AuthorAos name: Zabihullah Nadry.
AuStrengthening Cybersecurity Awareness Through Education: The Expanding Role of Cyber Law in Academic InstitutionsAy Jurnal Analisis Hukum 8 no.
: 193-209.
DOI: https://doi.
org/10.
38043/jah.
Jurnal Analisis Hukum Volume 8 Issue 2, 2025 P-ISSN: 2620-4959.
E-ISSN: 2620-3715
This work is licensed under the CC-BY-SA license.
Strengthening Cybersecurity Awareness Through Education: The Expanding Role of Cyber Law in Academic Institutions Zabihullah Nadry 1*.
Musawer Hakimi2.
Abdul Wali Sirat3.
Zekrullah Popal4 Department of Geography.
Education Faculty.
Samangan University.
Aibak.
Afghanistan.
E-mail: zabinadry200@gmail.
Department of Computer Science.
Education Faculty.
Samangan University.
Samangan.
Afghanistan.
Email: Musawer@adc.
Department of History.
Education Faculty.
Samangan University.
Samangan.
Afghanistan.
Email: abdulwalis123@gmail.
Department of Software Engineering.
Computer Science Faculty.
Avicenna University.
Afghanistan.
Email: Zekrcu@gmail.
Abstract: As digital technologies continue to proliferate, university students are especially vulnerable to the risks associated with cyber threats, and there is a dearth of research related to the cybersecurity awareness of university students in a developing country context.
The purpose of this study is to examine the cybersecurity knowledge, attitudes, and practices of first-year students at Kabul University in Afghanistan to determine the influence of gender, faculty, and awareness of cyber law on intentions to engage in secure online behavior.
To collect data, we conducted a cross-sectional survey of 371 students who were recruited using stratified random sampling.
Participants were introduced to and administered a survey using the Contextualized Cybersecurity Educational Research Instrument (CCERI), and data was analyzed on SPSS using descriptive statistics, independent samples t-tests.
ANOVA.
Chi-square tests, and multiple regression models.
The results indicated that students had moderate to high levels of cybersecurity knowledge and generally positive attitudes, but that they demonstrated fewer secure practices and a knowledge-practice gap emerged.
Male students and students from the Computer Science faculty had greater awareness of cybersecurity and higher recognition of phishing attempts than female students and students from the other faculties.
Multiple regression models indicated that cybersecurity knowledge, attitudes, and awareness of the cyber law were significant predictors of secure behavior.
suggests that we need to develop and integrate educational interventions to support positive behaviors in terms of secure cyber practices.
Our research adds new knowledge by integrating awareness of cyber law with cybersecurity behavior in Afghanistan as its own unique context.
We conclude with recommendations for evidence-informed decisions to implement and develop institutionalized programs to address capacities in cybersecurity education for students in Afghanistan.
Keywords: Cybersecurity Awareness.
Cyber Law.
Student Behavior.
Higher Education.
Knowledge-Practice Gap Introduction The modern era of digitization, cybersecurity awareness in academia has never been more critical not only for the security of institutional resources but also for preparing students to manage increasingly complex online environments.
With e-learning platforms, intelligent education systems, and e-communications tools being implemented at a rapid pace, universities and colleges are becoming more vulnerable to cyber-attacks on both technical infrastructure and human aspects.
This threat is P-ISSN: -.
E-ISSN: - especially acute in first-year students who, despite being digital natives, have not received foundational cybersecurity awareness training and are vulnerable to phishing, social engineering, and poor passwords (Ahmad et al.
, 2021.
Al-Fatlawi, 2.
Universities are incorporating some level of cybersecurity training and cyber law education as part of their holistic resilience approach.
Important to note is that national and individual institutional policies also contribute significantly to the student's behavior in the area of cybersecurity.
For example, the European Union's General Data Protection Regulation (GDPR) has a high standard to which universities must meet for data privacy, and in doing so also shapes students to behave in better data-handling manner.
In the US, for example, laws such as the Family Educational Rights and Privacy Act (FERPA) govern the privacy of student education records and have prompted institutions to implement stronger access controls and authentication procedures, indirectly encouraging a culture of security among students (Ahmad et al.
