Cybercrime target exposure, suitability, personality and victimization: A longitudinal approach

This study utilizes the routine activity theory as a framework to examine if workplace social media usage, compulsive internet use, online aggression and personality traits are related to an elevated risk of cybervictimization. We leveraged 7-wave longitudinal survey data from the Finnish working population (N = 650) and employed multilevel, mixed-effects logistic regression to analyze fixed effects of in-between variables. Our findings reveal that target exposure, suitability and the personality trait of openness had a positive relationship with cybervictimization. We observed fluctuations in cybervictimization across the observation points, although the temporal pattern did not follow a linear trajectory. The results underscore the importance of longitudinal studies on victimization and advocate additional research on cybervictimization within the working population. This study also emphasizes the need for the integration of established theories to augment our comprehension of the fundamental factors influencing cybervictimization.


Introduction
Over the past few years, rapid and unforeseen societal changes have altered individuals' daily routines, ultimately affecting both protective and risky behaviours that can expose them to crime in the digital realm.These changes have created new opportunities for offenders to engage in illicit activities, whether offline or in online realms (Buil-Gil, 2021;Cohen & Felson, 1979).We have witnessed a rapid acceleration in digitalization in the past decades that has been further intensified by the COVID-19 pandemic since 2020.Together, these events have swiftly transformed societal structures and people's routines related to work locations, the execution of private tasks, maintaining contact with existing friends or forging new online friendships.Such drastic changes in our routines are increasingly exposing us to online criminals (Awan et al., 2021;Ojala & Pyöriä, 2017;Ozimek, 2020;Soto-Acosta, 2020;Teubner & Stockhinger, 2020).The current study scrutinizes this transformation and its impact on cybercrime victimization by Mikkola, Kaakinen, Savela, Oksa, Savolainen and Oksanen, Advance access (2024) 2 employing an integrative approach and longitudinal survey data.
Due to digitalization, corporations, governmental entities and enterprises have induced individuals with contemporary technologies to maintain and enhance communication with friends, colleagues and clients (Brynjolfsson et al., 2020;Buil-Gil et al., 2021;Calderon-Monge & Ribeiro-Soriano, 2024;Monteith et al., 2021;Ozimek, 2020).In numerous nations during the COVID-19 pandemic, citizens were mandated to remain indoors during curfew hours to circumvent physical interactions with others, thereby enforcing social isolation (Oksanen et al., 2020a;Subudhi & Palai, 2020).To mitigate the negative impact of such isolation and feelings of loneliness, individuals amplified their utilization of social media tools (Awan et al., 2021;Nimrod, 2020;Subudhi & Palai, 2020).Furthermore, the pandemic led to a situation in which employees were introduced to an array of novel enterprise communication tools to sustain contact with personal acquaintances, colleagues, customers and business associates, either on their personal or employer-provided devices (Buil-Gil et al., 2021;Oksa et al., 2020).
Unfortunately, these changes, some of which were unforeseen due to the sudden virus outbreak and quick actions taken to mitigate it, drew the attention of cybercriminals and other online malefactors (Buil-Gil et al., 2021;Lallie et al., 2021;Nivette et al., 2021;Oksanen et al., 2020b).Cybercriminals, individuals committing criminal acts online, both in the past and present, have leveraged evolving technologies and methods to perpetrate novel forms of cyberattacks, regardless of whether they are targeting technological systems or individuals utilizing internet services (Europol, 2020;Lallie et al., 2021).For instance, cyberattacks may involve the impersonation of public authorities in deceptive emails and text messages disseminated to millions of individuals (Europol, 2020;Lallie et al., 2021).Moreover, cybercriminals target vulnerable systems of critical national infrastructure by gaining unauthorized access using stolen identities and passwords from employees (Buil-Gil et al., 2021;Knapp, 2011;Lallie, 2021;Nurse, 2019).
