In the era of globalization secure cyberspace plays a significant role in achieving economic prosperity and building a modern, and powerful nation. With the rapid spread of cyberspace and communication technology, cybercrimes have become a considerable security con-cern. With the progressive increase in the number of internet users in Bangladesh, the percentage of attacks is rising too. According to the Kaspersky Security Bulletin 2015, Bangladesh is in the second position in the level of infection among all the countries. 69.55% of unique users are at the highest risk of local virus infection in Bangladesh. 80% of users are the victim of spam attacks according to Trend Micro Global Spam Map (N-CERT, 2015). However, when it comes to in-frastructure and capacities for cyber-security counter-measures, our nation falls short. For instance, there is a lack of cyber security awareness, a shortage of pro-fessionals who have received the necessary training, problems with law enforcement personnel, a subpar judiciary, and so forth.

Cyber security is a set of technologies, techniques, processes, and practices aimed to protect internet conn-ected systems which includes network, hardware, soft-ware and data from plausible attacks such as breach, theft, misuse, manifestation, harm, etc (Jeetendra, 2017). The main goal of cyber security is to assure confidentiality, integrity and availability of the system. Cybercrime is the type of crime which involves a net-work and a computer or any other smart device. The computer can be involved either as a tool or as the target. Cybercrimes can cause serious financial and re-putational damage to an organization or an individual. The objective of the study is to identify the numerous factors that contribute to cybercrime, its challenges, the relationships between different cyber security vari-ables, and potential solutions to these issues.

Literature Review

The issue of cyberattacks, which has emerged as one of the most crucial aspects of the Internet of Things (IoT), was discussed in a publication by Ulven & Wangen, (2021). By safeguarding IoT assets and user privacy, IoT cybersecurity aims to lower cybersecurity risk for businesses and consumers. The authors of the paper provided theoretical vulnerabilities faced by the IoT, major security issues, and necessary steps for the protection of cyber security and the IoT (Abomhara & Køien, 2015). Ramirez & Choucri, (2016) researched the 21st-century trends of cyberization and the rising demand for computer security. A recent increase in new technology investment has coincided with an in-crease in cybercrime, digital currency, and e-gover-nance. Businesses and governments are starting to focus their attention on all-encompassing cybersecurity solutions. Using an integrated approach, Ali et al. (2022) investigated the causes of IT system failure in Bangladeshs banking sector. Cyberattacks, database hacks, server failure, network outages, broadcast data mistakes, virus impacts, etc. were the reported factors. Then, to facilitate managers critical decision-making, these factors were examined. On a few Indian public and private sector banks, Atul et al. (2013) exposed the numerous cyberattack techniques used by cybercrime-nals as well as the various cyber defense strategies and how they relate to cyberattacks. According to the report, 60% of bank executives acknowledged that their bank has discovered internet theft. Scholars exa-mined the cyber threat posed by smart cities, assessed, exposed, and evaluated the advancement of data-dri-ven solutions for situational awareness. The author assessed attack detection approaches, risk assessment methodologies, and ways for modeling relationships across different smart city infrastructures (Neshenko et al., 2020). Chen et al. (2015) did an exploratory study using the flux-fluctuation law, the Markov state TPM, and predictability measurements to look for patterns and predictability in cyberattacks. Unsurprisingly, they discovered the fundamental pattern of cyberattacks and discovered that just a small number of attacker groups were responsible for practically all the attacks. A com-parative analysis of twenty nations national cyber security strategy was conducted by Shafqat & Masood, (2016). The timeframe of development clearly stated objectives and goals, degree of prioritization, nations perceptions of cyber threats, organizational overview, incident response capabilities, etc. were used as com-parative criteria. It was discovered that while the pur-poses and objectives of all the strategies were quite similar, their scopes and methods were very dissimilar. Additionally, the UK, USA, and Germany had the best strategy overall. Maalem Lahcen et al. (2020) revie-wed pertinent theories and ideas and offered insights, as well as a framework that integrates modeling and simulation, behavioral cybersecurity, and human fac-tors. To emphasize the significance of social behavior, environment, biases, perceptions, deterrent, intent, atti-tude, norms, alternatives, punishments, decision-making, etc. in comprehending cybercrimes, Matyo-kurehwa et al. (2020) studied the Cyber Security Awareness (CSA) perspectives among students at Zimbabwean universities to build a model of the effec-tiveness of cyber security training programs. They worked on some statistical analysis on their primary data to find any significant relationship between cyber-attacks and CSA. They found that malware attacks, social engineering attacks and IoT attacks are posi-tively related to CSA. In addition, they developed a cross-case analysis which showed that CSA is invari-ant on age and sex while CSA has a noticeable impact on the level of education and institution. Alqahtani (2022) launched a study about the factors behind cybersecurity awareness among students taking higher study. Based on the CSA data taken from Imam Abdulrahman Bin Faisal University college students, he analyzed and created a module to make the students aware about cybersecurity. Many relevant statistical analyses including ANOVA, multiple regression, cor-relation test, multicollinearity test was carried out con-sidering password security, browser security, and social media security as three main variables. All the three-security component was found significantly in-fluential on cybersecurity awareness. Kovacevic et al. (2020) explored how cyber security behavior is impacted by cyber security awareness. The study defined socio-demographics, cyber security percep-tions, previous cyber security breaches, IT usage, and knowledge as CSA factors. Through correlation and regression analysis, knowledge and IT usage was found to be a significant factor in cyber security be-havior. Ben-Asher & Gonzalez, (2015) inquired about how knowledge plays a role in the accurate classi-fication of malicious events and prevents damages from cyber-attack. They evaluated the impact of cyber security knowledge on the detection of cyber-attack. A reliable tool for detection is an Intrusion Detection System (IDS) which detects by matching known attack patterns of network events. But 99% of the alerts from IDS are false alerts so a human analyst is required for triage analysis (Monitoring & Detection). And more knowledge about cyber security significantly helps in the correct detection of malicious events and decreases false classification. Haque, (2019) studied public opinion on cyber security condition of Bangladesh. He found that 78.4% internet users thought the condition be vulnerable. He also referred to some cyber threats and recent cyber-attacks specially in financial sectors in our country. Describing the deficiency of awareness in this sector, this paper further discussed some nece-ssary policy regarding cyber security. Mazumder & Hossain, (2022) looked for a connection between board composition and disclosure of cyber security in Bangladeshs banking industry. Multiple linear regress-ion analysis and automated content analysis were employed in the study. Throughout the research pe-riod, the cyber security division trend in Bangla-deshs banking sector was up (2014-2020). According to the data, larger boards do not substantially affect CSD whereas increased female involvement is linked to higher CSD. Kundu et al. (2018) analyzed cyber-attack in the monetary sector of Bangladesh and investigated the causes of that in Bangladesh. As they found in-creasing trend of cyber-attack, they suggested avail-able framework against cybercrime in this paper. Hadlington, (2017) made a survey on attitude towards cybercrime as well as cyber security in business scale, Internet addiction and risky cyber security behaviors. By regression analysis the research shown that emp-loyee attitudes towards cyber security correlated nega-tively with which they engaged in risky cyber security behavior self-reporting is the Limitations for the study. 