, 2021.
Al-Fatlawi, 2.
In addition, universities tend to have acceptable use policies (AUP.
in place and comply with codes of conduct that embody both legal responsibilities and cybersecurity best Violations ranging from inappropriate use to the misappropriation of data could lead to both academic consequences and legal ramifications, which should remind us of our responsibility for our online conduct.
There are also cybersecurity training programs that are required as part of compliance obligations .
NIST standards for research universitie.
, in which students are able to learn the legal obligations associated with careers and to practice good security hygiene early on(Khader et al.
Kumar et al.
, 2.
Literature has revealed several strategies for improving cybersecurity education.
For instance.
Al-Janabi and Al-Shourbaji .
conducted research on cybersecurity awareness in educational facilities across the Middle East and drew the conclusion that there exists awareness, but its application is imbalanced and not standardized.
Similarly.
Chang and Coppel .
made note of the importance of national policies within developing countries, showing how within non-institutionalized education systems, awareness is disaggregated.
Cheng and Wang .
and Filipenko et al.
recently proposed institutional response measures and information security policy models for higher education, emphasizing the importance of formalized governance processes.
These attempts underscore the diversity of methods but also show a lack of uniform models attuned to different institutional and cultural contexts.
For best practice, evolution in establishing a cybersecurity culture on a university level has been scrutinized to a larger extent.
Armas and Taherost .
proposed a unified perspective of integrating cybersecurity culture within higher education.
and Furnell and Vasileiou .
proposed an integrated approach to cyber security education credentials as a way of endorsement in higher education teaching and learning context.
Additionally.
Shillair et al.
2, 2.
highlighted the need to have evidence based awareness campaigns at the institutional and national levels, with the support of partnerships, and integration of cross sectoral partnerships, for improvement in training While these works have value in raising awareness, they emphasize technical training and counseling, somewhat neglecting the legal aspects, namely how a cyber law sets the context and parameter for staff and student awareness.
Jurnal Analisis Hukum 1.
: 101-133 A noteworthy issue mentioned in the literature is the disconnect between national legal frameworks and educational programming.
Alwan .
and Shah et al.
treated cybersecurity and legal frameworks as operating at a national level but did not consider how these were interpreted and enforced at the institutional level.
The lack of engagement in this discussion is a lost opportunity for educators to consider providing students and employees with legal literacy, especially in the context of cyber law.
Legal literacy in cybersecurity courses must be addressed so that a person understands his or her technical function and the legal rights and obligations that exist in a virtual Cybersecurity legislation such as data protection acts, cybercrime legislation, and consumer protection acts has a substantial impact on educational materials and institutional policies.
For example, the General Data Protection Regulation (GDPR) in the EU requires all institutions that handle personal data to implement privacy-by-design, which in turn requires universities to offer specifically targeted training on data treatment, consent, and consequences of breaches.
In the US, there are statutes such as the Computer Fraud and Abuse Act (CFAA) and FERPA, which govern unauthorized access and student confidentiality, that require the development of codes of conduct and acceptable uses policies at the institution that are required to be shared and understood by all affected parties, from students to faculty (Shah et al.
In addition, national cyber security policies frequently contain education mandates, including obligatory awareness modules or summaries of legal advice, meant to reinforce a "security-first" culture.
These systems shape how institutions want to integrate proper training methods, build risk assessment frameworks, and adjudge compliance with legislation.
Yet, learning programs continue to lack consideration of the legal parameters of cybersecurity, such as obligations through data protection legislation, privacy interests, and liability for negligence or facilitating cybercrime (Khader et al.
, 2021.
Kumar et al.
, 2.
The novelty of this study lies in highlighting the gap to be filled between cyber law and cybersecurity awareness education within academic curricula, thereby offering an allaround framework.
By integrating legal literacy into the curriculum of cybersecurity, the article aims to equip students not only with technical competencies but also with an understanding of the regulatory and ethical environment that underlies online This provides the existing technical as well as policy-centered approaches an additional dimension that will make individuals and institutions more resilient.