Cybercrime is a multifaceted phenomenon, as cybercriminals can attack individuals directly or indirectly using different types of tactics to achieve their goals (Hawdon, 2021).Cybercrime encompasses criminal activities facilitated by technology, which can be classified as either cyber-enabled or cyber-dependent (see Choi et al., 2020).Cyber-enabled and cyber-dependent crimes use information and communication technology (ICT) as a tool for committing offences, such as technology-facilitated sexual violence, but unlike cyber-dependent crimes, cyber-enabled can be committed without the use of ICT.In contrast, cyber-dependent crimes, such as hacking, rely entirely on technology and do not exist without it.Cybercrime is a broad term that includes a variety of offences, ranging from cyber-dependent hacking to cyber-enabled fraud, online harassment and sexual abuse (Bossler & Berenblum, 2019).A common factor in various types of cybercrimes is the significance of ICT in victimization, which necessitates identifying risk factors in technology-mediated environments.
Existing academic research and law enforcement agency studies indicate an increase in the number of deceptive emails or malware attacks since the onset of the pandemic (Buil-Gil et al., 2021;Europol, 2020;Gallagher & Brandt, 2020;Lallie et al., 2021;Shi, 2020).Academic research into cybercrime victimization has also seen a substantial increase over the past few decades.Most of the studies on cybercrime victimization focus on specific types of cybercrime, while others combine different types of cybercrime into one category (Ho & Luong, 2022).However, their bibliometric analysis revealed that longitudinal studies on cybercrime victimization are less prevalent than cross-sectional approaches.Additionally, the application of the Big Five personality traits is notably limited in extant academic studies related to cybercrime (van de Weijer & Leukfeldt, 2017), even though one's personality features can influence one's likelihood of becoming exposed to crime.The Big Five framework is a widely recognized model for characterizing an individual's personality traits, consisting of five main traits: extraversion, agreeableness, conscientiousness, openness to experience and neuroticism (Digman, 1990;John, Naumann & Soto, 2008).
Our study sought to address these research gaps by applying routine activity theory (RAT) and examining the personality traits of openness and conscientiousness within the framework of the Big Five personality theory, as previous research has indicated a positive association between openness and victimization, while conscientiousness does not exhibit such a relationship (van de Weijer & Leukfeldt, 2017).We are also applying social media use at work, compulsive internet use, and online aggression to study whether they are related to the increased risk of cybercrime victimization among the Finnish adult population.In our study, we address the phenomenon of cybercrime victimization using a 7-wave longitudinal survey data set among the Finnish working-age population, integrating personality traits with online behaviour.The longitudinal findings enrich the body of research and theories on cybercrime victimization and bear practical implications for the development of victimization prevention programs.

Cybercrime and cybercrime victimization
Cybercrime refers to a crime committed using network-enabled devices such as computers or smartphones and targeting national or international institutions or individuals around the globe (Arshey & Angel Viji, 2021;Burton et al., 2022;Marcum & Higgins, 2019).On an individual level, cybercrime takes many distinctive forms, such as sending computer viruses and phishing attempts via email, leaving threatening messages on social media platforms, online defamation, identity theft and cyber romance scams (Arshey & Angel Viji, 2021;Ho & Luong, 2022;Näsi et al., 2015;Reyns, 2013).
Unlike crime in the physical world, crime occurring in the digital world does not have physical or geographical boundaries.This means that a criminal act can be conducted regardless of the physical location of the criminal or crime target (Buil-Gil et al., 2021).As our daily routines shift from the physical world to the digital world, criminals seem to follow their targets similarly.Thus, according to Miró-Llinares and Moneva (2019), increased use of the internet and its services may be associated with a shift of crime from the physical to the digital world.In addition, fast-paced societal and individual routine changes seem to have created new illicit opportunities for cybercriminals (Buil-Gil et al., 2020;Hawdon et al., 2020;Lallie et al., 2021).
It is difficult to define the actual number of cybercrime victims, but the figures of cybercrime victimization seem to be on the rise (Hawdon, 2021;Ho & Luong, 2022;Näsi et al., 2015).In general, individuals of a younger demographic, particularly males, are at a heightened risk compared to females, with notable exceptions, such as cyberromance scams or instances of sexual harassment, where females are more susceptible to victimization than their male counterparts (Ho & Luong, 2022;Whitty & Buchanan, 2012).Academic research has already noted how traditional crime shifted to cybercrime prior to and during the pandemic (e.g., Meško, 2018;Miró-Llinares & Moneva, 2019;Plachkinova, 2021).Thus, cybercrime is not just a prevalent issue occurring now but also an emerging problem of tomorrow (Buil-Gil et al., 2021;Europol, 2022).
