To SPB or not to SPB? A mixed methods analysis of self-protective behaviours to prevent repeat victimisation from cyber abuse

This paper presents the findings from a mixed-methods examination of self-protective behaviours (SPBs) adopted by victims of cyber abuse from the rational choice perspective. The data from a sample of the U.S. adults (N=746\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$N = 746$$\end{document}), members of an online opt-in panel, were analysed to first distinguish the types of SPBs adopted by victims of cyber abuse using a thematic analysis of open-ended responses. We then identified the factors associated with an increased likelihood of adopting SPBs and the specific identified types of SPBs using logistic regression with Bayesian variable selection and a stochastic search algorithm. Of the six identified types of SPBs, adjusting privacy settings was the most commonly reported response, and improving security (e.g. changing passwords, etc.) was the least common SPB. Older victims who reported higher than the average perceived impact from victimisation, were abused by a stranger and experienced either surveillance of their online activities or multiple types of abuse, were significantly more likely to adopt an SPB. Our findings inform strategies for both Internet user education and for preventing cyber abuse victimisation.


Introduction
The use of the Internet and telecommunication technologies to stalk or harass adult victims, referred here as cyber abuse, is both common and often serious (Bocij 2006). According to the recent study by the Pew Research Centre, over 40% of U.S. adults experienced some form of cyber abuse at least once in their lifetime (Duggan 2017); in fact, it is now more common than face-to-face stalking and harassment (Short et al. 2014). Furthermore, cyber abuse appears to be a global problem with studies from Canada, Portugal, Taiwan, Australia, Hong Kong among others reporting high rates of victimisation (Hokoda et al. 2006;Pereira et al. 2016;Statistics Canada 2016;Vakhitova and Reynald 2014;Wong et al. 2014).
Cyber abuse can take many different forms such as "name-calling, trolling, doxing, open and escalating threats, vicious sexist, racist, and homophobic rants, attempts to shame others, and direct efforts to embarrass or humiliate people" (Duggan 2017). Other behaviours, also classified as cyber abuse, include impersonating the victim, ordering unwanted goods and services for the victim (e.g. subscribing to online pornography sites), using key-loggers to control and monitor victims, and electronic sabotage (Bocij 2006;Phillips and Morrisey 2004;Wykes 2007). The defining feature of cyber abusive behaviours is their repeated nature. Although the majority of victims of cyber harassment experience less serious forms of cyber abuse such as being called offensive names, serious abuse including physical threats and sexual harassment also occurs (Duggan 2017).
While the individual impact varies, the effect of cyber abuse on victims is often significant (Vakhitova et al. in press). Victimisation can affect many areas of victims' lives including their physical and mental health, financial status and overall well-being (Dreßing et al. 2014;Fissel 2018;Melander 2010;Sheridan and Grant 2007;Short et al. 2014Short et al. , 2015Tokunaga and Aune 2017;Worsley et al. 2016). Considering the potentially serious consequences of experiencing cyber abuse, victims are expected to be motivated to take some measures to prevent repeat victimisation, a situation where the same victim experiences another incident of victimisation of the same kind or very similar to the initial victimisation event, but in reality, only some victims do (Averdijk 2011). For example, only 40% of victims of cyber abuse in a study by Duggan (2017) blocked the person responsible for abuse from further online contact, deleted their social media profile or withdrew from an online forum. So, why is it that not all victims take measures to prevent repeat victimisation?
The research in self-protection against traditional forms of stalking and harassment is well-established and offers several empirically supported explanations for why the adoption of SPBs is not uniform (see, for example, Baum et al. (2009); Buhi et al. (2009); Gottfredson and Gottfredson (1988); Guerette and Santana (2010); Reyns and Englebrecht (2010); Thompson et al. (2018); Wilcox et al. (2007)). However, the systematic research in the area of self-protection against online forms of deviance, as pointed out by Nobles, Reyns, Fox, and Fisher (2014, p. 993)"has not developed to the point where patterns in responses to victimisation, including self-protective behaviours taken by the victim, have been clearly identified".
Understanding the nature of self-protection by victims is particularly important in the context of technologyfacilitated deviance such as cyber abuse. The traditional forms of crime prevention may not be effective or even possible in cyberspace (especially those involving traditional policing strategies like random patrols, etc.), so knowing what victims do to self-protect and why sometimes they do not do it would be particularly valuable to anyone involved in developing policies around safe technology use. Thus, this study's aims are two-fold. First, we aim to further the development of a comprehensive classification of self-protective behaviours that victims of cyber abuse adopt to prevent repeat victimisation. Then, the second aim is to identify the factors associated with the adoption of SPBs by victims of cyber abuse.
To achieve our objectives, we analyse the data from a survey of U.S. adults, members of an online opt-in panel, using a mixed-method research design: we first use qualitative thematic analysis of open-ended responses to identify specific types of SPBs adopted by victims of cyber abuse to prevent repeat victimisation, and then model the adoption of SPBs using logistic regression with Bayesian variable selection with the stochastic search algorithm. In our modelling we were guided by the rational choice theory (Beccaria 1764;Becker 1976;Bentham 1789;Browning et al. 2000;Clarke and Cornish 1985;Cornish and Clarke 1986) explaining the adoption of SPBs as an outcome of victims of cyber abuse weighing up the advantages and disadvantages of adjusting their behaviour. Here, we argue that only if the benefits of taking some precautions (evasive actions) outweigh the costs will they adjust their online activities. Please note, by definition, cyber abuse is characterised by the repeated nature of offending behaviour. This makes measuring prevention of repeat victimisation or re-victimisation a particular challenge. Traditionally, repeat victimization, or re-victimization, has been defined as an event that "occurs when the same type of crime incident is experienced by the sameor virtually the same-victim or target within a specific period of time such as a year" (Weisel 2005). However, unlike the traditional forms of crime such as burglary or assault, where it is fairly easy to identify the initial and the repeat events, the same is not true for cyber abuse. Here, we argue that the adoption of self-protection against re-victimisation from cyber abuse does not have to occur straight after the very first initial event (e.g. the first abusive email, or the first comment posted on the victim's social media page). Instead, we believe, selfprotection can occur at any point in the chain of abusive behaviours. So, for the purposes of this study, we examine any changes in the way victims interact with telecommunication technologies, occurring at any point after the very first instance of abusive behaviour targeting the same victim(s), motivated by the same grievance(s) and perpetrated by the same offender(s). Examples of such behaviours include changing passwords on social media accounts, blocking person(s) responsible for cyber abuse, withdrawing from participating in online forums, etc. Please also note, measuring the effectiveness of self-protective behaviours (i.e. whether these behaviours resulted in reduced risk of repeat victimisation) was outside the scope of this study.