P-ISSN: -.
E-ISSN: -
Figure 1.
Proposed Cybersecurity Awareness and Support Framework for Higher Education Institutions The above figure presents a general view of implementing cybersecurity awareness at universities with an orientation towards synchronization of the Cybersecurity Awareness Center (CAC) with Information and Communication Technology Support (ICTS) and the Student Information System (SIS).
The CAC identifies and customizes cybersecurity issues, creates training modules in the Learning Management System (LMS), and reports on test outcomes to inform action.
Meanwhile.
ICTS offers logistical module arrangement, technical support, and effectiveness surveys.
The SIS acts as a single-stop repository to enable communication and monitoring of student The system is centered on a planned, institutional approach to enhancing cybersecurity awareness, which makes training routine, clear, and responsive to Such a framework corroborates the previous studies in favor of institutional patronage, systematic training, and assessment-based awareness programs as being imperative to developing a cybersecurity-aware population (Ahmad et al.
, 2021.
AlFatlawi, 2024.
Ali et al.
, 2025.
Al-Janabi & Al-Shourbaji, 2016.
Alwan, 2019.
Armas & Taherdoost, 2025.
Bada & Nurse, 2019.
Chang & Coppel, 2020.
Cheng & Wang, 2022.
Filipenko et al.
, 2025.
Furnell & Vasileiou, 2.
Implementation of the framework can encourage sustainable cybersecurity culture, increase awareness and safe behavior among students, and provide actionable recommendations to further enhance continually cybersecurity education in higher education institutions.
Consequently, this paper addresses the following primary objective: to address the expanding aspect of cyber law toward bolstering cybersecurity awareness in schools, with regard to the problem of identifying best practices, assessing flaws in existing practices, and proposing an overall awareness paradigm.
The newness of this study lies in its contribution to establishing a systematic educational framework that integrates Jurnal Analisis Hukum 1.
: 101-133 cybersecurity awareness with legal liability, thus making a more liable and stronger academic community.
Method Research Design For the current research, quantitative research design has been adopted, and a crosectional survey has been employed to study first-year undergraduate students in Kabul University regarding their beliefs and cybersecurity awareness levels.
This method enables measuring KAP of knowledge with respect to cybersecurity in a large population within a short period of time.
One of the most important aspects of the survey is an attempt to understand how aware students are of cyber law and how such knowledge of the law impacts behavior in cybersecurity.
The questions on cyber laws were made to assess awareness of rights and responsibilities under the law, for example what is at stake for cybercriminals engaging in activities such as data theft or unauthorized access, and what students know about protections regarding data privacy.
Such questions are behaviorally related, asking respondents to make legal connections between their online activities, such as password sharing, online consent, or misuse of institutional sites.
To expand the legal dimension of the approach, it is conceivable that future inquiries can use scenarios relating to legal questions, testing adherence to organizational policies and practices as well as cross-national examination of national and global laws and policies involving the protection of personal data, thereby illuminating how the concept of legal literacy has legitimate connections to the culture of cybersecurity in schools.
This broader consideration would assist in conceptualizing how legal literacy could promote the culture of cybersecurity in schools.
Most importantly, placing legal contexts into the study of cybersecurity is consequential not only legally in developing aware of the situation, but also legally for building more accountable and sustainable digital learning.
Participants The study population is first year undergraduate students registered at Kabul University for the academic year of study.
First-year students are depicted as vulnerable here because it is most likely they would not have had organized exposure to cybersecurity education nearly at on a postgraduate level, while at the same time being participants in an online service provider for learning.
Both students who are enrolled in the online/virtual learning programs, as well ground learning, will be included in the study.
In order to maintain emphasis on entry-level students, postgraduate students, and visiting students will be excluded.
Sampling Strategy and Sample Size To ensure representativeness across different academic disciplines, the study employs stratified proportional random sampling.
Each faculty .
Computer Science.
Engineering.
Economics.
Education.
Law.
Humanities, and Social Science.
is treated as P-ISSN: -.
