Cybersecurity risk awareness in mobile banking: evidence from Sabah. Malaysia Rosle Mohidin1,*. Nelson Lajuni1. Rahayu Lestari2. Wahyu Wastuti3. Dg Safrina Ag Budin1. Olufemi Adewale Ogunkoya4. Monica Dewi3. Hari Muharam5. Salmah5 1Faculty of Business. Economics and Accountancy Universiti Malaysia Sabah. Malaysia 2Faculty of Economics and Business Universitas Nasional. Indonesia 3Faculty of Economics and Business Universitas Negeri Jakarta. Indonesia 4Faculty of Administration and Management Sciences Olabisi Onabanjo University. Nigeria 5Faculty of Economics and Business Universitas Pakuan. Indonesia Article info Article history: Received: 13 August 2025 Accepted: 19 September Published: 29 September Keywords: cybersecurity risk awareness. mobile banking security. PLS-SEM analysis Abstract This study investigates how Sabahan perceive and respond to cybersecurity risks when using mobile banking. This study employed partial least squares structural equation modeling (PLS-SEM) and focused on four main factors: user awareness and behavior (UAB), mobile device security (MDS), banking app security features (BASF), and perceived cybersecurity threats (CT). A total of 350 questionnaires were distributed, and 286 valid responses were The results indicate that UAB. MDS, and BASF all play a significant role in shaping cybersecurity risk awareness (CRA), while CT showed little to no direct effect. These findings suggest that improving user education and promoting secure practices are just as important as technical safeguards. In particular, enhancing digital literacy among less tech-savvy users, ensuring that security features are simple to use, and strengthening device protections can all help reduce risks of cybersecurity. The study concludes that a combination of user-focused education and stronger security standards is necessary to improve the overall safety of mobile banking services. JEL classifications: G32. K24 Citation: Mohidin. Lajuni. Lestari. Wastuti. Budin. Ogunkoya. Dewi. Muharam. & Salmah. Cybersecurity risk awareness in mobile banking: evidence from Sabah. Malaysia. Global Advances in Business Studies, 4. , 73-81. https://doi. org/10. 55584/Gabs. *Corresponding author: Rosle Mohidin awgdin@ums. E-ISSN: 2828-8394 org/10. 55584/Gabs. Introduction The rapid growth of mobile banking has transformed the financial services industry, giving users new levels of convenience and easier access to banking facilities. At this point of time, this digital shift has also brought greater exposure to cybersecurity threats such as phishing, malware, data breaches, and identity theft. As mobile banking becomes part of everyday life, the demand for stronger cybersecurity measures is more urgent than ever (Cheng et al. , 2. Cyber risks pose a serious challenge to the stability and security of digital financial They are not limited to technical weaknesses alone but also take advantage of human behavior often exploiting gaps in usersAo knowledge and awareness. With cybercrime evolving rapidly, safeguarding sensitive financial information has become a critical concern for banks, regulators, and individual users alike. Sabah, a state in Malaysia, illustrates how the rise of mobile banking adoption can be accompanied by distinct cybersecurity issues. Its socio-economic and geographical diversity with urban areas like Kota Kinabalu enjoying better infrastructure, while many rural communities face poor connectivity and lower levels of digital literacy creates uneven levels of vulnerability to cybercrime (Trend Micro, 2. Although Malaysia has made efforts at the national level to improve cybersecurity, the challenges in Sabah show that region-specific approaches are still necessary. The growing reliance on mobile banking has not been matched by an equal rise in user awareness of cybersecurity risks. This gap leaves many users more exposed to attacks, raising the likelihood of financial losses and weakening trust in digital banking platforms. The issue is made worse by the limited availability of high-speed internet in rural areas, which restricts access to both information and cybersecurity resources. On top of this, users demonstrate varying levels of digital literacy, creating uneven levels of vulnerability. Much of the existing research on mobile banking security tends to address cybersecurity challenges in broad terms, without giving enough attention to the specific socio-economic and technological realities of regions such as Sabah. Very little is known about how factors like user behavior, mobile device security, and banking app features interact to shape risk awareness in these diverse settings. This gap highlights the need for a focused investigation into SabahAos unique vulnerabilities in order to develop cybersecurity strategies that are better tailored to its context. The main aim of this study is to analyze how user awareness and behavior, mobile device security, banking app security features, and cybersecurity threats influence risk awareness among mobile banking users in Sabah. By narrowing its focus on this region, the study hopes to add meaningful insights to the wider discussion on mobile banking security, offering findings that are especially relevant to areas with varied socio-economic backgrounds like Sabah. Literature review The rapid growth of mobile banking, particularly in developing countries like Malaysia, has