Types of self-protective behaviours against cyber abuse
Due to the relative novelty of the phenomenon, the scholarship on self-protection against cyber abuse is currently limited to just a handful of studies, which nevertheless provide an important foundation for further investigation (Duggan 2017;Fissel 2018;Nobles et al. 2014;Tokunaga and Aune 2017). Using a robust methodology and a large nationally representative sample of U.S. adults (N = 4248), Duggan (2017) found that as a reaction to cyber harassment, victims were most likely to confront the person responsible online and unfriend or block that person from further online contact, report the person responsible to a website or online service, discuss the problem online to draw support for themselves, change a username, delete a profile or withdraw from an online forum. While informative, Duggan (2017) provided the respondents with a fixed list of possible types of self-protective behaviours, leaving the opportunity for some SPBs that victims adopt not being included in the analysis.
In contrast, Tokunaga and Aune (2017) employed a qualitative thematic analysis of open-ended responses describing various self-protection strategies-a research design that could, in principle, produce a comprehensive classification (taxonomy) of SPBs adopted by cyber abuse victims. The researchers analysed the data from a small ( N = 51 ) non-probability sample of victims of cyber abuse recruited from undergraduate university students and users of two popular cybercrime-victims focused web sites [(CyberAngels and Women Halting Online Abuse (WHOA)]. The analysis identified seven management strategies: (1) avoidance, (2) active technological disassociation, (3) help-seeking, (4) negotiation/threat, (5) compliance/excuses, (6) technological privacy management, and (7) derogation. Active technological disassociation, which involves the use of technology to prevent future encounters with the offending person(s), for example, adjusting the privacy settings within the social media environment, was reported as the most effective strategy as perceived by the victims. While making a significant contribution to the literature on the types of SPBs routinely employed by victims of cyber abuse, due to the recruitment and sampling approaches employed in this study, some SPBs may have been omitted.

Theoretical explanations of self-protection
The research aiming to explain self-protective behaviours by victims is extensive and offers several possible explanations. For example, Protection Motivation Theory (PMT) (Rogers 1975), which explains self-protection as a function of the perceived severity of a threatening event, the perceived probability of the occurrence, or vulnerability, the efficacy of the recommended preventive behaviour, and the perceived self-efficacy is commonly employed within the Information Systems literature to explain selfprotective behaviours by Internet users (see, for example, Tsai et al. 2016;Herath and Rao 2009). The original PMT was later modified to include costs and rewards as additional explanations of self-protective behaviours (Maddux and Rogers 1983). In criminological literature, a popular explanation of self-protection against crime, advanced by Gottfredson and Hindelang (1979), emphasised the role of the seriousness of the offence, offender's prior criminal record, and the victim-offender relationship (Akers and Kaukinen 2009;Fisher et al. 2003).
Both these approaches are clearly rooted in the rational choice perspective (RCT), which assumes that every person is a rational agent, who performs cost-benefit analysis to determine whether the action is worth pursuing (Beccaria 1764). The RCT predicts that the decision to pursue a particular course of action is more likely when the benefits outweigh the costs (Becker 1976;Browning et al. 2000;Clarke and Cornish 1985;Cornish and Clarke 1986;McCarthy and Chaudhary 2014). The RCT is a popular theoretical perspective commonly used to explain the criminal decision-making process (Loughran et al. 2011(Loughran et al. , 2016Pickett et al. , 2019Wortley and Sidebottom 2017). However, being a general-purpose theory, it is suitable for explaining decision making by any rational actor, including that by victims. When applied to selfprotection, RCT explains the non-uniform adoption of SPBs as a result of a cost-benefit analysis performed by the victim following the initial victimisation event. The theory asserts that the SPBs are more likely when the benefits of preventing repeat victimisation are perceived as higher than the costs of prevention (McCarthy and Chaudhary 2014).
As Skogan (1981, p. 37) argued, any SPB to prevent repeat victimisation is associated with some cost: "there is no such thing as cost-free crime avoidance", in a situation where the cost of SPB outweighs the anticipated cost of repeat victimisation, "it may be rational to choose to do nothing" (Skogan 1981, p. 37). To warrant an SPB, the prevention of victimisation should provide a benefit that is at least equal to or greater than the anticipated cost associated with a repeat victimisation event. This would suggest that everything else being equal, the more significant the victimisation event and the higher the perceived victim impact from it, the more likely the victim is to act to prevent repeat victimisation.