Existing research indicates that young individuals are more frequently victims of cybercrime, primarily because they tend to be more active online users than other age groups (Kokkinos & Antoniadou, 2019;Näsi et al., 2015;McLaughlin et al., 2012;Oksanen & Keipi, 2013).However, as adults age, they become more susceptible to specific cyber threats, such as computer viruses and defamation (Ngo & Paternoster, 2011).Gender also plays a role in cybercrime victimization, with males being more prone to cybercrime in general, while females are likelier to experience online harassment (Marcum et al., 2010;Moneva et al., 2020;Näsi et al., 2015).
Factors such as high exposure to online criminals, close proximity to them, and the attractiveness of the target significantly contribute to online victimization (Herrero et al., 2021;Marcum et al., 2010;Näsi et al., 2017;Vakhitova et al., 2019;van Wilsem, 2013).It has also been noted that it is riskier to interact with strangers online than with friends and family (Vakhitova, 2016).Furthermore, compulsive internet use is linked to a higher risk of falling victim to online crimes.This is primarily because individuals with compulsive online behaviour are likelier to encounter strangers on the internet, thus exposing themselves to online criminals (Gámez-Guadix et al., 2016;Marttila et al., 2021).
An individual's personality traits have been found to decrease or increase the risk of cybercrime victimization.For instance, individuals with high impulsivity scores have been found to be at greater risk of victimization than others (e.g., Gottfredson & Hirschi, 1990;Tagney et al., 2018).The Big Five is a popular framework for describing individuals' personalities (John & Srivastava, 1999), and it has been used in previous victimization studies (e.g., Liu & Campbell, 2017;van de Weijer & Leukfeldt, 2017;Zhou, Zheng & Gao, 2019).
Existing studies suggest that individuals who are open to online experience, as per the Big Five personality traits, are likelier to become victims of cybercrime.Conversely, those who score high on conscientiousness are less likely to be victimized (van de Weijer & Leukfeldt, 2017).The finding can be seen challenging an earlier study from Wilcox et al. (2014), who argued that neither agreeableness nor conscientiousness have significant direct effects on victimization.A prior cross-sectional study found an association between professional social media use and cyberbullying victimization (Oksanen et al., 2020b).However, to the best of our knowledge, there are no prior studies investigating the association between cybercrime victimization and social media use at work.

Routine Activity Theory
Academic research into cybercrime victimization has drawn upon a diverse array of established theories from the fields of criminology, psychology and social psychology.These include but are not limited to, RAT (Cohen & Felson, 1979) and the general theory of crime.Even though some of these theories were formulated prior to the advent of the internet, they have demonstrated their efficacy in elucidating cybercrime victimization and the apprehension associated with cybercrime (e.g., Cook et al., 2023;Felson, 2016;Herrero et al., 2021;Kaakinen et al., 2018;Kokkinos & Antoniadou, 2019;Kranenbarg et al., 2019;Moneva et al., 2020;Ren et al., 2017).
RAT is a situational theory, according to which the likelihood of crime in the digital world can be determined by the theory's three key elements: the target's suitability, exposure to offenders and lack of guardianship (Cohen & Felson, 1979;Felson, 2016;Wachs et al., 2021).According to RAT, a situation where crime is likeliest to occur is created by the daily routines of a suitable target.Crime also requires an opportunity, as the motivated offender cannot commit a crime unless an opportunity presents itself to the offender.These opportunities are socially structured and vary across individual's daily routines (Madero-Hernandez & Fisher, 2012).The routines of an individual can be seen as a set of repetitive practices or behavioural patterns in their everyday lives that help individuals navigate and control their social environment (Reckwitz, 2002).One pitfall of these practices is that they can create opportunities for malicious actors to commit their criminal deeds (Cohen & Felson, 1979).Thus, according to RAT, crime does not occur randomly but rather follows the routine patterns and practices of individuals in social life (Cohen & Felson, 1979;Marcum, 2008).
