Is cyber hygiene a remedy to IPTV infringement? A study of online streaming behaviours and cybersecurity practices

Spurred by the rapid modernisation of the sector and advent of Internet Protocol Television (IPTV), Audio visual (AV) piracy is at epidemic levels, with interventions having limited eﬀect. The dominant theme in interventions to date have been around personal de-terrence (i.e., the threat of legal action) and have not considered other factors that may inﬂuence an individual’s decision to consume infringing content. In this paper, we consider psychological factors, including perceptions around risk-taking, security behaviours, problematic internet use and personality traits to gain a comprehensive understanding of factors inﬂuencing engagement with IPTV, and the potential implications for cybersecurity. For this purpose, a survey was conducted with 283 participants living in the UK (age range 18 - 74, male 104), and an integrated structural equation model was constructed. Our ﬁndings showed a positive relationship between security behaviours and the perceived risk of viewing IPTV, and a negative relationship between the dark personality triad and perceived risk of viewing IPTV. They suggest that security be-Rajiv


Introduction
In studies conducted by EU Intellectual Property Office (EUIPO) and the Audiovisual Anti-Piracy Alliance (AAPA), it was revealed that trends in illegal Internet Protocol Television (IPTV) streaming practices are steadily increasing [1,2].Despite the introduction of recent legislation and substantial efforts by national and Pan-European law enforcement to combat piracy [3,4], and their successes in dismantling prominent criminal groups, AV piracy does not seem to subside.Organised criminal groups operate over a variety of business models -ranging from free services to formal monthly subscriptions, with the underlying infrastructure commoditised and resold, making direct enforcement actions difficult due to the disaggregated nature [1].
In this study we focus on consumer behaviour and explore the factors that influence one's decision to consume potentially infringing AV content online through IPTV services.The aim of this study is to identify potential factors that contribute to the behaviour of consuming infringing content and as such, identify areas of intervention that are likely to have a positive impact.
The theoretical background and literature review on motivators towards AV piracy is presented in the following section, with associated hypotheses being derived.
With the context from the literature review, we then construct an operational model.Then, for the purpose of this study, we introduce and validate a means of measuring IPTV viewing risk, which adopts well-accepted risk perception and risk-taking approaches.The newly introduced scale is then combined with the other identified constructs in a fully estimated structural equation model.The paper concludes with a discussion on the findings and potential implications of the study.

Theoretical Background
The decision to consume AV content through third party sites can be influenced by several factors.It has been reported that risky online behaviour can be predicted by risk perception [5][6][7], cybersecurity knowledge, risktaking in real life and the individual's personality traits [8].

Risk perception
Perceived risk is defined by [9] as the subjective assessment by an individual of the potential uncertainties and negative consequences linked to a decision or action.When faced with risky decisions, people tend to prioritise avoiding mistakes rather than maximising gains [10], making perceived risk a significant factor explaining behaviour in decision-making contexts.In the context of online piracy, perceived risk encompasses various elements including the chance of getting caught, and the severity of potential consequences if caught.Perceived risk can be measured to be high for certain threats and activities such as identify theft, viruses, phishing and keylogger attacks but low for general internet browsing and information sharing on social media [11].Existing research has consistently demonstrated that perceived risk significantly influences people's intentions regarding digital piracy [5][6][7].However, the relationship between perceived risk and risk-taking in online piracy is rather complex.While it is argued that the relationship between risk perception and risk taking is expected to be negative and high risk perception will lead to low risk taking, it has been reported that individuals may perceive and respond to risks in different ways depending on the situation and their personal characteristics and experiences, leading to potentially paradoxical attitudes towards risk.[12] argued that the inconsistent findings regarding the relationship between risk perception and risk taking can be conceptually explained to some extent.For instance, being aware of engaging in risky activities can increase the sense of personal risk, leading to a positive correlation.Conversely, a reduced sense of vulnerability can contribute to higher risk taking, resulting in a negative correlation.The latter is also supported by [13].
Against the above, we adopt the more rational and intuitively straightforward hypothesis of the two: -H1: There is a negative relationship between perceived risk and risk taking regarding the viewing of IPTV content.

