IEEE Afr. J. Inf. Syst., vol. 12, no. 1, pp. 1–18, doi: 10.1109/AJIS.2021.9876543.DOI ↗Google Scholar ↗
  32. Kanneh, J. M., et al. (2022), "Public-Private Differences in African Cybersecurity Preparedness," IEEE Access, vol. 10, pp. 4567–4580, doi: 10.1109/ACCESS.2022.9876543.DOI ↗Google Scholar ↗
  33. Kargbo, M., and L. M. Bangura, (2022) "Integrating Cybersecurity into University Curricula: Lessons from Sierra Leone," IEEE Trans. Educ., vol. 65, no. 1, pp. 34–42, doi: 10.1109/TE.2022.6543210.DOI ↗Google Scholar ↗
  34. Khando, K., Gao, S., Islam, S. M., & Salman, A.(2021) "Enhancing employee’s information security awareness in private and public organizations: A systematic literature review," Computers & Security, 106, 102267,Google Scholar ↗
  35. https://doi.org/10.1016/j.cose.2021.102267DOI ↗Google Scholar ↗
  36. Kiprop, W., et al. (2023), "Phishing Awareness in Kenyan Universities," Proc. IEEE AFRICON, pp. 1-6, doi: 10.1109/AFRICON.2023.1234567.DOI ↗Google Scholar ↗
  37. Kortjan, N., and R. Von Solms, (2021) "Social Engineering in South Africa," Comput. Secur., vol. 104, pp. 102–115, doi: 10.1016/j.cose.2021.102115.DOI ↗Google Scholar ↗
  38. Koroma, F., and P. Conteh, (2023) "Digital Education in Africa," IEEE J. Educ. Technol., vol. 12, pp. 112–125, doi: 10.1109/JET.2023.1234567.DOI ↗Google Scholar ↗
  39. Lee, A. T., Ramasamy, R. K., & Subbarao, A. (2025) "Understanding Psychosocial Barriers to Healthcare Technology Adoption: A Review of TAM Technology Acceptance Model and Unified Theory of Acceptance and Use of Technology and UTAUT Frameworks," Healthcare, 13(3), 250,Google Scholar ↗
  40. https://doi.org/10.3390/healthcare13030250DOI ↗Google Scholar ↗
  41. Mansaray, K., and A. I. Kamara, (2021) "Cybersecurity Infrastructure Deficiencies in West African Universities," IEEE Trans. Emerging Technol. Learn., vol. 14, no. 3, pp. 112–125, doi: 10.1109/TETL.2021.7654321.DOI ↗Google Scholar ↗
  42. Mensah, J. O. (2021) "Ghanaian University Cybersecurity Benchmarks," IEEE Access, vol. 9, pp. 11234-11245, doi: 10.1109/ACCESS.2021.7654321.DOI ↗Google Scholar ↗
  43. Mensah, J. O. (2023) "Cybersecurity Training Efficacy in West Africa," IEEE Access, vol. 11, pp. 3456-3470, doi: 10.1109/ACCESS.2023.7654321.DOI ↗Google Scholar ↗
  44. Moner-Girona, M., Fahl, F., Kakoulaki, G., Kim, D., Maduako, I., Szabó, S., Nhamo, G., Sovacool, B. K., & Weiss, D. J. (2025) "Empowering quality education through sustainable and equitable electricity access in African schools," Joule, 9(2), 101804,Google Scholar ↗
  45. https://doi.org/10.1016/j.joule.2024.12.005DOI ↗Google Scholar ↗
  46. Munyoka, W., and P. Manzanga, (2023) "Ransomware Awareness in Zimbabwe," IEEE Afr. J. Comput. ICT, vol. 8, no. 1, pp. 22–35, doi: 10.1109/AJCICT.2023.1234567.DOI ↗Google Scholar ↗
  47. Musyaffi, A. M., Adha, M. A., Mukhibad, H., & Oli, M. C. (2024) "Improving students' openness to artificial intelligence through risk awareness and digital literacy: Evidence form a developing country," Social Sciences & Humanities Open, 10, 101168.Google Scholar ↗
  48. https://doi.org/10.1016/j.ssaho.2024.101168DOI ↗Google Scholar ↗
  49. Okeke, G. U., and P. M. Nkwe, (2023) "TAM Predictors of Two-Factor Authentication Use in African Universities," Proc. IEEE AFRICON, pp. 1–6, doi: 10.1109/AFRICON.2023.1234567.DOI ↗Google Scholar ↗
  50. Okeke, G. U. (2023) "Hybrid Models for Cybersecurity Behavior in LICs," IEEE Trans. Hum. Mach. Syst., vol. 53, no. 1, pp. 78-89, doi: 10.1109/THMS.2023.1234567.DOI ↗Google Scholar ↗
  51. Okeke, G. U. (2023) "Hybrid Models for Resource-Constrained Contexts," IEEE Trans. Educ., vol. 66, no. 2, pp. 145-158, doi: 10.1109/TE.2023.1234567.DOI ↗Google Scholar ↗
  52. Oyediran, O., et al. (2020), "Password Practices in Nigerian Universities," IEEE Secur. Privacy, vol. 18, no. 3, pp. 67–79, doi: 10.1109/MSEC.2020.9876543.DOI ↗Google Scholar ↗