Even though RAT was originally developed before the time of the internet, online criminal activities can be seen to follow the same principles as crimes committed in the physical world, regardless of time Finnish Journal of Social Research, Advance access (2024) and the distance between the offenders and the targets, as they are immaterial in the online environment (Felson, 2016;Leukfeldt & Yar, 2016;Meško, 2018).Thus, RAT has retained its popularity among scientists and is widely used to explain cybercrime victimization (Bossler & Holt, 2009;Choi, 2008;Holt et al., 2020;Marcum et al., 2010;Marttila et al., 2021;Näsi et al., 2017;Reyns, 2013;Vakhitova et al., 2019).Closely associated with RAT (Cohen & Felson, 1979) is the lifestyle-exposure theory of victimization (LET; Hindelang et al., 1978).Both theories emphasize an individual's lifestyle and everyday routines.We recognize that both theories could have been applied to our research, but because our approach focuses on overall changes in routines at the societal level and because we also apply variables other than exposure to risky routines, we used RAT because it is more general and applicable to our approach to cybercrime victimization.

Big Five framework
According to psychological and social psychological theories, an element of the risk of victimization is attributed to the human connections we establish and foster, both in the digital realm and in the physical world (Kendrick et al., 2012;Turanovic et al., 2014;Turanovic et al., 2016).The desire for interpersonal attachment and the cultivation of friendships, as posited by Baumeister and Leary (1995), are integral components of human sociality and motivation.Thus, to avoid loneliness, we tend to keep the company we have or to seek new, meaningful relationships.Being in contact with known friends might act as a form of shield against the threats of the online world, whereas being in contact with unknown people constitutes a higher risk of cybervictimization (Cohen & Felson, 1979;Wachs et al., 2021).
The personality dimensions of the Big Five, derived from natural-language descriptions people use to describe themselves and others, provide a general taxonomy of personality traits.The framework integrates various systems of personality description without implying that personality can be reduced to just five traits.Each of these dimensions encapsulates numerous specific personality characteristics (John & Srivastava, 1999).These dimensions are agreeableness (trust, straightforwardness, altruism, compliance, modesty and tendermindedness), conscientiousness (competence, order, dutifulness, achievement-striving, self-discipline and deliberation), extraversion (gregariousness, assertiveness, activity, excitement-seeking, positive emotions and warmth), neuroticism (anxiety, anger, hostility, depression and self-consciousness), and openness (ideas, fantasy, aesthetics, actions, feelings and values; John & Srivastava, 1999).
In recent decades, because of the development of digital technology and online services, people have turned their attention to maintaining existing relationships and forging new ones online to ease the burden of loneliness or alleviate feelings of isolation.Of the Big Five personality traits, openness has been found to be a strong predictor of social media activities, especially interactions with others.In contrast, the trait of conscientiousness has shown less correlation with social media activities, potentially reducing the risk of victimization (Liu & Campbell, 2017;van de Weijer & Leukfeldt, 2017).Staying connected with family, relatives and known close friends might reduce the risk of online victimization.Conversely, seeking new online friends among previously unknown people or living a long way from one's friends could potentially increase the risk of victimization (Kendrick et al., 2012;Turanovic et al., 2014;Turanovic et al., 2016).One of the study's aims was to examine the correlation between social media usage and cybervictimisation.Consequently, we opted to integrate only conscientiousness and openness from the Big Five personality framework into our study because, in a previous study, openness was found to be positively associated with cybercrime victimization, while conscientiousness was found not to have a similar association (van de Weijer & Leukfeldt, 2017).

This study
This study uses longitudinal national data gathered prior to and during the pandemic era when the Finnish workforce went through a rapid change in how individuals carry out their daily lives.We examine how online crime targets' exposure to motivated offenders and targets' suitability for online offenders affect individuals' cybercrime victimization risk.Existing studies have found openness to be related to having a large network of friends, but these friendships lack closeness.Conscientious individuals have fewer friends, but the friendship quality is better, and they have less conflict with their friends (Harris & Vazirem, 2016).In accordance with RAT, close friends can decrease, and unknown new friends can increase the risk of online crime victimization (Cohen & Felson, 1979;Wachs et al., 2021).