Security behaviour
Cyber security awareness is a key driver of security behaviour, and is defined as an individual's understanding of the importance of information security, their responsibilities, and the behaviour they exhibit in relation to safeguarding information by [14].Studies show that cyber security awareness plays a vital role in promoting security behaviour [15,16].For example, Li et al. [17] investigated the impact of cybersecurity policy awareness on employees' behaviour and found that when employees are aware of their company's security policy and procedures, they are more able to positively complete cybersecurity tasks than those who are not aware.Moreover, Jaeger and Eckhardt [18] showed that situational information security awareness increases perceived threat and perceived coping efficacy (i.e., the belief that one can effectively cope with a challenging situation) and, ultimately, actual behavioural responses to phishing attacks.The research on the impact of security behaviours on digital piracy is relatively sparse, instead with more research present on known security impacts of IP infringement -i.e., the potential to be infected with viruses and malware [19][20][21].
Based on the literature review cybersecurity behaviour, we hypothesise that: -H2: There is a positive relationship between Cyber Security practices and perceived risk of viewing IPTV content.

Problematic Internet Use
Problematic Internet usage is described as an individual's lack of control over their internet activities, leading to disruptions in meeting social, work, and personal obligations by Young [22].Studies have investigated the connection between problematic internet use and security behaviours, revealing a statistically significant correlation between symptoms associated with a negative relationship with internet and risky behaviour online [23,24].[25] expanded on this relationship, using Jessor's Problem-Behaviour Theory (1977) to justify this link and relate it to the ongoing COVID-19 pandemic .Moreover, recent research in "problematic video streaming" indicated a positive relationship with problematic internet use [26][27][28].Accordingly, we constructed the following two hypotheses introducing the mediating role of cyber security behaviour between problematic internet use and risk taking in viewing IPTV content: -H3: There is a negative relationship between Problematic Internet Use and Cyber Security practices.-H4: There is a negative relationship between Cyber Security practices and risk taking for viewing IPTV content.For IP infringements in particular, [29] conducted two comprehensive studies focusing on the psychopathic traits, reporting that low self-control (Disinhibition and Conscientiousness) is a predictor of media piracy.Machiavellianism was identified as a partially supporting factor to IP infringement by [30], which would be interesting to explore further, since it was identified as a predictor of attitude to piracy by Al-Rafee and Cronan (2006) [31].The dark personality traits have been studied in the context of risk and IPTV streaming.The dark triad comprises three negative personality traits associated with harmful behaviours: Machiavellianism, characterized by a manipulative view of human nature; narcissism, featuring a grandiose self-importance and a need for admiration; and psychopathy, defined by a lack of empathy and a tendency for impulsive and antisocial behaviour [32].Dark traits have been shown to be positively related to risky behaviour [33,34], as well as addictive behaviour [35].Hosker-Field et al. [36] studied the interplay between psychopathy, risk perception and risk taking and found that some psychopathy traits where related to risk taking via risk perception.Assuming that a high scoring dark trait will be more likely to engage in risk taking activity: in our case stream content despite the associated cybersecurity risks, the following hypothesis is formulated: -H5: There is a negative relationship between the dark personality traits and perceived risk of viewing IPTV content.The above hypothesis is constructed assuming that perceived risk fully mediates the (positive) relation between the dark traits and the viewing of IPTV content.
The hypotheses of this research are summarised in the operational model presented in Fig. 1.

Participants
The primary data for this study was collected on the 22nd of April 2022 and the questionnaire was administered through Prolific1 .Solely participants resident in the UK were chosen to retain consistency, since streaming services available differ across countries and there may be certain cultural and legal factors that impact people's decisions.Compensation for participation in the questionnaire was reimbursed through Prolific, subject to meeting the criteria that no more than one attention check was failed, out of three.Excluding the failed attention checks, and incompletely filled questionnaires, a total number of 283 fully answered questionnaires were returned, with the demographics of the respondents shown in Table 1.