Research highlights employee attitudes & knowledge can play vital role in cyber security. Astromskis (2017) developed a conceptual cyber security regulation framework, based on the fundamentals of transaction cost theory. The study evaluated it in the context of emerging legal technologies. Bowen et al. (2011) con-ducted an experiment on randomly selected 4000 stud-ents and staffs using forged phishing emails to investi-gate a new method to measure, quantify and evaluate the security state of large corporation organizations and government agencies. According to them, compu-ter security depends on the people who operate the system aside technology and systems. Nifakos et al. (2021) aimed a review study to find out the factors causing cyber-attacks in healthcare sector. They ana-lyzed and reported human behavioral causes of cyber threats in health organizations. They also researched the possible policies and measures which could be taken by the healthcare-providing organizations. In order to understand the mechanics of cyber-attack campaigns, Lallie et al. (2021) examined the cyber-attacks that occurred during the COVID-19 epidemic. 

Additionally, it showed how cybercriminals use actual crises and tragedies as cover for opportunistic assaults. Finally, the effects of these attacks on persons who work from home were explored, along with some future planning ideas. Sardi et al. (2020) studied by giving a special emphasis on one of the main challen-ges in the healthcare sector during the COVID-19 pandemic, the cyber risk. Since the beginning of the Covid-19 pandemic, the World Health Organization has detected a dramatic increase in the number of cyber-attacks. Information security and cyber security are two different concepts, according to Von Solms & Van Niekerk, (2013). They contended that these two arent quite interchangeable or similar. The safeguar-ding of information assets is known as information security. However, cyber security is the defense of the internets physical infrastructure, its users, and the assets that can be accessed through it. Consequently, cyber security has a further component. Staheli et al. (2014) surveyed and categorized the visualization eva-luation metrics, components and techniques for cyber security that were utilized in the previous decade of VizSec (A research community that focuses on visu-alization of cyber security) research literature. They also defined existing methodological gaps in evalua-ting visualization in cyber security as well as suggested potential avenues for future research. Švábenský et al. (2020) studied the fact that cybersecurity is now more important than ever, and so is education in this field. 