Predictors of self-protection against cyber abuse
The empirical research generally supports the expectation that those who experience more serious consequences of victimisation would be more likely to adopt SPBs (see, for example, Averdijk 2011; Buhi et al. 2009;Bunch et al. 2014;Reyns and Englebrecht 2010). This appears to be also true for online forms of deviance like cyberstalking (Fissel 2018;Reyns and Englebrecht 2010;Nobles et al. 2014). Using data from 2006 National Crime Victimization Survey's (NCVS) Supplemental Victimization Survey (SVS), Reyns and Englebrecht (2010) found that seriousness of the offence affected stalking and cyberstalking victims' decision to report their experiences to the police. In particular, cyberstalking victims were more likely to report to the police when they felt intimidated or threatened, lost time at work, and experienced a financial loss, the factors all reflective of victim impact.
Similar to Reyns and Englebrecht (2010), Nobles et al. (2014) compared self-protection by stalking and cyberstalking victims. Using a nationally representative sample (USA), the researchers identified four critical predictors of reporting cyberstalking to the police: offence seriousness, operationalised as the presence of threats and physical attacks against the victim; duration of the incident; fear of crime; and self-identifying as a victim of crime. While distinct, all four of the factors identified in Nobles et al. (2014) reflect in some form the impact of cyberstalking on its victim: it is not unreasonable to assume that a one-off incident would produce less significant impact compared with a long-term pursuit. It is also likely that someone who experiences significant fear of crime and identifies as a victim of crime is more affected compared with someone who is not. It is important to mention here that 2006 SVS survey analysed in Nobles et al. (2014) included mostly offline-types of SPBs, such as taking time off from work or school, changing or quitting a job or school, getting a gun and so on, with only one technological SPB (changing email address) included in the survey. It is not clear whether the same trends could be observed with other cyber abuse behaviours.
Notably, the studies reviewed here focused on the differences in self-protective behaviours between online and offline stalking and harassment while conceptualising cyberstalking as one uniform type of crime. However, both cyber stalking and cyber harassment can be committed using different methods, for example, by sending threatening or disturbing messages via email or by monitoring one's activities on social media, or by posting private information about the victim online. It is not unreasonable to expect that some methods may be more hurtful than others and that some methods may be easier to prevent than others. For example, it may be that direct messages are perceived as less damaging compared with public messages. Likewise, it may be easy to block the person responsible for abuse on social media, but it may be more difficult to prevent the person from posting the victim's personal information online. No research to date has examined the effect of different methods of cyber abuse on the adoption of self-protective behaviours, which leaves a significant gap in our knowledge.

The present study
The review of the literature identified a gap in our understanding of the mechanism that explains the non-uniform adoption of self-protective behaviours to prevent repeat victimisation by victims of cyber abuse. To address this knowledge gap, this study aims to answer the following two research questions: Research Question 1: What self-protective behaviours do victims of cyber abuse adopt to prevent repeat victimisation?
Research Question 2: Is there a relationship between different methods of cyber abuse experienced by victims and the adoption of self-protective behaviours?
In this study, the term cyber abuse is used as an umbrella term for such behaviours as cyber stalking and cyber harassment and is broadly defined as any behaviour that involves the use of technology to stalk and/or harass adult victims.

Methodology
To answer these research questions, we analyse the data from a large sample of U.S. adults, members of an online opt-in panel, Amazon's Mechanical Turk (MTurk), 1 that were surveyed about their experiences with cyber abuse victimisation. The research is designed as a mixedmethod study. First, we identify specific types of SPBs adopted by victims of cyber abuse to prevent repeat victimisation using a qualitative thematic analysis of openended responses. Then we model the adoption of SPBs using logistic regression with Bayesian Variable Selection with the stochastic search algorithm.

Survey instrument
To collect the information about the experiences of our respondents with cyber abuse victimisation, an online questionnaire was designed using Qualtrics online platform. Questions were developed especially for this study. The survey took no longer than 15 minutes to complete (average 6 minutes). An online survey was selected for data collection as it allows relatively easy access to a large relatively diverse pool of potential respondents and is cost-effective. 1 The survey was conducted in accordance with the ethical requirements of the Griffith University Human Research Ethics Committee (HREC) and complied with ethics guidelines set forth by the HREC recommendations. Ethics approval number: CCJ/07/14/HREC. Participants were informed that their data would be treated anonymously, no identifying information would be collected and they could withdraw from the survey at any time without providing a reason.

Sampling
The sample analysed in this study was drawn from an online opt-in panel Amazon's Mechanical Turk (MTurk). 2 The data collection took place between 19 th of May 2017 and 19 th of September 2017. We limited participation in the study to MTurk members who were at least 18-yearsold (at the time of participating in this research) and who resided in the United States. 3 In total, 1623 respondents began the survey, and 1463, or slightly over 90%, completed the survey. The participants were offered a small monetary compensation for their participation in the research (a completed survey). Only fully completed surveys were included in the final dataset analysed in this paper.
The biggest advantage of samples from online opt-in panels like MTurk is that it allows access to a large and fairly diverse pool of potential respondents (Behrend et al. 2011). The breadth and the variability of the sample are particularly important for our study as our goal here was not necessary to measure the prevalence or exact proportions of particular behaviours within the general population but instead to obtain as complete nomenclature as possible. The disadvantage, of course, is the nonprobability nature of MTurk panel with all the attendant potential for the collected sample to be biased. However, while our sample is not representative of the U.S. adult population, we can still obtain useful insights into the types of activities victims undertake to prevent repeat victimisation even if the proportions and frequencies of specific behaviours may not reflect the reality particularly well.
To identify victims of cyber abuse among those who accepted our invitation to participate in the survey, we first asked all our respondents whether they ever experienced any form of cyber abuse. We provided the respondents with a definition of cyber abuse and examples of behaviours that classify as cyber abuse. 4 Of the total number of respondents, around half ( N = 746 ) reported experiencing some form of cyber abuse. Only those respondents who reported experiencing at least one method of cyber abuse were included in the sample analysed herein.