E-ISSN: - a stratum.
Students are randomly selected within each stratum in proportion to its size in the total first-year population.
The sample size is determined using YamaneAos formula with a 95% confidence level and 5% margin of error:
Thus, the recommended sample size is 371 students, proportionally distributed across For example, if the Faculty of Computer Science has 800 students .
% of the populatio.
, approximately 60 students will be randomly selected from that faculty.
Data Collection Instruments The information was gathered using a standardized questionnaire and a brief objective Questionnaire: This collects demographic information .
ge, gender, facult.
, beta selfreported cybersecurity behaviors and attitudes towards cyber law and digital security.
Items were utilized to establish dimensions of awareness based on best practice .
irca assessment of phishing, social engineering, malware protection, and data privacy.
Items were rated on a 5-point Likert-type scale, as described above.
Objective Test: 15-20 multiple-choice questions that assess factual knowledge of cybersecurity principles .
, creating effective passwords, recognizing phishing, and staying away from using mobile device.
Both tools were pilot tested for readability, clarity, and cultural appropriateness among 25 students.
Reliability checked through Cronbach's alpha calculations.
70 alpha accepted to verify reliability.
Content validity guaranteed by cybersecurity and education professionals/faculty members from Kabul University, reviewing the items for content accuracy.
Data Collection Process Data collected in the regular class meeting in designated classrooms and computer labs.
Online students receive the same via a secure digital survey by Google Forms or the institutional LMS.
Participants provided the same instructions stating anonymity and were asked to complete the survey.
Both survey tools' total completion time will be approximately 25-30 minutes per student.
Jurnal Analisis Hukum 1.
: 101-133 Data Analysis The data were examined and coded using SPSS.
Descriptive statistics .
, frequencies, means, percentages, standard deviation.
were used to summarize participants' cybersecurity knowledge, attitudes, and practices.
Inferential statistics include independent sample t-tests and ANOVAs to compare faculty and gender differences in the level of awareness.
Chi-square tests were undertaken for categorical data .
, gender and awareness of Regression analysis identifies predictors of secure cybersecurity behavior .
, does awareness of cyber law influence practice?) Ethical Considerations An ethics application was submitted to the Kabul University Institutional Review Board (IRB) for approval.
Participation will be voluntary, and informed consent will be obtained before data collection.
Participants will be assured of confidentiality and anonymity, and the ability to withdraw at any time.
Data will be securely stored and only accessible to the research team, and for academic use only.
Result and Discussion The sample of 371 first-year Kabul University students revealed moderate to high level of cybersecurity awareness and positive beliefs, but unsafe behavior.
The awareness was statistically significantly different between gender and faculties, with the male and Computer Science students most aware of cyber security.
Legal knowledge, specifically pertaining to national cyber law, was identified as a significant predictor of safe behavior ( = 0.
25, p = 0.
This supports the assertion that incorporating legal literacy into education such as national cybercrime laws, data protection legislation, and procedures related to institutional compliance into educational curricula will lead to better information security.
Gender differences, particularly in identifying phishing e-mails and grappling with the issues of legal discernment, further support the notion of a tailored, gendered approach to the legal literacy education for female college students in order to help them identify their rights as well as the legal implications if they encounter imminent online risk.
Similarly, students in non-technical schools of study, such as Education and Economics, can benefit from discipline-specific modules putting cyber law into the context of their subjects for example, digital privacy laws in education or protection of financial data.
By incorporating legal literacy into faculty curricula and supporting rights-based, inclusive digital safety education, institutions can bridge gaps in cybersecurity behavior and render all students, regardless of gender or academic background, legally informed and behaviorally capable to navigate a complicated cyber P-ISSN: -.
E-ISSN: -
Demographic Characteristics of Respondents Female.
Male.
Figure 1.
Gender Distribution of Respondents Figure 1 illustrates the gender distribution of 371 respondents in the respondent pool from Kabul University.
It revealed that most of the respondents were male students, who represented 218 respondents .
8%), in contrast to 153 females, comprising 2% of the sample.