Measures
The measures used in this research are based on the cited literature.A five-point Likert scale was used for all structural items, except for the risk constructs, where a seven-point scale was adopted in accordance with the specification of the DOSPERT scale.The risk constructs consist of targeted questions for both perceived risk, and risk taking specific to IPTV viewing.The following measures were used or developed: Security behaviours.To measure the participants alignment to common established security practices, the Human Aspects of Information Security Questionnaire (HAIS-Q) [37] was utilised.This was chosen instead of the Cybersecurity Judgment Questionnaire [38] since it offered the capacity to analyse multiple component domains.It has also been validated by multiple studies, increasing confidence in the integrity of the scale [39].The scale measures knowledge, intention, and behaviour across seven security domains: password management, email use, internet use, social networking use, incident reporting, mobile computing, and information handling.
For our study, three domains overall were usedpassword management, internet use and social networking use.These were selected because they hold the closest association to the subject matter of IPTV infringement, as opposed to incident reporting, information handling and others which are not directly relevant.The HAIS-Q also tests multiple areas of security behaviours through knowledge of policy, attitudes to policy and self-reported behaviour.Again, in the context of this study, knowledge of policy and attitudes to it can be deemed largely irrelevant since it is the behaviour for each of the domains that has been found to hold Fig. 2 The baseline site mock-up statistical significance, and as such were removed.The overall Cronbach's α for the self-reported behaviour section utilised was α = 0.526.Although this was lower in our survey compared to other studies -where the alphas for the HAIS domains ranging from 0.76 to 0.83 [40]-we proceed with the analysis as HAIS-Q is a fairly mature scale and all other sections of the study have an acceptably high alpha.
Problematic Internet Use.Existing literature utilised the Online Cognition Scale to determine problematic patterns of internet usage [23], however for this study it was discounted due to the length and depth of the scale, in which a total of 36 individual points were required.Completion time of the questionnaire was a factor to ensure that participants remained engaged in the activity.As a result, the Problematic Internet Use Questionnaire (PIUQ-SF-6) was utilized instead [41].Consisting of solely 6 questions it is a condensed version of the original 30 item survey [42], retaining the three subscales of it; obsession, neglect and control disorder, and has been confirmed as a robust scale (α = 0.82).
Dark personality traits.The dark personality triad scale or SD3 [32] is a second-order construct of 27 items contributing to three subscales of narcissism (self-importance to the degree empathy for others is diminished, α = 0.71), Machiavellianism (manipulativeness and disregard of morality and ethics, α = 0.77) and psychopathy (lack of empathy and emotional response, along with detachment from behaviours, α = 0.80).
IPTV viewing (perceived risk, risk taking).The approach for developing IPTV specific risk measures included the development seven hypothetical scenarios, with ordered cyber threat levels based on a mock-up of an IPTV streaming site.The baseline mock-up case is shown in Fig. 2. and contains no indications that copyright may be potentially infringed, instead, being described as a free streaming service.
To obtain the mock-up, a template for a streaming website was purchased from online resource marketplace.Using the template, and randomly selected posters of movies and TV shows, which were blurred to avoid distracting from the design of the website, a draft was created.Focus is intended to be drawn towards the left-hand side with options to filter content, emulating aggregation sites [43,44] and implying that there is a practically unlimited amount of content on the site, as would be the case with an infringing site due to the absence of restrictions around rights and distribution [45].
With the mock-up created, the next stage was to place it in a variety of plausible scenarios, in which the potential risk of the action is different.This was achieved by researching common malicious features present on websites and implementing equivalents on the mockup [46,47].This process allowed for the creation of seven distinct scenarios as summarised in Table 2.All the scenarios and their representative nature of the common malicious features were face-validated with both an ordinary user and a domain expert.
Pop-up ad.Utilising an invasive pop-up advertisement with a suspicious call-to-action, claiming that the user has won a prize is a hallmark of malicious advertisements (also known as malvertising) and is documented in literature as both being common on sites aiding IP infringement, and a common method malicious actors employ to attempt to gain a foothold [48,49].
Banner ad.Utilising banner ads alongside content, with aggressive calls-to-action, are known to be tactics that malicious actors use when exploiting advertising networks to deliver malware.It has been observed that when users notice adverts of this type that their confidence in websites decrease, which may cause them to question the legitimacy of the mock-up site [50][51][52].
Spyware.User attitudes to spyware are well documented, ranging from the "I have nothing to hide" argument to severe concerns.As a result, it makes sense to isolate this as a potential factor impacting a user's choice to utilise the site.Encountering spyware while browsing the web is not outside the realm of possibility, especially on websites that have a history of hosting infringing content [53][54][55].
Ransomware.An increasingly prevalent type of malware, ransomware is opposite in its behaviour compared to spyware.Instead of sitting quietly in the background, it destroys data creating a direct impact rapidly after infection.As a result, even users with a sense of apathy towards malware (i.e., the "nothing to hide" argument) may be inclined to avoid a service that carries the risk of Fig. 3 The scales used for perceived risk and risk taking, for viewing IPTV content.
Install app.Requiring an application installation to access content is known to discourage users from utilising a website or service, and as a result may discredit it.In the context of malicious actors, this has been observed as a tactic to gain access to a user's device before progressing further, making the interaction something that a user may be aware to look out for, impacting their choice [59][60][61][62].
The scenarios were presented to the survey participants by showing them the control scenario initially, followed by the six remaining scenarios presented in a random order.The scenarios were attached to the two seven-point scales to record perceived risk and risk taking, following the convention used by the DOSPERT scale (Fig. 3).
Table 3 presents the results of an exploratory factor analysis (EFA) for the developed IPTV risk items.For the EFA, 75 responses were randomly selected from the sample.For both measures the alphas were acceptably high (over 0.7), showing adequate internal consistency.The analysis indicates two factors, grouping scenarios 1,2,3,6,7 in one factor and 4,5 in another.For both measures, all items produced loadings greater to 0.4, with no cross-loadings over this threshold.The Kaiser-Meyer-Olkin values were above 0.6, showing that the dataset can be considered for factor analysis.Bartlett's test showed no correlation between the variables.