Measurements
To identify victims who adopted SPBs to prevent repeat victimisation from cyber abuse and the specific types of SPBs, we asked our respondents whether experiencing cyber abuse caused them to change the way they use technology, and if yes, how exactly. The answers to the first question were coded into a binary variable SPB (1 = adopted, 0 = not adopted), which was used in the quantitative analysis to identify the factors associated with the adoption of SPBs (RQ2). The open-ended responses were analysed using a thematic analysis procedure to identify specific types of SPBs (RQ1).
The literature review suggests that seriousness of crime/deviance and nature of the relationship between the victims and the abuser may be important explanations of the adoption of SPBs. In this study, we measured two proxies of the seriousness of cyber abuse victimisation. First, we measured the perceived impact of crime [Imp] on the victim by asking our respondents how affected they were by the incident they experienced psychologically, emotionally, financially, or otherwise. To answer this question, the respondents picked a position on a slider anywhere between 0.0 and 2.0 (1 decimal place) where 0.0 meant the respondent was not at all affected by the abuse, 1.0-somewhat affected and 2.0-profoundly affected. Please note, we did not include any follow-up questions on how victims were affected. And second, we measured the number of different methods of cyber abuse [N of M] experienced by the victim within one incident. To be considered as belonging to one incident of abuse all methods experienced by the victims must have been motivated by the same source, perpetrated by the same individual(s), and within a limited time frame.
To measure exposure to specific methods of cyber abuse, the respondents were asked to think about the most recent or most memorable incident they emails, texts (SMS), posts on blogs, online forums and social media pages of a persistent, annoying, alarming or threatening nature; monitoring your daily activities using social media or specialized software; posting information about your online (photos, documents, videos)  experienced 5 and to select one or more specific behaviours they experienced from the list: (1) you received a text message, email or a private message via social media addressed to you personally (Method 1); (2) someone posted derogatory, embarrassing information (documents, photos, videos, etc.) about you on the Internet or distributed it to others via email, text (SMS) or other technology or someone created a website or a social media page containing derogatory or embarrassing information about you (Method 2); (3) you were subscribed to unwanted services, products, activities and you only found out about the subscription after you started to receive the services or products or were invited to participate in the activities (Method 3); (4) someone, pretending to be you, sent email or text messages or private messages on social media pages to your family, friends, co-workers, or other third parties (Method 4); (5) your daily activities were monitored by someone via social media or a tracking software (Method 5). The answers to this question were used to create five Methods of abuse variables.
To control for the potential effect of demographic characteristics on the adoption of SPBs suggested in previous research, we also collected information about our respondents' age, gender (0 = male, 1 = female), race (0 = non-white, 1 = white), and employment [Emp] (0 = unemployed, retired or a student, 1 = employed full time or part-time). We also asked our respondents whether they knew their abuser before abuse or whether they were abused by a stranger [OVR] (0 = did not know abuser, 1 = knew abuser).

Descriptive statistics
A total of 746 respondents in our sample experienced some form of cyber abuse (51%). These respondents were included in the sample analysed herein and are described in Table 1. On average, our respondents were quite young (mean age of 35 years) and predominantly female (52%), white (73%) and employed (80%). The most common method of abuse was direct abusive messages ( N = 508 ), and the least common-impersonating the victim online or through email or texts ( N = 130 ). On average, victims experienced 1.7 methods of abuse in one incident with most experiencing only one method (see Fig. 1).
The majority of cyber abuse incidents described by our respondents occurred in the context of a prior offendervictim relationship ( N = 562 ; 74.9%). The average impact reported by the victims was around 1.13 (out of max 2.00) (SD = 0.6), which can be interpreted as only slightly higher than "somewhat affected". Around 40% of victims of cyber abuse in our sample reported adopting at least one form of SPB following as a reaction to victimisation ( N = 308 , 41.3%). This is not dissimilar to findings in Duggan (2017) and Nobles et al. (2014), which employed samples, representative of the U.S. population. Please note that many victims adopted multiple SPBs within one incident of cyber abuse, which is reflected in the analyses presented in this paper.

Analytic strategies
To answer Research Question 1 we have conducted a qualitative thematic analysis of open-ended responses of victims about self-protective behaviours they adopted following cyber abuse victimisation. To answer Research Question 2 we have conducted several exploratory data analyses followed by modelling using logistic regression with Bayesian variable selection and stochastic search algorithm implemented in AutoStat ® .

Thematic analysis
The purpose of thematic analysis was to identify patterns reflective of the crime prevention mechanism of SPBs adopted by victims of cyber abuse. An approach similar to that recommended by Braun and Clarke (2006) was followed, comprising the following steps: (1) carefully reading the responses to familiarise ourselves with the data, (2) generating and applying the initial codes by documenting the apparent patterns, ((3) combining the initial codes into overarching themes, (4) reviewing the original interview data to make sure the identified themes adequately represent the data, (5) defining the themes, and finally (6)  to be included in this paper and checking whether these selected themes are representative of the data as a whole. As recommended in Braun and Clarke (2006), a reflective journal was used in the initial steps of the analysis to aid in coding. Table 4 (see Appendix A) contains an illustration of the entries in the journal and how they aided in developing the initial codes and the final themes.
To get as complete a picture of SPBs as possible, we analysed three groups of textual responses: (1) responses describing SPBs ( N = 302 ; µ = 12 words; range 1 to 102 words), (2) responses describing the actual cyber abuse event ( N = 288 ; µ = 44 words; range 3 to 196 words) and, finally, (3) responses describing the overall effect of the event on the victim ( N = 682 ; µ = 30 words; range 1 to 373 words). The coding was performed using an MS Excel spreadsheet by two independent coders with Krippendorfs's α coefficient of inter-rater agreement of 0.78 (substantial) (Krippendorff 2013). When the coders disagreed, they talked to each other to come up with a mutual decision on how to code a case.

