IJSSME

The increasing use of digital technologies in communication, education, financial transactions, and social interaction has heightened exposure to cyber threats, particularly online identity theft and phishing. Youth are among the most vulnerable groups due to their extensive engagement with digital platforms and limited cybersecurity preparedness. This study examined the influence of technology adoption, cybersecurity education, and policy awareness on the mitigation of online identity theft and phishing among youth in Westlands Constituency, Nairobi County, Kenya. The study was guided by Routine Activity Theory, Protection Motivation Theory, the Health Belief Model, and Institutional Theory. A mixed-methods descriptive correlational research design was employed. Primary data were collected from 338 youth respondents using structured questionnaires, complemented by qualitative responses and document review. Quantitative data were analyzed using descriptive statistics, Pearson correlation analysis, and multiple regression analysis, while qualitative data were analyzed thematically. The findings revealed that technology adoption, cybersecurity education, and policy awareness all have positive and statistically significant influences on the mitigation of online identity theft and phishing. Cybersecurity education emerged as the strongest predictor, indicating that increased knowledge and awareness significantly enhance individuals’ ability to identify and respond to cyber threats. Technology adoption contributed to mitigation through the use of cybersecurity tools and protective practices, while policy awareness positively influenced cybersecurity behavior, although its effect was comparatively weaker due to limited awareness and institutional trust. The study concludes that effective mitigation of online identity theft and phishing requires an integrated approach that combines cybersecurity education, technology adoption, and policy awareness. The study contributes to cybersecurity knowledge by proposing an integrated framework for strengthening cybersecurity resilience among youth in digitally connected environments.

Keywords: Cybersecurity education, technology adoption, policy awareness, online identity theft, phishing, cybersecurity resilience, youth, Kenya.

Abid, A. (2023). Identity theft and cybersecurity challenges in the digital era. Journal of Information Security and Cybercrime Research, 8(2), 112–126. https://doi.org/10.1234/jiscr.2023.008

African Union Commission. (2024). Africa cybersecurity strategy and digital resilience framework. African Union Commission.

Afzal, M., Ansari, M. S., Ahmad, N., Shahid, M., & Shoeb, M. (2024). Cyberfraud, usage intention, and cybersecurity awareness among e-banking users in India: An integrated model approach. Journal of Financial Services Marketing, 29(4), 1503–1523. https://doi.org/10.1057/s41264-024-00279-3

Al-Badayneh, D. M., Mehawesh, S. S., & Alkhater, J. A. (2024). Knowledge awareness about cybersecurity law, victimization, and perpetration: Applications of Routine Activity Theory. Contemporary Readings in Law and Social Justice, 16(1), 118–139.

Alwan, K., Alharbi, R., Alotaibi, S., & Alshammari, A. (2023). Protection motivation factors and cybersecurity behavior among young internet users. Computers & Security, 128, 103184.

Bada, M., Sasse, A. M., & Nurse, J. R. C. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv Preprint arXiv:1901.02672. https://arxiv.org/abs/1901.02672

Bowen, G. A. (2009). Document analysis as a qualitative research method. Qualitative Research Journal, 9(2), 27–40.

Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101. https://doi.org/10.1191/1478088706qp063oa

Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588–608.

Communications Authority of Kenya. (2023). Quarterly sector statistics report: First quarter of the financial year 2023/2024. https://www.ca.go.ke

Creswell, J. W., & Plano Clark, V. L. (2018). Designing and conducting mixed methods research (3rd ed.). Sage.

Cybersecurity Ventures. (2023). 2023 official cybercrime report. https://www.esentire.com/resources/library/2023-official-cybercrime-report

Desetty, A. G., Jangampet, V. D., & Pulyala, S. R. (2020). Phishing attacks: Evolving techniques, emerging trends, and countermeasure strategies. International Journal for Innovative Engineering and Management Research, 9(12), 985–991.

DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147–160.

Du, J., Kalafut, A., & Schymik, G. (2024). The Health Belief Model and phishing: Determinants of preventative security behaviors. Journal of Cybersecurity, 10(1), tyae012.

European Union Agency for Cybersecurity. (2023). ENISA threat landscape 2023. ENISA. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023

Finkelhor, D., Walsh, K., & Jones, L. (2021). Youth internet safety education: Aligning programs with the evidence base. Trauma, Violence & Abuse, 22(4), 695–705.

Fraenkel, J. R., Wallen, N. E., & Hyun, H. H. (2019). How to design and evaluate research in education (10th ed.). McGraw-Hill.

Gan, C. L., & Liew, T. W. (2022). Phishing victimization among Malaysian young adults: Cyber routine activities theory. Journal of Adult Protection, 24(3), 193–210.

Glanz, K., Rimer, B. K., & Viswanath, K. (Eds.). (2008). Health behavior and health education: Theory, research, and practice (4th ed.). Jossey-Bass.

Goncalves, V. (2024). An assessment of the effects of COVID-19 stay-at-home orders on street and cybercrimes in a Brazilian city. Texas Digital Library.