Some previous studies using cross-sectional and longitudinal data have shown that a target's exposure and suitability can increase the risk of online victimization (Herrero et al., 2021;Marcum, 2008;Marcum et al., 2010;Näsi et al., 2017;Vakhitova et al., 2019), while others have shown that exposure to offenders does not increase the odds of cybervictimization (Wick et al., 2017).Therefore, we will assess whether exposure and suitability are positively related to victimization.

Hypothesis 1 (H1): Social media use at work, compulsive internet use and aggressive internet communication are related to an increased risk of cybercrime victimization.
The personality trait of openness from the Big Five framework has been found to be a strong predictor of social media activities; thus, it has been found to increase the risk of cybercrime victimization (Liu & Campbell, 2017).Conversely, conscientiousness from the same framework has been found to correlate less with social media activities and, therefore, lower the risk of victimization (Liu & Campbell, 2017).
Hypothesis 2 (H2a and H2b): Personality factors are associated with cybercrime victimization.We expect that conscientious individuals have a lower risk of victimization (H2a), and individuals with a higher openness score (H2b) are likelier victims.
Age and gender have been found to be related to the risk of cybercrime victimization, depending on the type of cybercrime.We expect, based on existing studies, that younger people, especially males, are likelier to be victimized online than older people and females (e.g.Meško, 2018;Ngo & Paternoster, 2011).
Hypothesis 3 (H3): Younger people are more prone to be victimized online than older people.
Hypothesis 4 (H4): Men are more prone to be victimized online than women.

Method Participants and procedure
The study participants took part in the longitudinal Social Media at Work in Finland Survey, which targeted the Finnish working population living in mainland Finland.The baseline survey was collected in March-April 2019 in collaboration with Norstat Finland.Respondents were drawn from Norstat's participant panel, which is the largest in Finland.The response rate was 28.31% (Latikka et al., 2022;Oksa et al., 2021).Follow-up surveys of the same respondents were collected in September-October 2019 (second time point, T2: N = 1,318).T2 is the starting point of this study, as a cybercrime victimization measure was added to the second wave of the study.Data collection continued in March-April 2020 (T3: N = 1,081), September-October 2020 (T4: N = 1,152), March-April 2021 (T5: N = 1,018), September-October 2021 Finnish Journal of Social Research, Advance access (2024) (T6: N = 982), March-April 2022 (T7: N = 932) and September-October 2022 (T8: N = 921).In T4, all the original respondents from T1 were invited to participate again.Our analysis focused on those participants who responded to all follow-up surveys (T2-T8) without any additional exclusion criteria.The data from T2 to T8 thus included 4,550 observations from 650 participants.
The study participants were 42.46% female and aged between 18 and 64 years (M = 44.70,SD = 10.82).Out of the participants, 18.46% worked in the service sector; 16.31% in health and welfare; 14.31% in business, communication and technology; 14.00% in raw materials and manufacturing; 10.92% in retail and transportation; 10.15% in education; 6.92% in public administration; 5.38% in construction and 3.54% in other sectors.Geographically, participants came from all the regions of mainland Finland: 36.46% from the Helsinki-Uusimaa area, 21.23% from Southern Finland, 23.08% from Western Finland and 19.23% from Eastern and Northern Finland.Based on the representativeness analysis (e.g.Latikka et al., 2022), the sample characteristics generally matched the working population in Finland, and no major biases were found during the longitudinal study.Dropout analysis showed that participants who responded to all survey waves were more often highly educated, male and older compared to the official statistics of Finland's average working population (Latikka et al., 2022).We used analytical weights to fix the sample biases.The data and code used will be available upon a reasonable request from the authors of this research paper.

Measures
The dependent variable, cybercrime victimization, was measured using the question, "Has someone committed a crime against you online during the past six months?" with a yes or no response at data collection points T2-T8.If the participants answered yes, they were then asked to choose the type of online crime committed from a list.Options on the list were as follows: (1) slander or defamation of your character, (2) coercion or a threat of violence, (3) identity theft, (4) fraud, (5) sexual harassment and ( 6) other.Seven independent variables from our data were selected.Participants were given the option to select multiple choices.All independent variables showed acceptable inter-item reliability (McDonald's omega).
