Abstract
In recent decades, considerable scholarly efforts have been invested in exploring college students' cybersecurity awareness and practices. However, there has been a dearth of research on what specific factors drive students' perceptions and behavior. In our previous qualitative research [1] we identified four such latent factors: routinization and ritualization of risk, optimistic bias, self-efficacy bias, and the 'Can-I-Live' syndrome. In this study, we use an online survey of college students at a large public university in the U.S. Pacific Northwest (N=498) and quantify the prevalence of these latent factors, along with some additional measures of awareness and behavior. We report the findings of the quantitative analysis as well as their implications for cybersecurity scholars and practitioners.