Logistic regression with Bayesian variable selection
To identify the factors associated with the increased likelihood of adopting SPBs to prevent repeat victimisation from cyber abuse, we modelled the mechanism using a binary logistic regression with Bayesian variable selection and stochastic search algorithm implemented in AutoStat ® . The full model likelihood for a logistic regression, where there are k potential explanatory variables, can be specified as where K = {0, 1, 2, . . . , k} possible regressors (K = 0 indicates intercept term).
In deciding on the modelling approach, we took into consideration the exploratory nature of the study, the lack of theoretical guidance on exact model specification, and the benefits of statistical methods of variable selection identified in previous literature (see, for example, Raftery (1995); Vakhitova and Alston-Knox (2018); Vakhitova et al. (2016)). In the absence of previous research or strong theory, rather than treating only the model parameters as being subject to uncertainty, the model itself can also be associated with uncertainty. This approach, known as Bayesian model averaging, is a variable selection technique that treats the model as uncertain and produces a posterior distribution for the model coefficients that is averaged over a series of models, based on parameter inclusion and the probability of each model Ando (2010). Posterior distributions for coefficients for individual models are not examined in detail, as they are prone to be over-estimated in magnitude, and elude to greater effects than are reliable in future studies. Bayesian model averaging produces robust parameter estimates that are less prone to exaggeration and over-confidence in the variable affect (Hoeting et al. 1999;Madigan and Raftery 1994), and as such, the inferences from this model yield greater average predictability of the results in future studies. Importantly, this model structure does not require researchers to remove terms from the model, as coefficients associated with variables that have a minimal logit(y) | β, X, σ 2 ∼ N (β K X, σ 2 I) inclusion probability are shrunk towards zero, and as such, leaving them in the model has little impact on subsequent predictions.
As the number of parameters in the full model increases, the number of potential models can increase dramatically, with 2 k possible combinations. It is not feasible to always examine every potential model when data sets have large numbers of explanatory variables. A stochastic search algorithm is used to search the model space and determine the most likely models that can explain the outcome as well as preserving good estimation performance (Marin and Robert 2014). This approach also replaces the use of a p-value (using a Wald statistic or a measure of model fit) with an inclusion probability. This inclusion probability is based on the number of models in which the parameter is included and how probable these models are deemed. To estimate these models, we employed AutoStat ® (http://pa-group .com.au/autos tat.php).
In a Bayesian setting, the unknown parameters, β require a prior distribution to be specified to estimate their respective posterior distributions, based on the MCMC samples. In this study, we employed a G-prior (spike-slab) to enable the variable selection. A schematic diagram of the G-prior spike slab is shown in Fig. 2, indicating that the prior can take 2 states. During MCMC iterations where the coefficient is included in the model (as indicated by the stochastic search algorithm), the prior used in this posterior sample draw will be a G-prior, indicated as the "slab". Similarly, for iterations when the stochastic search does not include a coefficient, the prior used in the posterior draw is a point mass at zero (0), indicated by the "spike", resulting in a posterior draw of the coefficient that is exactly zero (0).
The g-prior (slab) for our β parameters is given by: 6 p(β | y) ∼ MVN (0, gσ 2 (X T X) −1 ) As g decreases, the prior becomes more concentrated around zero (0) and takes on a more active role in the posterior distribution specification. In this example, we set g to be equal to the sample size (the default value in AutoStat © ). For more information about the stochastic search algorithm for variable selection, and this specification of the g-prior, please see Marin and Robert (2014).

Research Question 1: What types of self-protective behaviours do victims of cyber abuse adopt to prevent repeat victimisation?
Our analyses revealed six types of SPBs victims of cyber abuse adopt to prevent repeat victimisation.

SPB 1: Adjusting privacy settings
A relatively large proportion of victims who realised they were being stalked or harassed online adjusted their privacy settings ( N = 103 ; 13.8%). This type of SPB involves adjusting privacy settings on social media platforms such as Facebook by specifying who can see one's profile information and posts. For example, it is possible to limit the circle of people who are allowed to see the posts to friends only. This SPB may be particularly effective when the person(s) responsible for abuse is a stranger.

[R0036]: I use maximum privacy settings now. When I realized this person was stalking me, I changed all the privacy settings in all of my accounts to maximum privacy.
This SPB is technically quite straightforward and does not require much effort. Adjusting the privacy settings allows leaving the victim's information online while making it visible to those trusted only: [R0131]: I limited posts to just be visible to friends only.
Overall, this SPB allows limiting the visibility of one's content to a smaller circle of trusted friends without limiting one's online activities.

SPB 2: Blocking specific contacts
This SPB is used when the source of the abuse is identified ( N = 73 ; 9.8%). It allows the victim to reduce access to herself by one or more specific individuals while still participating in online discourse and sharing the information with those trusted ones. The most common situation where blocking/deleting contacts is used is in the case of intimate partner relationship, specifically, after break up of a relationship: [R0029]: My ex would send messages from a fake account to make me angry... I let it go and just blocked those fake accounts as well as hers.
Intimate partner relationship is not the only context in which victims employ blocking the offending contact as a self-protection measure. Expressing one's political views could make you a target for those not sharing your views: Blocking specific contacts (SPB 2) is different to adjusting privacy settings (SPB 1) in that it is more targeted and is less restrictive by allowing strangers to see one's content and only blocking specific individuals believed to be responsible for the abuse. Both adjusting privacy settings and blocking specific contacts aim to reduce one's visibility to potential abusers.

SPB 3: Improving security
Another common strategy employed by victims to prevent repeat victimisation involves a variety of security measures such as changing passwords, installing antivirus and/or firewall software ( N = 42 ; 5.6%).