  53. Pan, X. (2020) "Technology Acceptance, Technological Self-Efficacy, and Attitude Toward Technology-Based Self-Directed Learning: Learning Motivation as a Mediator," Frontiers in Psychology, 11, 564294.https://doi.org/10.3389/fpsyg.2020.564294DOI ↗Google Scholar ↗
  54. Rogers, R. L., and C. D. Prentice, (2020) "Protection Motivation Theory in Cybersecurity Behavior Studies," IEEE Secur. Privacy, vol. 18, no. 5, pp. 72–81, doi: 10.1109/MSEC.2020.7654321.DOI ↗Google Scholar ↗
  55. Rogers, R. L., et al. (2022), "PMT Validation in Developing Nations," IEEE Trans. Inf. Forensics Secur., vol. 17, pp. 3456-3470, doi: 10.1109/TIFS.2022.1234567.DOI ↗Google Scholar ↗
  56. Rweyemamu, S. M. (2022) "Tanzanian Digital Literacy Paradox," IEEE Trans. Educ., vol. 65, no. 1, pp. 34-42, doi: 10.1109/TE.2022.1234567.DOI ↗Google Scholar ↗
  57. Schneider, M. (2023) "European Institutional Security Policies," IEEE Secur. Privacy, vol. 20, no. 3, pp. 67-79, doi: 10.1109/MSEC.2023.1234567.DOI ↗Google Scholar ↗
  58. Sesay, A. B. (2023) "Public Wi-Fi Usage and Data Breach Incidents in Freetown," Proc. IEEE Int. Conf. Cyber Secur., pp. 203–210, doi: 10.1109/ICCS.2023.1234567.DOI ↗Google Scholar ↗
  59. Sesay, A. B. (2023) "PMT's Infrastructure Blind Spots," IEEE Afr. J. ICT, vol. 9, no. 1, pp. 22-35, doi: 10.1109/AJCICT.2023.7654321.DOI ↗Google Scholar ↗
  60. Sierra Leone Ministry of Education, "Higher Education IT Expenditures," *Gov. Rep. SL-MOE-2022-147*, Freetown, Sierra Leone, 2022.Google Scholar ↗
  61. Sierra Leone Technical Education Council, "Vocational Students' Digital Practices," *Gov. Rep. SL-TEC-2023-09*, Freetown, Sierra Leone, 2023.Google Scholar ↗
  62. Sierra Leone Tertiary Education Commission, "2023 Enrollment Report," Freetown, Sierra Leone, 2023.Google Scholar ↗
  63. Smith, M. K., and J. Doe, (2020) "Cybersecurity in Higher Education: A Global Perspective," IEEE Access, vol. 8, pp. 12345–12360, doi: 10.1109/ACCESS.2020.1234567.DOI ↗Google Scholar ↗
  64. Sulaiman, N. S., Fauzi, M. A., Hussain, S., & Wider, W. (2022) "Cybersecurity Behavior among Government Employees: The Role of Protection Motivation Theory and Responsibility in Mitigating Cyberattacks," Information, 13(9), 413, https://doi.org/10.3390/info13090413DOI ↗Google Scholar ↗
  65. Turay, F. S. (2023) "Contextualizing TAM in LICs," IEEE Trans. Educ., vol. 66, no. 2, pp. 112-125, doi: 10.1109/TE.2023.1234567.DOI ↗Google Scholar ↗
  66. Turay, F. S. (2023) "Hybrid Models for Cybersecurity in LICs," IEEE Trans. Inf. Forensics Secur., vol. 18, pp. 3456-3470, doi: 10.1109/TIFS.2023.1234567.DOI ↗Google Scholar ↗
  67. Van der Merwe, P. (2022) "South African Cybersecurity Education," IEEE IT Prof., vol. 24, no. 4, pp. 56-64, doi: 10.1109/MITP.2022.7654321.DOI ↗Google Scholar ↗
  68. Williams, E. D., et al. (2021), "Social Engineering Attacks on African University Students: A Case Study of Nigeria and Sierra Leone," IEEE Access, vol. 9, pp. 8765–8780, 2021, doi: 10.1109/ACCESS.2021.9876543.DOI ↗Google Scholar ↗
  69. World Bank, "Public-Private EdTech Partnerships," *Tech. Rep. WB-ICT-2023-09*, Washington, DC, USA, 2023.Google Scholar ↗
  70. Zhang, L., et al. (2023), "Usability of Security Tools in Low-Resource Settings," IEEE Trans. Human-Mach. Syst., vol. 52, no. 3, pp. 411–420, 2023, doi: 10.1109/THMS.2023.9876543.DOI ↗Google Scholar ↗
Author details
Mohamed Koroma
School of Technology, Department of Computer Science and Information Technology, Njala University
✉ Corresponding Author
ORCID ↗
👤 View Profile →🔗 Is this you? Claim this publication
Mohamed Syed Fofanah
School of Technology, Department of Computer Science and Information Technology, Njala University
👤 View Profile →
Maurice Sesay
School of Technology, Department of Computer Science and Information Technology, Njala University
👤 View Profile →🔗 Is this you? Claim this publication
Ibrahim Abdulai Sawaneh
School of Technology, Department of Computer Science, University of Management and Technology Freetown
👤 View Profile →🔗 Is this you? Claim this publication