Consistency, validity and reliability of the survey instrument
As the questionnaires used in this research are validated and widely accepted in the literature, we argue that content validity is supported (Straub, 1989).However, as the IPTV constructs are newly introduced, validation was performed for the purpose of this research.In addition to the validity and reliability tests performed for all constructs, the IPTV items were subject to additional exploratory factor analysis as shown above.In addition, the first order factors were used in the final estimated model.Creation of sub-constructs and second order factors for IPTV viewing would result in the creation of another domain specific measure and is reserved for future research.In any case, the IPTV viewing measures adopted the DOSPERT scale approach.
Against the above, confirmatory factor analysis (CFA) to examine the properties of first and second order dimensions was performed, and the loadings are summarised in Table 4.All components showed acceptably high loadings, though the first item of the dark personality triad, the Machiavelli subscale, had an unacceptably low loading (0.266) and was removed.The second order loading of the scale however was acceptably high (0.777).
Table 5 summarises the properties and indices of the constructs.Most Cronbach alphas are close to, or over 0.7 (particularly the main constructs), which supports internal consistency [63].For all constructs, the Total Variance Explained (TVE) is above the 50% threshold, supporting instrument construct validity.The composite reliability (CR) values are higher than 0.70, leading to an acceptable construct composite reliability [64].
Considering that the values of the Kaiser-Meyer-Olkin (KMO) measure are larger than 0.50 and the Bartlett's test are significant (p < 0.05) for all constructs and sub-constructs, we accept that the data is significantly meaningful for further analysis and indicates that the data is suitable for structure detection [65].All Intra-Correlation Coefficients (ICC) have values much larger than 0.10, therefore structural equation analysis is supported [66].

Normality tests
Table 6 summarises the properties of the constructs or establishing whether these follow the normal distribution.The approach involves calculating the mean, standard deviation, skewness, and kurtosis statistics for the constructs and the Shapirov-Wilk test to assess normality.Although there is no consensus on the cut-off values for skewness and kurtosis before non-normality becomes a problem, a common guideline suggests that data is considered normal if skewness ranges from -2 to +2 and kurtosis ranges from -7 to +7 [64].
From the calculated values it can be observed that all constructs have skewness and kurtosis values well within the acceptable range.Moreover, according to the S-W test, security behaviours, SD3 and risk-taking follow the normal distribution, whereas PIU and perceived risk do not follow the normal distribution.
Table 7 displays the correlation coefficients between all the pairs of constructs used in the analysis, along with the square root of the Average Variance Explained (AVE) for each construct.This was done to check if the constructs are distinct from each other (ensuring construct discriminant validity).The results show that the correlation coefficients are significantly different from unity, and they are lower than the square root of the AVE of each construct, indicating that the constructs are different from each other.

Common method bias
The investigation for the presence of common method bias was performed using Harman's single factor test [67].By loading all items on one factor, we note that the first factor explains only 24.9% of the total variance.In addition, six factors are identified which were found to follow closely the five constructs proposed.As such, we conclude that a risk of common method bias is minimal.

Results
Table 8 shows the results of two models, the hypothesised model and Harman's single factor model.The hypothesised model is a CFA on all five constructs of the study, whereas the single factor model contains all items in one factor (construct).
From the results in Table 8 it is established that the hypothesised model is an acceptable fit, whereas the single factor model is a poor fit.Moreover, by comparing the chi-square results of the two models, we get ∆chi-square/∆ df=101.6428.As this value is substantially higher than the critical value of 3.84 per degree of freedom, we can conclude that single respondent bias is limited, and the latent factors correspond to separate constructs [68].

Structural model
The final structural model results are summarised in Table 9 and the standardised estimated coefficients are presented visually in Figure 4. From this table we conclude that the final model presented in Figure 4 is a good fit.