[R0341]: After the incident I took precautions to prevent further instances from happening by changing many of my passwords and being more selective about who I provided my information to.
The difference between this measure and the measures reducing visibility is that the increased security does not necessarily change the visibility of the information, but it does affect the way third parties can interact with said information:

[R0159]: I disabled comments on my posting across the platform.
Interestingly, for some, experiencing cyber abuse prompted learning new skills or improving general security awareness, including how to use a passcode on a phone or block certain phone number: [R0183]: I became more informed on the importance of implementing privacy settings on social media.
Unlike adjusting privacy settings (SPB 1), improving security aims to restrict access to the victim and his/ her information rather than make the victim less visible online.

SPB 4: Self-censorship
In our sample around 8% of victims of cyber abuse reported restricting their online discourse by avoiding sharing their political or other views on contentious topics to reduce the chance of repeat victimisation ( N = 57 ; 7.6%). This is a particularly interesting type of self-protective behaviour reported by the victims which involve self-censorship, or conscious withholding of one's true opinion from an audience perceived to disagree with that opinion (Hayes et al. 2005;Williams 2002). The phenomenon, also known as the "spiral of silence", has been first described by the political science researcher Noelle- Neumann (2006).
Though not yet discussed in the context of self-protection from crime (in particular, from cyber abuse), a recent study by Pew Research Centre found this phenomenon is observable in online as well as in offline environment and the respondents who used social media such as Facebook were more willing to share their views if they thought their followers agreed with them (Hampton et al. 2014 Interestingly, oftentimes, in line with Finkelhor and Asdigian (1996), the cause of abuse is not in what the victims do, but who he/she is. In these instances, self-censorship by itself may not be enough and the only way to stop the abuse may be a partial or complete withdrawal from the online discourse. Vakhitova et al. Crime Sci (2020)  In contrast to the first three discussed SPBs (i.e. adjusting privacy settings, blocking specific contacts and improving security), this SPB does not involve any management of technology used to facilitate the online discourse. No settings are adjusted and no new software is used. Instead, this SPB is all about adjusting one's behaviour concerning the use of technology.

SPB 5: Avoiding sharing personal information online
Sharing sensitive personal information can make one vulnerable to an attack. It is this sensitive information that some online abusers seem to crave. Therefore, victims who experienced abuse as a result of sharing such information online may employ this type of SPB to prevent repeat victimisation ( N = 43 ; 6.8%): [R0097]: The online community I was part of seemed like a safe, relatively isolated place, so a group of people finding my photos and posting them on their own forum to make fun of was very jarring. They were making fun of me for being fat, and it surprisingly didn't really hurt my self-esteem but it did make me retreat from being as public online. I basically stopped being an open member of the community and became a lot more anxious while being candid online.
Essentially, this SPB involves the victim restricting access to his or her private information (e.g. photos, documents, etc.) by not posting it online. This SPB is similar to self-censorship as both involve restricting the behaviour of the victim, however, these two SPBs are distinct as the types of information potentially shared online are different (personal opinion vs. private information) and therefore, the types of abusers that may find these different types of information "attractive" and therefore, the general mechanism of victimisation are likely to be different too.

SPB 6: Avoiding technology/social media
The final identified SPB is related to removing oneself from the environment in which the victim was initially abused or, at least reducing one's presence in that environment ( N = 60 ; 8.0%). Considering that the Internet and social media have become an integral part of the modern social life and completely disconnecting from it would be difficult and for some impossible, it is not surprising that this, the most radical type of SPB is not particularly popular. While appearing as the most extreme and therefore the most effective SPB to prevent repeat victimisation, the emergence of new methods of cyber abuse that do not involve the victim directly (see, for example, research on indirect cyber abuse ) and, therefore, do not require that the victim is present online mean that even the complete disengagement from any time of online activities, including the participation in online discourse, do not guarantee the absence of repeat victimisation.
To summarise, the majority of victims (62%) did not change the way they use technology following an incident of cyber abuse victimisation. Of those who did, nearly a third (27%) reported only one type of SPBs and less than 2% reported 3 or more SPBs. Of those who reported adopting at least one type of SPB, the most common SPB in our sample was SPB 1-adjusting privacy settings (13.8%), and the least common improving security (5.6%) (see Fig. 3).