However, the cybersecurity domain encompasses an extensive set of concepts, which can be taught in different ways and contexts to understand the state of the art of cybersecurity education and related research. Klimburg et al. (2011) had outlined a cyberstrategy that provided the stance of the United States of America (USA) on cyber-related issues and outlined a unified approach to the USAs engagement with other countries on cyber issues. They analyzed about techno-logies that might be used to protect the cyber environ-ment and organization and users assets. Becker & Quille, (2019) studied about cyber-Security issues that needed to be integrated in the educational process in the beginning at an early age (Mia et al., 2022). 

This study focuses on cyber security emerging trends while adopting new technologies such as mobile computing, cloud computing, e-commerce, and social networking. The paper also described the challenges due to lack of coordination between Security agencies and the Critical IT Infrastructure. Lebek et al. (2014) provided an overview of theories used in the field of employees information systems (IS) security behavior by analyzing and synthesizing previous literature.

Data Collection and Processing

Questionnaires were used as the data collection tool for this cross-sectional study. Both personal interviews and mail questionnaires through google forms were used for this purpose. Internet users who are greater than 16 years old were the target population of this study. Simple random sampling was adopted in collec-ting data from individuals. For large samples, the formula for estimating sample size through Simple Random Sampling is-

n=(Z_(1-α/2)^2  pq)/d^2 

∴ n =  (〖1.96〗^2*0.5*0.5)/〖0.07〗^2  =196

Here, in this study,

P, Assumed proportion in target population =0.50; q=1-p =0.50; d, Degree of accuracy expected in the estimated population =.07; Z, Standard normal deviate = 1.96. Accordingly, 200 data from Dhaka city was gathered for the study. Data were analyzed using SPSS software in computer.

Principal Component Analysis

By turning a set of values for correlated variables into a set of values for linearly uncorrelated variables, PCA is used to reduce the number of dimensions. Old dim-ensions are changed into new dimensions. These new dimensions indicate that since the majority of the in-formation is included in the first few dimensions, it is acceptable to eliminate other dimensions containing less information/variance and instead choose the most significant ones, which results in dimensionality reduc-tion. In this project, orthogonal transformation is used in variance reduction.

Binary Logistic Regression Model

Let us define the binary random variable 

Z= {█(1 if the outcome is a success @0 if the outcome is a failure)┤ 

with probabilities Pr (Z = 1) = π and Pr (Z = 0) = 1− π, which is the Bernoulli distribution B(π). If there are n such random variables Z1,..., Zn, which are independent with Pr(Zj = 1) 

= πj ,then their joint probability is 

∏_(j=1)^n▒〖〖π_j〗^(z_j ) 〖〖(1-π〗_j)〗^(1-z_j )=exp⁡[∑_(j=1)^n▒〖z_j  log⁡(π_j/〖1-π〗_j ) 〗+∑_(j=1)^n▒〖log〖(1-π〗_j)〗]〗,

Which is a member of the exponential family.

Next, for the case where the πjs are all equal, we can define

Y = ∑_(j=1)^n▒z_j 

So that Y is the number of successes in n “trials.” The random variable Y has the distribution Bin (n, π): Pr (Y = y) =(n¦y)π^y 〖(1-π)〗^(n-y), y = 0,1,...,n.

For ith random variable Yi, μ_i=E(Y_i )=n_i π_i is the expected number of successes. We can allow μ_i to depend on x_i (vector of explanatory variables) via the link function

g(μ_i )=x_i^T β,

Where β is a vector of parameters.

Finally, we consider the general case of N independent random variable Y1, Y2,...,YN corresponding to the numbers of successes in N different subgroups or strata. If Yi ∼ Bin (ni ,πi), the log-likelihood function is 

l(π1,...,πN;y1,...,yN) = ∑_(i=1)^N▒〖[y_i  log⁡(π_i/〖1-π〗_i )+n_i log〖(1-π〗_i )+log(n_i¦y_i )]〗

Where, π_i=e^(x_i^T β)/(1+e^(x_i^T β) ) .

The parameter vector β can be estimated numerically using numerical methods.

Finally, the model can be written as

log⁡(π_i/〖1-π〗_i )=x_i^T β.

Odds ratio, ORj =e^(β_j ).