enhanced financial inclusion through increased smartphone use and internet access (Omar et al. , 2. However, this expansion has also introduced significant cybersecurity risks, especially in regions like Sabah, where socio-economic challenges and limited digital literacy exacerbate vulnerabilities (CyberSecurity Malaysia, 2. Mobile banking faces cyber threats such as zero-day vulnerabilities, ransomware, and advanced persistent threats (APT. , which target security weaknesses despite advanced protective measures by financial institutions (Kaspersky, 2021. Trend Micro, 2020. McAfee, 2. Emerging technologies such as multifactor authentication, blockchain, and biometrics offer potential solutions but require effective implementation and user engagement (Li et al. , 2. Additionally, limited internet infrastructure and low cybersecurity awareness in Sabah hinder the effectiveness of Mohidin et al. Global Advances in Business Studies 2025, 4. , 73-81 E-ISSN: 2828-8394 org/10. 55584/Gabs. cybersecurity initiatives like CyberSAFE, underlining the need for localized, offline resources (CyberSecurity Malaysia, 2. User awareness and behavior play a critical role in reducing cybersecurity risks in mobile A lack of awareness regarding threats like phishing and weak cybersecurity practices, such as the use of weak passwords, increases vulnerability (Yoon, 2021. Anderson & Agarwal. Effective user education programs can significantly improve security practices and reduce risk exposure (Nguyen et al. , 2. Moreover, the security of mobile devices is vital in protecting sensitive data. Vulnerabilities in operating systems and applications can expose financial information, which emphasizes the need for security features like biometric authentication and encryption to safeguard mobile banking (Conti et al. , 2020. Bhatia & Kaushik, 2. Finally, banking app security features such as two-factor authentication and secure login protocols are crucial for preventing unauthorized access to mobile banking platforms (Das & Bhatnagar, 2. Proactive strategies, including real-time monitoring, threat intelligence, and a focus on cybersecurity literacy, are essential to address the dynamic nature of cybersecurity threats (Alotaibi & Kavakli, 2021. Cheng et al. , 2020. Tahir et al. , 2. These efforts will help to strengthen mobile banking security, ensuring a safer environment for users and enhancing trust in digital financial services. Research methodology This study adopts a quantitative approach to investigate cybersecurity risks awareness in mobile banking in Sabah. This study targeted 250 mobile banking users. Out of the 320 questionnaires received, only 286 were usable, representing a valid response rate of 89. The data collected is analysed using SmartPLS 4. 0, a tool for structural equation modeling (SEM) that is well-suited for predicting key target constructs in PLS-SEM models. The use of this software allows for a comprehensive understanding of how various factors interact within the context of mobile banking cybersecurity risks awareness. The analysis focused on several key areas of measurement such as internal consistency that assessed using Cronbach's alpha and composite reliability (CR), where values above 0. indicate adequate reliability (Hair et al. , 2. Indicator reliability is used to evaluate outer loadings of each indicator, with values exceeding 0. 7 considered indicative of strong reliability (Chin, 1. Convergent validity is measured using average variance extracted (AVE), with a value above 0. 5 suggesting that the latent construct explains more than half of the variance in the indicators. Discriminant validity is assessed using the Fornell-Larcker criterion and the Heterotrait-Monotrait ratio (HTMT), with HTMT values below 0. 85 indicating sufficient distinctness between constructs (Henseler et al. , 2. These analyses will ensure that the constructs in the model are both reliable and valid, offering robust insights into the study's Findings A total of 320 respondents participating in this study and out of the only 286 questionnaires are taken into consideration for data analysis. The rest of the questionnaires either incomplete or not answered. Table 1 provides a comprehensive demographic breakdown of the survey Out of 286 respondents, 43% are male . , and 57% are female . This balanced gender representation ensures the findings can be generalized across genders. The respondents are predominantly young, with 49% aged 25-34 years. The second-largest group comprises those below 24 years . 1%), followed by 35-44 years . 4%). Only a small fraction is older than 44 years, highlighting a younger demographic's Mohidin et al. Global Advances in Business Studies 2025, 4. , 73-81 E-ISSN: 2828-8394 org/10. 55584/Gabs. Table 1. Profiling of respondents Variable Description Male Gender Female < 24 years old 25-34 years old 35-44 years old Age 45-54 years old Education Income Location Frequency Percent > 55 years old SPM/O level Diploma/STPM/A level Degree Master RM13001 West coast of Sabah Rural area of Sabah East coast of Sabah North of Sabah The data shows a diverse educational background, with the majority holding diploma/STPM/A-level qualifications . 1%). Degree holders constitute 32. 2%, while 26. have SPM/O level education. MasterAos degree holders are a minority at 3. Most respondents earn between RM1501 and RM5000 . 