Predicting Cybersecurity Behaviours in Higher Education Institutions: A Data-Driven Analysis of Policy, Culture, and Motivation in the UAE Context

Abstract

This study examines the determinants of cybersecurity behaviour among employees in higher education institutions (HEIs) in the United Arab Emirates (UAE) through an integrated framework combining the Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and the COM-B model. Using a convergent mixed-methods design, survey data from 250 participants and interviews with 18 staff members were analysed to identify behavioural drivers and construct a predictive model. Results showed that policy familiarity, security culture, and intrinsic motivation were the strongest predictors of secure behaviour, collectively explaining nearly 70% of variance. The predictive neural network model achieved high accuracy (F1 = 91.99%, R2 = 0.94), with interpretability analysis ranking policy familiarity as the top determinant. Qualitative insights reinforced these findings, revealing that policy clarity, leadership engagement, and supportive culture enable consistent compliance. The study contributes a validated, theory-driven predictive framework for HEIs, bridging behavioural science and cybersecurity governance. The findings are based on self-reported cybersecurity behaviour and should be interpreted accordingly. It concludes that effective institutional cybersecurity depends on clear policies, inclusive culture, and sustained motivation rather than fear-based enforcement.