Poisson Regression Model

Let us consider Y1,...,YN be independent random variables with Y_i  denoting the number of events obser-ved from exposure ni for the ith covariate pattern. The expected value of Y_i can be written as E(Y_i) = µ_i  = n_i θ_i  .

The dependence of〖 θ〗_i  on the explanatory variables is usually modelled by 〖 θ〗_i  = 〖 e 〗^(x_i^T  β).

Therefore, the generalized linear model is E(Y_i) =µ_( i)  = n_i 〖 e 〗^(x_i^T  β);

Y_i ∼ Po(µ_( i)).

The natural link function for the Poisson distribution, the logarithmic function, yields a linear component 

logE(Y_i) = constant +〖 x〗_i^T β .

For a binary explanatory variable denoted by an indictor variable, x_j = 0 if the factor is absent and x_j  = 1 if it is present. The rate ratio, RR, for presence vs. absence is 

RR=( E(Y_i  | present) )/( E(Y_i  | absent))=e^(β_i ). 

When the response variable is over dispersed, more sophisticated model such as Negative Binomial Regre-ssion Model can be used.

Factor analysis using principal component analysis on cyber behavior

The goal of the traditional principal component ana-lysis is to reduce the number of m variables to a small-ler number of p uncorrelated variables known as prin-cipal components which account for the variance of the data as much as possible. PCA is suitable for conti-nuous variables, and it assumes a linear relationship between variables, it is not an appropriate method for dimension reduction in categorical variables. Alterna-tively, categorical principal component analysis (CATPCA) has been developed for data having mixed measurements such as nominal, ordinal, or numeric which may not have linear relationships with each other. We refer to Gifi, (1990) for a historical review of CATPCA using optimal scaling. We compute the Bartletts test for sphericity and find the Kaiser-Meyer-Olkin measure of sampling adequacy before proceed-ing to factor analysis.

Table 1: KMO and Bartletts Test

Here, the Kaiser-Meyer-Olkin measure is .751 which indicates the dataset is valid for factor analysis. Bartletts test for sphericity tests the hypothesis that a correlation matrix is an identity matrix, which means the variables are unrelated. For our data, we have p-value .000 for Bartletts test for sphericity. Therefore, we have enough evidence to conclude that the factor analysis is useful for the data. Now we can approach for the factor analysis in our dataset. The initial values of commonalities are set to 1. The highest extracted value is for the variable “Sharing password” is .693 in-dicating that a 69.3% variation in “Sharing password” is explained by the principal factors. 65.6% variation in “Same password multiple use” is explained by prin-cipal components. The least explained variable is “In-secure payment info online storage” which has an extraction value of about .294. As all values here are greater than .25, the communalities are acceptable (Table 2).

Table 2: Communalities and extracted values (Extraction Method: Principal Component Analysis).

Table 3 shows the eigenvalues and percentage of vari-ance in the original variables. From eigenvalues of component, we can see that 1st 4 components eigen-value is greater than 1. So, 1st four components are considered as four factors that are altogether explain-ing about 49% of the total variance which is moderate.

Table 3: Total variance explained (Extraction Method: Principal Component Analysis)

Fig. 1: Scree plot for eigenvalues of the components.

The scree plot shows that eigenvalues drop somewhat rapidly from components one to four. As 4 components are above one, four components are selected. 

Table 4: Table for Rotated Component Matrix (Extraction Method: Principal Component Analysis).

Rotation Method: Varimax with Kaiser Normalizationa

a. Rotation converged in 6 iterations.

Variables that are most strongly correlated with each component are selected in Table 5 from the rotated factor matrix (Table 4). 

We assume 0.5 as a threshold value and select the variables for each principal component accordingly.

Table 5: Variables included in the factors.

As the factors cannot explain the total variance more than 60%, we may fit our statistical models with individual variables.

Fitting Binary Logistic Regression Model to assess victimization status

In Table 6, the odds ratio is discussed to show the effect of the covariates on victimization status. The odds ratio describes the odds that an event occurs given a particular exposure is present compared to an event that occurs given the exposure is absent. Con-trolling for all other variables in the model, cybercrime victimization is 3.028 times more likely for those who use common password than those who do not (p-value=.012). Also controlling for every other variable, the odds of cybercrime victimization is 2.526 times higher as person shifts from not storing personal data online to storing them online (p-value=.034). For per-sons leaving payment information on website with no clear security compared to those who do not, the odds of victimization are significantly 66.3% lower (p-value=.02). However, this seems illogical and may be observed due to our sample data. Having the habit of disabling antivirus while downloading significantly in-creases the victimization odds by approximately 3 times (p-value=.014). The practice of downloading digital media from unknown sources significantly rises the victimization odds by 2.398 times (p-value=.041). The likelihood of cybercrime victimization when a person shares personal information to strangers over the internet is 4.422 times greater than that of their counterparts. The p-value here is .002 which refers to the factor being highly significant at a 5% significance level. The significant outcomes support the research hypothesis I. All the other covariates are statistically insignificant at 5% level of significance. 

