Behavioral and Cognitive Pathways to Information Security Outcomes in Smart Universities

Cybersecurity effectiveness in digitally intensive university environments depends not only on technological safeguards but also on how individuals enact protective behaviors within decentralized systems. While prior research has largely emphasized compliance intention, limited empirical attention has examined how behavioral mechanisms translate into measurable confidentiality, integrity, and availability (CIA) outcomes in smart universities. This study develops and tests an integrated structural model grounded in the Theory of Planned Behavior and Social Cognitive Theory to examine how contextual exposure, cognitive resources, and motivational processes jointly influence security outcomes. Using structural equation modeling (SEM), data from 540 respondents across multiple higher education institutions were analyzed. Behavioral intention (β = 0.489) emerges as the strongest predictor of CIA, followed by self-efficacy (β = 0.190). Cybersecurity knowledge influences CIA indirectly through attitudes and intention rather than through a dominant direct path. Technological exposure (β = 0.250) and social norms (β = 0.540) primarily strengthen knowledge formation. The model demonstrates strong empirical fit (CFI = 0.997; RMSEA = 0.057; SRMR = 0.015). These findings show that CIA protection in smart universities emerges through structured cognitive–motivational pathways in which awareness is transformed into capability and intention, rather than through technological exposure alone.