5%), indicating a middle-income demographic. Lower-income earners ( . 708 (Hair et al. , 2. Table 3 shows the criterion of HTMT to evaluate discriminant validity (Henseler et al. , 2. The result confirms that the discriminant validity is well established at HTMT 0. 90 (Henseler et al. To assess reliability, this study is based on HenselerAos heterotrait-monotrait ratio of All HTMT values are below the 0. 90 threshold, with the highest value being 0. etween BASP and CT). There is no problem of multi-collinearity between the items loaded on different constructs in the outer model. This result indicates that the constructs are sufficiently distinct from each other, satisfying discriminant validity. The results pave the way to the next assessment known as a structural model assessment which means that it does not have the issue of discriminant validity as it does not violate the most conservative criterion (HTMT 0. Table 3. HTMT criterion BASP BASP CRA MDS UAB CRA MDS UAB Criteria: Discriminant validity is established at HTMT 0. 90 (Gold et al. , 2. Mohidin et al. Global Advances in Business Studies 2025, 4. , 73-81 E-ISSN: 2828-8394 org/10. 55584/Gabs. Table 4. Path coefficients and model quality assessment Direct effect Beta t-value p-value H1: UAB -> CRA H2: MDS -> CRA H3: BASP -> CRA H4: CT -> CRA Decision Supported Supported Supported Not supported VIF Note: *p<0. 05, **p<0. 01, bias corrected. LL=lower limit. UL=upper limit p-value of 0. 01, 0. 05 (Hair et al. , 2. f2 Ou 0. 35 consider substantial. R2 Ou 0. 26 consider substantial. VIF O 5. 0 (Hair et al. , 2. The structural model assessment examines the proposed relationship between the variables in the research framework. Before measuring the structural model, this study addresses the issue of multicollinearity using collinearity test. The VIF values below 5. 5 for each of the constructs suggest that the problem of multi-collinearity is not a concern. Next, a 5000-bootstrap resampling of data is conducted to examine the hypotheses of this study (Hair et al. , 2. The relationship between UAB and CRA ( = 0. 385, t = 8. 695, p < 0. is strong and positive, indicating that higher user awareness and behavior positively impact cybersecurity risk awareness. Similarly. MDS positively influences CRA ( = 0. 439, t = 7. 980, p < 0. The effect of BASP on CRA is weaker but still significant ( = 0. 131, t = 2. 122, p < 0. However, the relationship between CT and CRA is not supported ( = -0. 011, p = 0. The RA value of 0. 730 for CRA indicates that 73% of the variance in CRA is explained by UAB. MDS. BASP, and CT. The VIF values, all below 3. 3, suggest that multicollinearity is not a Table 5. Result of PLS predict Construct Cybersecurity risks awareness Items CRA1 CRA2 CRA3 CRA4 CRA5 PLSRMSE MAE LMRMS MAE PLSLM RMSE MAE Predict Moderate Table 5 evaluates the predictive accuracy of the model using PLS-Predict, to assess the out-of-sample prediction power of partial least squares (PLS) models. The analysis focused on key metrics such as PLS-RMSE . oot mean square erro. MAE . ean absolute erro. LMRMSE . inear model RMSE). LM-MAE, and QA predict, which measure the accuracy of the modelAos predictions against actual values. In general, lower values of these metrics indicate better predictive performance. CRA1 exhibited a PLS-RMSE of 0. 720 and an MAE of 0. while CRA2 demonstrated a PLS-RMSE of 0. 646 and an MAE of 0. 504, suggesting moderate prediction accuracy. Most CRA items displayed PLS-RMSE and MAE values close to those of the linear model, indicating that the PLS model performs similarly or slightly better than the linear model. CRA3 had a PLS-RMSE of 0. 657 and an LM-RMSE of 0. 603, showing comparable prediction Negative PLS-LM differences in both RMSE and MAE suggest that the PLS model offers slightly more robust predictive performance, as seen in CRA1, which shows a PLS-LM RMSE difference of -0. 020 and an MAE difference of -0. The QA predict metric further evaluates the modelAos predictive relevance, with values 35 indicating moderate predictive power (Shmueli et al. , 2. CRA1 and CRA3 recorded QA predict values of 0. 547 and 0. 571, respectively, indicating moderate predictive However, the predictive power for other CRA items was lower, with CRA4 and Mohidin et al. Global Advances in Business Studies 2025, 4. , 73-81 E-ISSN: 2828-8394 org/10. 55584/Gabs. CRA5 showing QA predict values of 0. 395 and 0. 489, respectively. Overall, the model demonstrated moderate predictive accuracy for most items within the cybersecurity risks awareness (CRA) construct, with some items performing more robustly compared to the linear model baseline. The range of QA predict values from moderate to low points to potential areas for improvement in the model's predictive capabilities, suggesting that further refinement of the model could enhance its overall performance in future studies. Discussion The study reveals several critical insights into the cybersecurity dynamics in mobile banking within Sabah. The analysis demonstrates that user awareness and behavior (UAB), mobile device security (MDS) and banking app security features (BASP), have significant positive effects on cybersecurity risk awareness (CRA). These findings suggest that when users are more aware of cybersecurity practices and engage in secure behaviors, their ability to recognize and mitigate potential risks increases. The strong link