Overall, this gender sample distribution indicates that male students were more involved in the study than females and reflects the overall enrollment patterns that are often seen across similar higher educational classroom settings in Afghanistan.
However, since both male and female students were included in the sample, the findings provide checks in perspectives, informing a more reliable and representative analysis of cybersecurity awareness and practice through the lens of 24 years above 21Ae23 years 18Ae20 years Figure 2.
Age Distribution of Respondents The age distribution of respondents in Figure 2 shows the largest group of participants was in the age range of 21Ae23 years .
students, or 47.
4%).
a group which likely reflects the normal age of first-year undergraduate students at Kabul University.
The second largest group of respondents was students aged 24 years and above .
respondents, or 27.
2%).
This likely includes university students who may have entered university later than others, and/or took a break from their studies before starting There were also 94 respondents .
3%) in the younger cohort of 18Ae20 years Jurnal Analisis Hukum 1.
: 101-133 of age.
Overall, the distribution provided many case-historical variations in educational background, which are an asset to the study findings on cybersecurity awareness.
Table 1.
Validity of the Cybersecurity Awareness Survey Instrument Domain Item No.
Factor Loading Cybersecurity Knowledge Attitude toward Cybersecurity Secure Cyber Practices Researchers validated the survey instrument to measure students' cybersecurity knowledge, attitudes, and secure practices accurately.
The validated instrument was reviewed for content validity by a panel of specialists in cyber-security and education, ensuring the items' relevance and clarity on a 5-point Likert scale.
Validity was assessed by conducting exploratory factor analysis, with factor loadings from .
74 to .
82, which exceed the desired 0.
50 threshold.
The findings demonstrate that all items strongly represent their domains, confirming the reliability and interpretability of subsequent By including the validated instrument, the study is more rigorous and findings about the students' cybersecurity awareness and behavior are more credible.
Table 2.
Reliability of Survey Instrument Domain Number of Items CronbachAos Alpha Cybersecurity Knowledge Attitude toward Cybersecurity Secure Cyber Practices Overall Instrument The reliability of the cybersecurity awareness survey instrument was evaluated using CronbachAos Alpha to examine the internal consistency across all domains.
Differences in reliability were evident in the individual domain analyses, with the Cybersecurity Knowledge domain reaching an alpha of 0.
Attitude toward Cybersecurity reaching 81, and Secure Cyber Practices reaching 0.
The CronbachAos Alpha for the instrument as a whole was 0.
all values exceed the commonly accepted threshold for reliability 70, thereby indicating high internal consistency.
Collectively, these results suggest the survey items are reliable and provide consistent measurement of intended P-ISSN: -.
E-ISSN: - constructs that will support the credibility and dependability of the descriptive and inferential analyses of cybersecurity knowledge, attitudes, and practices of students.
Law and Political Science Education Economics & Management Computer Science PERCENTAGE (%) Figure 3.
Faculty-wise Distribution of Respondents The distribution of respondents by faculty is summarized in Figure 3, indicating the varied representation of students from Kabul University.
The largest proportion of participants was from the Faculty of Computer Science, with 121 students .
6%).
can be anticipated, as these students would have direct engagement with digital technologies, and thus would be the most familiar with issues related to cybersecurity.
The Faculty of Law and Political Science represented 96 respondents .
9%), a reflection of the increased focus in academia on matters of cyber law.
The Faculty of Education represented 84 students .
6%), indicating the role of future educators in promoting students' digital literacy and safe practices.
Finally, 70 students .
9%) came from the Faculty of Economics and Management, representing students who are more heavily reliant on digital tools to complete tasks based in finance and administration.
This distribution was necessary to hear about cybersecurity awareness from several academic perspectives and to support the validity and generalizability of the study's Descriptive Analysis of Cybersecurity Awareness Table 3.
Descriptive Statistics of Cybersecurity Knowledge.
Attitudes, and Practices Variable Mean Std.
Deviation Min Max Cybersecurity Knowledge Score Attitude toward Cybersecurity Secure Cyber Practices Score Table 3 displays the descriptive statistics of respondents' cybersecurity knowledge, attitudes, and practices.