Table 6: Binary Logistic Regression Model for victimization status.

*Here No (0) is the reference category for all the regressors. 

Fitting Poisson Regression Model to assess victimi-zation frequency

Table 7 shows the results from the Poisson regression model for the frequency of cybercrime victimization. Since the frequency of victimization is over-dispersed, the Negative Binomial model would be a better fit for this scenario. Its AIC is 465.131, whereas the AIC of the Poisson regression model is 540.994. However, a Poisson regression model is fitted here for ease of use. Here, we only describe the results which are statis-tically significant at 5% level of significance. 

We have found women more vulnerable than men. The mean victimization rate of men is 35.2% less than that of women (p-value=.015). For one unit increase in social cite number, the mean frequency of victimi-zation increases by 15.2% (p-value=.013). Users who spend more than 6 hours online experience an average rate of victimization that is 89.9% higher than those who spend less than 2 hours online (p-value=.044). The findings of the study by Cornelius (2016) demons-trated a positive, substantial, causal link between users intention to adopt safe technology and their knowledge of cyber hazards. Similarly, in this study, Knowledge of cyber security has been demonstrated to be a critical component in protecting against victimization. When compared to their counterparts, those with an under-standing of cyber security are 44.7% less likely to exp-erience cybercrime victimization (p-value =.001). This finding supports the research hypothesis II. When the p-value is less than 0.05, the odds of victimization rate increase by 16% for every unit increase in the number of social sites. Therefore, social site number is a highly significant factor.

Table 7: Poisson Regression Model for frequency of victimization.

Cyber facilities have brought a wave of change in our modern life. The purpose of the study is to see the be-havior of cybercrime victimization, knowledge of cyber security, and causes of cybercrime victimization and to find some possible solutions and recommenda-tions for this problem. The most common sort of cybercrime happening around is found to be hacking, identity fraud, phishing, monetary loss, computer virus and so on. The research demonstrates that the depen-dent variable cybercrime victimization is strongly ass-ociated with the independent variables which are pass-word sharing status, using common password, cyber security knowledge Status, personal information online storage status, downloading free antivirus from unkn-own source, disabling antivirus for downloading, dow-nload digital media from unknown source, clicking links unauthorized sites, personal info Sharing with stranger over online. However, not all other variables have significant impact on cybercrime victimization. According to the regression models findings, women are more likely than men to experience cybercrime. It is also evident from the views of the respondents that women are not very protected online. The study also contributes to some important opinions on cybercrime in the industrial sector. 69.5% of respondents strongly agree that management has the responsibility to ensure a company is protected from cybercrime. 65.2% of res-pondents strongly agree everyone in the company has a role to play in protecting against threats from cyber criminals. 56.52% of respondents agree that they dont have the right skills to be able to protect the organiz-ation from cybercrime. 52.1% of respondent agree that the Police cannot deal with cybercrime effectively. 39.13% of respondents were neutral that they worry that if they report a cyber-attack to the Police, it might damage the reputation of the company. The economic & digital development of the world along with our country is going on in a rapid speed. For this purpose, it is cyber security that is playing a vital role and contributing in these sectors. So, after conducting the study and recognizing reasons for cybercrime, we re-commend following suggestions.

1) The Govt. should initiate cyber training programs.

2) The prevailing Law of Cybercrime should be implemented.

3) Strict cyber law should be imposed.

4) More and more seminars should be arranged to raise awareness among people. 

5) Back dated software are unable to protect the device from cyber-attack. So, users should use up to date software in their devices.

6) For cyber security passwords is an exigent ob-ject. To avoid hacking, users should use strong & unique passwords.

7) Users should backup the data & review online accounts regularly.

8) Unauthorized & unknown sites contain viruses. So, downloading any content from unknown sources should be avoided.

9) There is a high risk of identity theft, making fake accounts, harassment for sharing personal infor-mation. Therefore, sharing personal information with anyone should be avoided.

First and foremost, the author is grateful to Almighty Allah.  The  author  is  also  thankful  to  anonymous reviewers  and  editors  for  their  helpful  comments  and suggestions. 

The author declares no conflict of interest.