Research Question 2: What factors are associated with self-protective behaviours against cyber abuse?
Table 2 7 presents correlation coefficients for bi-variate relationships for all variables of interest in this study. The coefficients suggest that all methods of abuse are correlated with SPBs. No matter the method, adjusting privacy settings (SPB 1) and avoiding technology/social media (SPB 6)-appear to be a popular option for most victims. Other SPBs appear to be more method of abuse-dependent: SPB 2-blocking contacts-does not seem to be used often by victims of indirect abuse posted online (Method 2) and those who were subscribed to unwanted goods/ services. This seems logical considering neither of these methods involves a direct offender-victim contact where blocking the offender could be an effective strategy. Similarly, SPB 3-improving security-is not used by those who are abused indirectly (Method 2) basically for the same reasons discussed earlier. Notably, SPB 4-self-censorship is also not used by victims who were subscribed to unwanted goods/services and who were impersonated online. Overall this suggests that victims generally adopted the SPBs that were most appropriate for responding to the types of cyber abuse they experienced. Figure 4 suggests victims who reported adopting SPBs were more likely to report higher than the average impact from abuse compared to victims who did not adopt any SPBs. This is in line with previous research that identified the seriousness of crime as an important factor explaining SPBs.
Further, Table 2 suggests that different types of SPBs are associated with different levels of victim impact. It appears that victims who experience higher levels of perceived impact are more likely to adopt SPB1 (adjusting privacy settings), SPB5 (avoiding sharing personal information) and especially SPB6 (avoiding technology/social media), while SPB4 (self-censorship) is not significantly associated with victim impact. Their ease of execution and availability may explain why these types of SPBs are the most popular.
Another proxy for the seriousness of crime measured in this study was the number of different methods of abuse victims experienced as part of one incident. It would not be unreasonable to expect that the higher the number of methods, the more intense and therefore more serious the abuse would be. As Fig. 5 shows, as the number of methods of abuse goes up (there are only 2 respondents who reported experiencing all 5 different methods of abuse in one incident), the proportion of victims who adopted at least one method of abuse goes up. A similar trend can be observed when we look at the number of SPBs victims adopt as a function of the number of methods of abuse they experience. Figure 6 suggests that the relationship between the number of SPBs adopted by the victim and the number of methods of abuse experienced by the victim is not linear. This observation may be explained by the fact that in our sample there are very few victims ( n = 45 ) who experienced more than 3 methods of abuse and not one victim who adopted more than 3 SPBs. Having a larger sample could help establish the stability of this observation. Figure 7 shows the proportions of victims of different methods of abuse who adopted specific types of SPBs. Several things are clear. First, the most popular type of SPB is adjusting privacy settings (SPB 1), and Method 5 (surveillance of online activities) has the highest proportion of victims who adopted at least one type of SPB. Figure 7 and Table 2 suggest a relationship between the methods of abuse and the type of SPBs adopted by victims. In particular, victims who experienced direct abusive messages (M1) were more likely to adjust their privacy (SPB1), block the person responsible for the abuse (SPB2) or self-censor (SPB4), and less likely to improve security (SPB3). In contrast, victims who experienced subscription to unwanted good/services (M3) were most likely focus on improving their security (SPB3), but not likely to try to block the person responsible (SPB2) , where, 1-adjusting privacy settings; 2-blocking contacts; 3-improving security; 4-self-censorship; 5-avoiding sharing personal information; 6-avoiding technology/social media (probably because the identity of the abuser is unknown). Victims who experienced surveillance (M5) were most likely to adjust their privacy settings (SPB1), avoid sharing personal information online (SPB5) or avoid the Internet altogether (SPB6). Those who experienced being impersonated online (M4) were most likely adjust their privacy settings (SPB1), improve their security (SPB3) or avoid using the Internet (SPB6). Table 3 presents the top five best models for explaining the mechanisms of adoption of SPBs against cyber abuse using Bayesian variable selection analysis, 8 as well as the posterior means and standard deviations for each coefficient. The best models are presented in terms of their probability of providing the best explanation for SPBs. The coefficients are presented in the order of their  associated probability of inclusion, which reflects the importance of their contribution to the overall explanatory model. The top five models have a cumulative posterior probability of nearly 60%, suggesting that the rest of the plausible models are much less likely and warrant no further investigation. Notably, the first best model (posterior probability = 24.3%) is nearly twice as likely as the second-best model (posterior probability = 13.2%). Based on the best model (Model 1) we conclude that victim's age, method of experienced abuse, level of impact and the nature of offender-victim relationship all appear to be important predictors of SPBs. Specifically, victims who experienced surveillance of their online activities were 3 times more likely to adopt SPBs than those who did not experience this method of cyber abuse. Of the other methods of cyber abuse, only being impersonated online provides a reasonable explanation of adopting SPBs, however, its inclusion probability is well below 50%, suggesting that it does not contribute to the explanation as actively as, for example being monitored online, which has an inclusion probability of 100%. Further, with each unit of increase in victim impact, the chances of adopting SPBs increase nearly 5-fold ( OR = 4.80 ), meaning that someone who has reported the impact is 2.00 (profoundly affected) is nearly 5 times as likely to adopt an SPB compared with someone who reported impact of 1.00. Further, victims who did not know their abuser were more than 2 times ( OR = 2.24 ) likely to adopt SPBs compared with those who knew their abuser. And finally, with each additional year of age, the chances that the victim adopts an SPB increase by 3% ( OR = 1.03 ). Notably, gender, race and employment status appear to not affect whether one adopts SPBs or not.