The mean score for cybersecurity knowledge was 3.
74 (SD =
on a 5-point scale indicating a moderate level of knowledge regarding basic cybersecurity concepts.
The attitude toward cybersecurity had the highest mean score 91 (SD = 0.
, indicating that respondents generally have a good attitude and perception of the importance of cybersecurity in both educational and personal The secure cyber practices score was slightly lower at 3.
56 (SD = 0.
indicating respondents have some awareness of cybersecurity and value its importance.
Jurnal Analisis Hukum 1.
: 101-133 but their secure practices do not align with their knowledge and attitude.
There is an apparent gap between awareness and behavior, which is often a challenge in cybersecurity education.
Overall, the findings show a need for targeted interventions to raise knowledge and encourage the implementation of secure digital practices.
Inferential Statistics Table 4.
Independent Samples t-test: Cybersecurity Awareness by Gender Gender Mean Score Std.
Dev.
t-value p-value Male Female *Significant at p < 0.
The findings from an independent samples t-test measuring cybersecurity awareness between male and female students at Kabul University are reported in Table 4.
Male students reported a higher mean score of 3.
85 (SD = .
, compared to females' mean 62 (SD = .
The calculated t-value was 2.
31 and a p-value of 0.
021 indicates that the difference in mean scores is statistically significant at the 0.
05 level.
Therefore, these findings indicate that male students demonstrated significantly more cybersecurity awareness than female students.
Such a distinction could reflect underlying differences in prior experience with digital technologies, academic preparation or engagement in computing- and computer programming-related activities.
The findings noted above indicate there is a clear need for a gender-sensitive approach to awareness programs so that women students are equipped with appropriate training and support to enable their cybersecurity awareness and practice and thus diminish the gap in the cybersecurity awareness levels.
Table 5.
One-Way ANOVA: Cybersecurity Awareness Across Faculties Source Sum of Squares Mean Square F-value p-value Between Groups Within Groups Total Post-hoc analysis: Students in Computer Science reported significantly higher awareness than those in Education and Economics.
Table 5 displays the one-way ANOVA analysis examining the differences in cybersecurity awareness across the faculties at Kabul University.
The results are statistically significant with faculty showing a significant difference in levels of awareness, as the betweengroups sum of squares was 12.
41, the mean square was 4.
14, the F-value was 5.
72, and the p-value was 0.
001, indicating significance at the p<0.
The sum of squares and mean square of 265.
82 and 0.
72 were reported within groups for a total sum of squares The Tukey post hoc comparisons provided the information that students in the Faculty of Computer Science had significantly greater awareness related to cybersecurity than their peers in the Faculty of Education and the Faculty of Economics P-ISSN: -.
E-ISSN: - & Management.
The current results support the assumption that awareness and knowledge may be increased simply by exposure to specific disciplines and/or curricula related to cybersecurity.
Therefore, awareness programs should be tailored to meet the needs of students, particularly those who have experienced lower levels of exposure to courses related to technology and systems.
Table 6.
Chi-Square Test: Recognition of Phishing Emails by Gender Gender Recognized (%) Not Recognized (%) NA-value p-value Male Female *Significant at p < 0.
Table 6 summarizes the Chi-square results concerning recognized phishing emails by Kabul University students by sex.
As shown in Table 9, 65.
1% of male students recognized phishing emails compared to only 50.
3% for female students, while 34.
9% of males did not detect phishing attempts compared to 49.
7% for female students.
The NAvalue was 6.
43, with a p-value of 0.
This indicates a statistically significant relationship between gender and phishing email recognition at the 0.
05 alpha level.
appears that male students are more proficient than female students in recognizing phishing emails.
The gender observations provide an opportunity to focus on targeted interventions for enhanced cybersecurity awareness in which female students can be helped to improve phishing detection skills to be safer online and reduce vulnerabilities to cyber incidents.
Table 7.
Regression Analysis: Predictors of Secure Cybersecurity Behavior Predictor Variable Coefficient Std.
