Investigating Users’ Experiences with The Internet of Things (IoT) and Their Awareness of IoT Privacy and Security In Saudi Arabia

Abstract

This research study investigates how Saudi household users form perceptions of Internet of Things (IoT) privacy and security and how those perceptions translate into protective behaviour. Building on an integrated theoretical lens that combines the technology acceptance model (TAM), the theory of planned behaviour (TPB), the unified theory of acceptance and use of technology (UTAUT), and the protection motivation theory (PMT), this study proposes a user-centred framework. Determinants are organised into four domains: (i) individual (IoT awareness, IoT Knowledge, previous experience, relative advantage); (ii) IoT security and privacy (privacy concern, security concern, perceived security threat, cybercrime consciousness, trust); (iii) cultural and social (subjective norms, peer influence, cultural values); and (iv) government and policy (regulation, cybersecurity policies, regulatory compliance). The framework specifies user perceptions related to IoT use, privacy, and security (UPRC) as the mediator and privacy- and security-related protective behaviour as the outcome.

A cross-sectional online survey of academic and administrative staff in four western Saudi universities yielded 396 valid responses. Data were analysed using variance-based structural equation modelling (PLS-SEM). The measurement model satisfied accepted thresholds for indicator loadings and internal consistency (α and composite reliability [CR] ≥ .70), convergent validity (AVE ≥ .50), and discriminant validity (HTMT and Fornell–Larcker). The structural model explained 67.8% of the variance in UPRC and 45.2% of the variance in protective behaviour. Cybersecurity policies and trust emerged as the strongest positive antecedents of perceptions, whereas privacy concern, security concern, and perceived security threat exerted the strongest negative effects. User perceptions significantly predicted protective behaviour. Moderation analyses indicated that the perception-to-behaviour link was stronger among female, older respondents, and those with higher academic qualifications; income and experience did not alter this relationship. Relative advantage and product-level compliance signals did not retain unique effects once other determinants were controlled.

The findings demonstrate that credible, visible policy assurances and trustworthy device practices are pivotal for improving favourable perceptions and converting them into everyday protective actions. This study contributes an empirically supported model that merges adoption and protection into a single explanatory account for domestic IoT use in Saudi Arabia. Practically, the research offers guidance for policymakers (make safeguards legible at the point of choice), designers (privacy-by-default interfaces with transparent updates and Arabic family profiles), and educators (targeted, task-level prompts that build efficacy). Methodologically, this study provides a validated instrument and a replicable modelling approach for future research on UPRC and protective behaviour in connected homes.