Discussion
The review of the literature revealed a gap in our understanding of the mechanisms of adoption of SPBs to prevent repeat victimisation against cyber abuse. Aiming to address this gap, this study had a dual focus: 1) to  Fig. 7 Proportions of victims of different methods of abuse who adopted different types of SPBs. Here, 1 is adjusting privacy settings; 2-blocking contacts; 3-improving security; 4-self-censorship; 5avoiding sharing personal information; 6-avoiding technology/social media establish a typology of SPBs to prevent repeat victimisation from cyber abuse, and 2) to learn more about victims of cyber abuse who adopt SPBs to prevent repeat victimisation.
Our findings suggest that a large proportion (around 40%) of victims of cyber abuse adopted at least one type of SPB following the initial incident, and many adopted multiple SPBs. This suggests that while on average, cyber abuse is often not serious enough to warrant preventive action, in some circumstances and for some victims it is. Our study focused only on changes in behaviour in relation to the use of technology, so with this in mind we identified only six different types of SPBs victims use to prevent cyber abuse, including (1) adjusting privacy settings, (2) blocking abusive contacts, (3) improving security, (4) self-censorship, (5) avoiding sharing private information, and finally, (6) avoiding technology/ social media altogether. We found that adjusting privacy settings was the most popular and improving security was the least popular SPB with the victims in our sample. These findings are not dissimilar to the previous literature, in particular, the study by Tokunaga and Aune (2017). Future research using a large probability-based sample should provide further evidence needed to develop a comprehensive typology of SPBs in the context of technology-generated crime and deviance.
Our study was able to provide some new insights into the factors associated with the adoption of SPBs to prevent repeat victimisation from cyber abuse. Using our data, being older, significantly affected by the event and  2. What did the abuse entail?
The victim was sent a large number of threatening and insulting messages via her social media account.
3. What did the victim do to prevent repeat victimisation The victim has blocked the abuser in social media.
4. Any additional steps the victim undertook as a precaution? The victim also adjusted her social media account's privacy settings to be visible to friends only.
5. What did the victim try to accomplish?
The goal was to block the abuser from accessing the victim.
6. How was this goal accomplished? By reducing the accessibility of the victim and reducing the visibility of the victim's social media account.
abused by a stranger are significant predictors of SPBs. In line with previous literature, we found that seriousness of victimisation, operationalised in our study as victim impact and number of methods of abuse experienced by the victim, is an important factor predictive of the adoption of SPBs. This finding further supports the rational choice perspective's assumption that victims engage in cost-benefit analysis when deciding "to SPB or not to SPB" and that the adoption of SPBs is more likely when the anticipated cost of repeat victimisation is significant. Also, in line with the rational choice's ideas of cost-benefit analysis, we found that SPBs that appear to be less costly in terms of the required effort and the associated loss of utility are more popular than the costlier types. In particular, we found that a fairly straightforward SPB of adjusting privacy settings is a more common SPB than for example, fully disengaging from the online discourse by avoiding the use of technology. Interestingly, the type of method of abuse experienced by the victim was also found to be predictive of SPBs. Our findings suggest that victims who experienced surveillance of their online activities and to a lesser degree, someone impersonating them online to be much more likely to act to prevent repeat victimisation than the victims of all other examined methods of abuse. This is an important finding as previous research mostly compared SPBs adopted by victims of offline and online forms of stalking and did not examine the effect of specific types of abuse of the likelihood of adopting SPBs. Our study provides the first evidence that variation of deviance type within one crime category (i.e. cyber abuse) is an important factor that determines whether a victim is likely to adopt an SPB or not. We suspect this effect is explained by the intrinsic characteristics of the specific method of abuse that make it somehow more or less unbearable and is probably at least somewhat related to the seriousness of the abuse. Significant positive (albeit quite weak) correlations between victims impact and Method 4 (online impersonation) and Method 5 (surveillance) (see Table 2 seem to support this suggestion. It is possible that being monitored may be particularly unpleasant due to the uncertain and potentially more dangerous consequences. It is, however, possible that the reason for this finding is in the ease of implementation of SPBs designed to prevent these specific methods of abuse. For example, it may be easier to prevent your online activities being followed by managing your privacy settings on social media, however, it may be much more difficult to preclude someone from posting your personal information (e.g. nude photos) online where external social control or law enforcement entities may have to be involved. 9 Further investigation of this finding is warranted.

Limitations
Our findings should be interpreted in light of the limitations of this study. First, considering the non-probability nature of our sample, we cannot generalize the findings to our target population (i.e. adult U.S. residents). Second, the data analysed in this study is based on self-reports of victims of cyber abuse and may suffer from several potential biases, recall issues and other issues common for this type of data. We note however that compared with traditional methods of data collection, such as face-toface or phone interviews, online surveys are associated with reduced interviewer-induced measurement errors and social desirability bias (Baker et al. 2010;Chang and Krosnick 2009;Kreuter et al. 2008;Sue and Ritter 2012). Third, the cross-sectional nature of the design of this study means that we could not establish whether the adoption of self-protective behaviours influences the risk of re-victimization. Fourth, while a clear improvement on previous research that focused on developing a typology of SPBs in cyberspace in terms of the sample size and the diversity of respondents included in the sample (research by Tokunaga and Aune (2017), for example, employed a small sample of only 51 subjects drawn from university students and Facebook participants), the non-probability nature of our sample means that some SPBs used by the individuals that are underrepresented (for example, nonwhites) or possibly not represented at all in our sample may be missing from our findings. And finally, using our research design, we cannot tell whether the reason why some methods of cyber abuse are associated with higher rates of adoption of SPBs than others is due to the ease of implementing or availability of appropriate SPBs. With previous research mostly focusing on the benefit of preventing repeat victimisation part of the rational choice-based explanatory model of the adoption of SPBs, estimating the effect of ease of implementation and/or availability of different types of SPBs would significantly improve the overall by adding the cost of preventive action part of the equation.

Conclusion
In conclusion, this study examined an under-researched issue, the adoption of self-protective behaviours by victims of cyber abuse to prevent repeat victimisation. Using a mixed-method approach, it focused on improving our knowledge about who adopts SPBs, what kind and under what circumstances. This study contributes to the overall knowledge base in two ways. First, we proposed a new typology of self-protective behaviours adopted by victims of cyber abuse to prevent repeat victimisation from cyber abuse. And second, we identified several factors, mainly in line with previous research, that are important predictors of self-protective behaviours in the context of technology-driven deviance. The findings from this study have direct practical application for developing crime prevention strategies against cyber abuse and would be useful for anyone involved in providing advice to victims, including support centres and law enforcement. Our findings could be used to educate victims about the types of SPBs available to them to prevent repeat victimisation.
This study could be extended in several potentially fruitful directions. First, as the data are cross-sectional, we could not establish whether the adoption of SPBs actually influences the risk of repeat victimisation. Future research utilising an experimental or longitudinal design should examine the effectiveness of SPBs against repeat victimisation from cyber abuse. It would also be interesting to compare different SPBs in terms of their effectiveness or otherwise. And second, while it is clear from our findings that some SPBs are more popular than others, it is not clear what part of their popularity is explained by the availability of particular technological tools vs. ease of use. This is particularly relevant to SPBs involving things like privacy maintenance, improving security, etc. Future research should examine the SPBs' ease of use/availability dichotomy. The findings would be critical to the development of new social media software that makes it easy for its user to self-protect.