Error p-value Cybersecurity Knowledge Attitude toward Cybersecurity Awareness of Cyber Law Gender (Male=1.
Female=.
Model Summary: RA = 0.
Adjusted RA = 0.
= 27.
45, p < 0.
Table 7 presents the results of a multiple regression analysis that examined predictors of secure cybersecurity behavior in first-year students at Kabul University.
The independent variables applied in the model included cybersecurity knowledge, attitude towards cybersecurity, cyber law awareness, and gender.
The model was significant.
= 27.
45, p < 0.
001, with an RA of 0.
42 and an adjusted RA of 0.
40, which indicates that approximately 40% of the variance in secure cybersecurity behavior is predicted by these predictors.
At an individual level, cybersecurity awareness was the greatest predictor ( = 0.
41, t = 13, p < 0.
, suggesting that the greater the awareness of students regarding cybersecurity aspects, the greater the tendencies for them to engage in safe behavior.
Jurnal Analisis Hukum 1.
: 101-133 Similarly, attitude towards cybersecurity also predicted safe behavior positively ( = 29, t = 4.
14, p < 0.
, marking the boundary of how students view and follow practicing safe cyber habits.
Cyber law awareness was also a significant predictor ( = 25, t = 2.
77, p = 0.
, indicating that awareness of legal frameworks improves good behavior in the virtual platform.
Gender made a marginal contribution ( = 0.
12, t = 1.
p = 0.
, suggesting male students are slightly more likely to have better cybersecurity behaviors than female students, although this effect wasn't statistically significant.
These findings support the inclusion of knowledge enhancement, attitude acquisition, and cyber law know-how within education interventions to promote safe digital conduct among university students.
Discussion The present study aimed to assess cybersecurity awareness, attitudes, and practices among first-year students in Kabul University and how specifically gender, faculty, and cyber law awareness influenced them.
The demographic results reported a higher percentage of male students .
8%) compared to female students .
2%), consistent with Afghan higher education enrollment (Al-Janabi & Al-Shourbaji, 2.
Age distribution indicated a majority of the participants to be in the age group of 21Ae23 years, typical of the general undergraduate population, while faculty-wise distribution indicated the largest presence to be from Computer Science, nicely representing the highest exposure to technology among the study population (Cheng & Wang, 2.
Descriptive analysis indicated that students possessed moderately high cybersecurity knowledge (M = 3.
SD = 0.
and positive attitudes towards cybersecurity (M = 3.
SD = 0.
, but true secure practices were slightly lower (M = 3.
SD = 0.
This is also in line with existing research emphasizing awareness doesn't always translate to secure use of the internet (Ahmad et al.
, 2021.
Al-Fatlawi, 2.
Students demonstrated a realization of key concepts such as phishing, social engineering, and good password needs but the application in practice is still inconsistent, mirroring the need for behavior reinforcement by training programs (Armas & Taherdoost, 2.
Inferential statistics revealed significant gender variations, as men scored higher on awareness and phishing identification.
This finding is also in line with earlier studies by Chang and Coppel .
and Oroni et al.
, which found that male students in developing countries show greater digital exposure and technological self-efficacy and therefore increased cybersecurity awareness.
ANOVAs run likewise indicated Computer Science students to be far more aware than Economics and Education department students, validating the position of contact within field in determining cybersecurity skill (Kumar et al.
, 2024.
Filipenko et al.
, 2.
Regression analysis also confirmed cybersecurity knowledge, positive attitude, and cyber-law awareness as predictors of secure behavior.
This corroborates earlier evidence indicating that legal framework awareness improves online-responsible conduct (Marune & Hartanto, 2021.
Alwan, 2.
The gender variable had a marginal effect, whereby males have higher secure practices but the difference is less evident once knowledge and attitude are controlled for.
These observations highlight the importance of comprehensive interventions that combine technical education, law P-ISSN: -.
E-ISSN: -
education, and attitude formation to establish sustainable cybersecurity habits among learners (Shillair et al.
, 2022.
Sandi & van den Berg, 2.