between UAB and CRA highlights the importance of user education in cybersecurity. Users who are well-informed about threats like phishing and malware are better at avoiding risky behaviors, such as clicking on suspicious links or using weak passwords (Yoon, 2. This supports previous research on the role of cybersecurity literacy in improving digital safety (Nguyen et al. , 2. The challenge is ensuring this knowledge leads to consistent, proactive behavior across different The significant impact of MDS on CRA shows the importance of device-level security in protecting user data. Mobile devices are crucial for mobile banking, making their security essential (Conti et al. , 2020. Bhatia & Kaushik, 2. The study shows that users with strong security features, like biometric authentication and encryption, are more aware of and responsive to threats. This emphasizes the need for ongoing user education on keeping security software updated and following best device security practices. Although banking app security features (BASP) positively impact CRA, the effect is smaller than that of UAB and MDS. This suggests that while bank-provided technical safeguards are important, users may not fully understand or use them, which reduces their effectiveness. These features could be more useful if made user-friendly and accompanied by clear guidance (Das & Bhatnagar, 2. Interestingly, the direct impact of perceived cybersecurity threats (CT) on CRA is not This could imply that users might not fully comprehend the severity or implications of these threats until they encounter or hear about specific incidents (Cheng et al. , 2. suggests a potential gap in the communication and perception of cybersecurity risks, which could be bridged by more vivid and relatable threat communication strategies, such as real-life scenarios and interactive training. The demographic breakdown reveals that younger users . ged 25-. dominate the respondent group, suggesting a younger demographic's inclination toward mobile banking. This demographic is likely to be more tech-savvy but might also be overconfident, potentially leading to negligence in cybersecurity practices (Anderson & Agarwal, 2. Additionally, the lower engagement in rural areas points to digital literacy and infrastructural disparities, further emphasizing the need for targeted educational efforts (CyberSecurity Malaysia, 2. The moderate predictive power of the model for CRA suggests that while the current variables explain a significant portion of variance in cybersecurity risk awareness, there may be other unexamined factors influencing user behavior and awareness. This calls for future research to explore additional variables such as cultural attitudes towards technology, the influence of peer networks, and the role of government regulations in shaping cybersecurity practices (Shmueli et al. , 2. Overall, these findings reinforce the multifaceted nature of cybersecurity in mobile banking, where user behavior, device security, and app features interact in complex ways. The implications point to a holistic approach that combines technical Mohidin et al. Global Advances in Business Studies 2025, 4. , 73-81 E-ISSN: 2828-8394 org/10. 55584/Gabs. safeguards with robust user education and community engagement to create a secure mobile banking environment. Conclusion This study sheds light on the critical factors influencing cybersecurity risk awareness among mobile banking users in Sabah. The significant positive relationships between user awareness and behavior (UAB), mobile device security (MDS), and cybersecurity risk awareness (CRA) highlight the importance of educating users and promoting secure practices. Although banking app security features (BASP) play a role, their impact is less pronounced, suggesting the need for better user engagement and understanding of these features. The negligible effect of perceived cybersecurity threats (CT) on CRA indicates a gap in risk perception that requires targeted communication strategies. Overall, the findings emphasize that while technical security measures are vital, the human factor remains crucial in mitigating cybersecurity risks. By enhancing user education and promoting robust security practices, financial institutions can significantly improve the security posture of mobile banking services. To enhance cybersecurity in mobile banking, it is crucial to implement comprehensive education programs that raise awareness about common threats and best practices. These programs should cater to diverse demographic groups, particularly focusing on those with lower digital literacy in rural areas. Financial institutions should also improve the user interface of banking apps to make security features like two-factor authentication more accessible and easier to use. Additionally, targeted awareness campaigns using real-life scenarios can help users better understand and respond to cybersecurity risks. Strengthening mobile device security by encouraging practices such as regular updates and the use of antivirus software is Policymakers should support these efforts by enforcing strict security standards and providing incentives for adopting advanced cybersecurity technologies. Engaging community leaders in education initiatives can further extend the reach of cybersecurity awareness, creating a more secure environment for mobile banking users. References