Discussion
Looking at the paths of the model, we observe the negative relationship between the dark personality triad and perceived risk of viewing IPTV (accepting H5).In addition, the Psychopathy trait dominates the other two (with a standardised coefficient of 0.759), agreeing with the observation by [29].Although there is no clear consensus in the literature on the direction of relationship between perceived risk and risk taking, for this study a negative relationship was confirmed (accepting H4).
While such a relationship can be considered the default choice when assuming that people are rational decision makers, this is not always observed in some cases, and particularly in situations with thrill seeking individuals who are prone to taking high risks to obtain high rewards [69,70].It should be noted however, that the highest risk-taking scenario, that of risk being infected by a ransomware as a "reward" of viewing AV content, shows the lowest weight.
The expected positive relationship between security behaviours and perceived (IPTV) risk further validates and confirms the model (accepting H3).Security behaviour has been shown to relate to risk perception [71], and risk perception has also been reported to be a predictor of security precautions [11].
Security behaviours mediates the relationship between problematic internet use and IPTV risk taking (accepting H1 and H2).Observing the path from dig-ital addiction (PIU) to IPTV risk taking, we can establish that people with high internet addiction will be more willing to consume AV content (since the two negative estimates multiplied result to a positive number), at the expense of cybersecurity behaviours.The negative relationship between problematic internet use and cyber hygiene has been identified in several studies [25,23,72].

Implications
From the estimated model and the previous discussion, it can be seen that regardless of the introduction of legislation and enforcement actions being conducted to deter IPTV infringement, there will always be a market of viewers willing to consume AV content through unofficial, potentially copyright infringing means.This in turn will be a motivating factor for new actors to profit from infringing business models.Although most legislative controls focus on the providers of the infringing AV content and particularly those who have financial gains, an attempt to tackle the consumer side to reduce the market size could also be a valid strategy, with additional potential benefits.
The medical research community generally accepts that there are certain behaviours that are governed by strong genetic influences [73] and that the physiology of the brain can determine some personality traits, psychopathy being one of them [74].By adopting this view, it is deduced that individuals with a high dark personality score are less likely to change their behaviour, or at least observe a significant change, in AV consumption from potentially infringing websites.
With this said, it is acknowledged that problematic internet use and security behaviours can be improved with provision of appropriate support.Internet addiction has been shown to be influenced by an individual's environment and can be a result of several factors, such as stressful life events [75], the recent COVID-19 lockdown [76], satisfaction with life [77], and coping style [78].As such, tackling internet addiction would address IPTV streaming to an extent.It is important to caveat this however, in that interventions may not necessarily affect solely illegal streaming.Binge watching for example, is an addictive behaviour which can appear for both legal and illegal AV content consumption.
The key differentiator and factor according to our estimated model is cybersecurity behaviours.The scientific literature has accumulated a considerable body of knowledge on cybersecurity awareness and training methodologies, approaches and practices (for example [79-81]).Cyber security awareness campaigns have been delivered in both corporate environments and to the wider public.Currently, the campaigns to fight IPTV crime focus on the well-being and prosperity of the creative industry, such as showcasing job losses, the impact on the theatre industry and so forth.We argue that if the narrative is updated to showcase the risks an average user may be facing when consuming infringing AV content, the seriousness of such actions would start being compared with risks in other potentially more important (to the user) areas such as online banking, personal data theft and so forth, leading to lower rates of infringement.
6 Limitations and future work The research was a cross sectional study, conducted during a specific period (April 2022).Due to the nature of this problem domain, a longitudinal study would reveal more information, especially after deploying policies and campaigns targeting cybersecurity and illegal IPTV streaming.The survey targeted the UK population.The survey would need to be expanded to cover more countries (the EU and US in particular) and be verified to ensure it aligns with many official studies that cover these areas.
This paper introduced a measurement scale for assessing risk in the IPTV domain.While the development of the scale followed the well accepted DOSPERT scales, further validation is needed to ensure that the scale is aligned with and reflects the theoretical foundations of consumer behaviour in online AV content consumption.
Finally, the estimated structural equation model could be modified to use the dark personality triad as a moderating factor, as such factors are also found to influence (moderate) relationships rather than predicting outcome variables.

2. 4
Personality traits Personality traits are seen as factoring into decisions by people to commit IP infringement in multiple studies, with Ming et al. (2015) and Satchell et al. (2022) finding evidence of correlation between IP infringement and the big five personality traits (Digman 1990) and the triarchic model of psychopathy (Patrick et al. 2009) respectively.

Table 1
Sample demographics

Table 2
Mock-up scenarios

Table 3
EFA results for IPTV perceived risk and risk-taking measures.

Table 4
Results of the Confirmatory Factor Analysis for all constructs.

Table 5
Properties of constructs and sub-constructs.

Table 6
Construct properties for normality assessment.

Table 7
Correlation coefficients and AVE for the constructs.

Table 8
Fit indices for hypothesised and single factor models.

Table 9
The final Structural Model.