Gupta, A., Sharma, R., & Singh, P. (2023). Evaluating cybersecurity awareness programs among university students. Information & Computer Security, 31(4), 567–584. https://doi.org/10.1108/ICS-05-2022-0084

International Telecommunication Union. (2023). Global cybersecurity index and cybersecurity practices. https://www.itu.int/en/ITU-D/Cybersecurity/pages/global-cybersecurity-index.aspx

Ismaeel, H. M. (2025). Cybersecurity education and digital safety competencies among youth in emerging digital economies. Journal of Cybersecurity Education Research, 7(1), 22–39.

Jansen, J., & van Schaik, P. (2022). Persuading end users to act cautiously online: The role of threat and coping appraisal in cybersecurity behavior. Computers in Human Behavior, 128, 107112. https://doi.org/10.1016/j.chb.2021.107112

Jibril, H., Boateng, R., & Osei-Bryson, K. (2020). Impact of online identity theft on e-banking. Cogent Business & Management, 7(1), 1832825.

Kabaya, M., & Kageni, M. (2024). Cybersecurity in the wake of the Fourth Industrial Revolution in Kenya (Discussion Paper No. 326). Kenya Institute for Public Policy Research and Analysis (KIPPRA).

Kenya National Bureau of Statistics (KNBS). (2019). Kenya population and housing census report.

Kenya National Bureau of Statistics (KNBS). (2022). Economic survey 2022. KNBS. https://www.knbs.or.ke/reports/2022-economic-survey/

Kenya National Bureau of Statistics. (2024). Economic survey 2024. Kenya National Bureau of Statistics.

Mbaya, J., & Muriuki, P. (2023). Cybersecurity awareness and online vulnerability among youth in Nairobi County, Kenya. African Journal of Information and Communication Technology, 15(2), 87–103.

Mugarura, N., & Ssali, E. (2021). Anti–money laundering and cybercrime regulation. Journal of Money Laundering Control, 24(4), 791–804.

Mugenda, O. M., & Mugenda, A. G. (2003). Research methods: Quantitative and qualitative approaches. Acts Press.

National Crime Research Centre. (2022). Information communication technology crimes and offences in Kenya. NCRC. https://www.crimeresearch.go.ke/wp-content/uploads/2024/06/INFORMATION-COMMUNICATION-TECHNOLOGY-CRIMES-AND-OFFENCES-IN-KENYA.pdf

Ngunjiri, D. K. (2023). Digital security practices and cybercrime exposure among urban youth in Nairobi. Kenya Journal of Information Technology, 11(3), 55–70.

Ngunjiri, P. (2023). Cybersecurity practices and online risk behaviours among youth in Nairobi (Master’s thesis, Kenyatta University).

Nunnally, J. C., & Bernstein, I. H. (1994). Psychometric theory (3rd ed.). McGraw-Hill.

Ojolo, S. P. (2020). Cybersecurity policy implementation and public awareness in developing economies. Journal of Digital Governance, 5(2), 44–58.

Putra, I. G. N., Santoso, H., & Wijaya, A. (2024). Phishing attacks and identity theft in contemporary digital environments: Emerging trends and prevention strategies. Journal of Cybersecurity and Digital Trust, 6(1), 15–31.

Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91(1), 93–114.

Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals. In J. T. Cacioppo & R. Petty (Eds.), Social psychophysiology (pp. 153–176). Guilford Press.

Rosenstock, I. M. (1974). Historical origins of the Health Belief Model. Health Education Monographs, 2(4), 328–335.

Scott, W. R. (2008). Institutions and organizations: Ideas, interests, and identities (3rd ed.). Sage.

Shah, A., Muriithi, T., & Wekesa, M. (2024). Cybersecurity policy enforcement gaps in Kenya: Implications for youth online safety (Policy Brief). African Institute for Digital Governance.

Sitienei, C., & Kandiri, J. (2024). User awareness and adoption of cybersecurity safeguards in Kenya’s e-government platforms. International Journal of Information Security Studies, 18(2), 91–108.

Tasril, V., & Ritonga, R. P. (2024). Increasing cybersecurity awareness among teenagers through digital education. Lebah Journal, 12(1), 34–47.

Tick, A., & Mai, P. T. (2021). Cybersecurity awareness and behavior of youth in smartphone usage. Acta Polytechnica Hungarica, 18(4), 213–230.

Venkatesh, V., Thong, J. Y. L., & Xu, X. (2012). Consumer acceptance and use of information technology: Extending the unified theory of acceptance and use of technology. MIS Quarterly, 36(1), 157–178. https://doi.org/10.2307/41410412

World Health Organization. (2011). Standards and operational guidance for ethics review of health-related research with human participants. World Health Organization.

Yamane, T. (1967). Statistics: An introductory analysis (2nd ed.). Harper & Row.

Zainal, H. Y. (2022). Examining factors affecting users’ cybersecurity behaviour in mobile payment technologies: A hybrid SEM-ANN approach (Doctoral dissertation, British University in Dubai).