Conclusion The investigation The study investigated first-year students' awareness, attitude, and behavior in relation to cybersecurity at Kabul University, specifically examining gender, faculty, and experience with cyber law.
The findings indicated that students had moderate to high levels of knowledge of cybersecurity, as well as positive attitudes about safe behavior online.
However, there was a considerable gap between what students indicated they knew and their actual behaviors online reflective of safe behavior, suggesting potential for more practice-based approaches to education.
Male students and those in Faculty of Computer Science exhibited significantly higher knowledge than female students and students enrolled in non-technical faculties.
A notable outcome of the regression analysis was the finding that knowledge of cyber law was a significant predictor of secure cybersecurity behavior.
this was important since it shows that cyber law is not on the periphery of digital behavior, but at its core.
Legal knowledge provides students with an understanding of the potential outcomes of their actions in the digital space .
ata misuse, invasion of privacy, involvement in cybercrim.
, and to access knowledge of their rights and protections in the digital space.
There are distinct gaps in learning and teaching, and there is a pressing need for higher education institutions to teach cyber law/training as part of their cybersecurity This activity should include a syllabus that included, but was not limited to, national and international data protection laws, cybercrime laws, and institutional policies concerning digital ethics, and digital accountability.
Training in cyber law should be incorporated into the faculty of education's general education program and sequence and prioritized across a variety of learning scenarios .
, case studies, simulations, and inter-faculty, learning across all faculties while continuing to explore faculties beyond the disciplines of computer science or la.
Gender-sensitive measures need to be prioritized to ensure that women students have access to legal and digital safety training comparable to their male peers.
In addition to curriculum reform, universities should develop institutional policies that mandate ongoing legal awareness training, particularly during student orientation programs and digital literacy workshops.
Embedding cyber law into institutional policy frameworks ensures that cybersecurity is approached holisticallyAicombining technical skills, behavioral insights, and legal understanding.
Ultimately, the findings highlight that effective cybersecurity education must go beyond teaching secure practicesAiit must build a culture of legal awareness and accountability.
By institutionalizing cyber law as a foundational component of cybersecurity education, higher education can produce digitally literate graduates who are not only technically capable but also legally informed, ethically responsible, and better prepared to navigate the complex digital environments of the modern world.
Jurnal Analisis Hukum 1.
: 101-133 Recommendations and Implications From the findings of this research, it can be suggested that more work ought to be done in developing the cybersecurity culture around students at Kabul University.
Cybersecurity education should be a part of all the faculties that have modules on phishing, social engineering, hacking, and cyber law, especially both theoretical content and practical work.
Additionally, special focus should be given to female students and students from non-computing programs, such as Education and Economics, to mitigate the gender and faculty level awareness gaps observed.
Awareness drives and education campaigns should promote positive cyber safety attitudes that will enhance the transformation of knowledge into safe web actions.
There is also a need to increase awareness of cyber law, as knowledge of laws can promote responsible behavior and discourage risky internet behavior that can negatively affect individuals and society.
It is also important to put theory into practice in relation to phishing detection training, one's own device security, password generation, and other safe habits.
It is suggested that university administrations create institution-wide policies to support the culture of digital citizenship, which includes reporting recommendations for cyber incidents and providing opportunities for students to practice safe online behaviors.
The conclusions from this study have implications of the same magnitude.
Scholarshipwise, the research highlights that knowledge alone is not sufficient without attitude development and practical skills, emphasizing the importance of holistic cybersecurity From a policy perspective, this research provides a basis for developing targeted policies which can be employed by universities with respect to the differences in faculty and gender and awareness and practice.
Behaviorally, more awareness of the legal landscape and structured educational programs can positively influence the online interactions of students, reducing vulnerability to cyber-attacks and providing a safer online environment.
Finally, the research creates opportunity for longitudinal studies and comparative studies of other university programs to compare how educational materials work as interventions and how the cybersecurity culture develops.
Future research should explore longitudinal impacts of cybersecurity education, crossuniversity comparisons, technology-based interventions, and gender-specific awareness References