Exposure to a motivated offender.According to previous studies, an increased risk of online victimization is associated with the time individuals spend on the internet or the provision of private information on social media (Marcum, 2008;Marcum et al., 2010;Ngo & Paternoster, 2011;Näsi et al., 2021).We measured targets' exposure to a motivated offender by looking at respondents' reported use of work-related social media platforms and tools with the question, "How often do you use social media to keep in touch with your colleagues or work community?"The answer options for work-related social media use were: (0) I don't use it, (1) less than weekly, (2) weekly, (3) daily and (4) many times a day.The omega reliability coefficients showed good internal consistency for social media use at work (0.79-0.89 for T2-T8).
Target suitability.The chosen personality traits of openness and conscientiousness were measured with items included in the 15-item Big Five Inventory (Hahn et al., 2012).Personality was only measured at the third time point (T3), as personality is regarded as quite stable for working-age adults over shorter periods of time (Cobb-Clark & Schurer, 2012).Moreover, personality trait profiles have been found to be quite stable across mid-adulthood (Kinnunen et al., 2012).For both traits, we created a 3-item sum variable ranging from 3 to 21.Higher scores in conscientiousness and openness indicate higher levels of that personality trait.The omega reliability coefficients showed acceptable internal consistency for conscientiousness (0.69) and openness (0.72).
Compulsive internet use was measured using the Compulsive Internet Use Scale (CIUS; Meerkerk et al., 2009).The CIUS does not consider the internet itself to be addictive to its users, but rather the services the internet offers, such as social media or other types of online activities.The higher the CIUS score, the higher the risk of online victimization (Dihr et al., 2015;Griffiths, 2000).In existing studies, a high CIUS score has been associated with a higher risk of cybercrime victimization and risks associated with online gambling (Kokkinos & Antoniadou, 2019;Oksanen et al., 2019).In our study, compulsive internet use was measured using an instrument that consists of 14 measurable items ranging from 0 (Never) to 4 (Very Finnish Journal of Social Research, Advance access (2024) often).A higher CIUS score indicates a high level of compulsive internet use.The omega reliability coefficients showed good internal consistency for compulsive internet use (.86-.88 for T2-T8).
Offensive or threatening messaging against others online was assessed with the question, "How often during the past six months have you sent messages on social media that offend or threaten other users?" The answer options for the use of threatening messages were (0) never, (1) every now and then, (2) monthly, (3) weekly and (4) daily.A dichotomous variable (0 = never, 1 = sometimes) was created based on the answers.
Age and gender.Age was measured by asking about the participant's ages.Only respondents aged between 18 and 65 years were accepted into the study.Age was treated as a continuous variable.The gender variable was measured by asking the participant's gender, with the options (1) male, (2) female and (3) other.None of the respondents chose option (3) other.

Statistical techniques
Descriptive statistics and correlations of the study variables are detailed in Tables 1 and 2. We performed the statistical analyses in two different stages using Stata/IC 16.1 software.First, we used multilevel mixed-effects logistic regression to analyze associations between RAT-related variables and cybercrime victimization (Table 3).In the mixed-effects logistic regression models, variables at Level One (Within-Subjects Level) and Level Two (Between-Subjects Level) were included.Level One variables consisted of time-varying risk factors, such as social media use at work, compulsive internet use and aggressive internet communication.Level Two variables included more static individual characteristics such as age, gender, personality traits, openness and conscientiousness.Then, we analyzed the fixed effects of withinlevel variables (social media use at work, compulsive internet use and sending offending messages).These results are presented in Table 4. Fixed-effects regression controls for static between-individual differences allowed the analysis to focus on within-individual temporal variability in the studied risk factors and cybercrime outcomes.
For our models, we report odds ratios (OR), statistical significance (p) and robust standard errors adjusted for the clustering of observations within individuals.Our models included random intercepts and random slopes for time, with an independent covariance structure.For the random parts of our models, we reported standard deviations and 95% confidence intervals.Additional robustness checks were conducted with multilevel, fixed-effect logistic regression, including all time-varying predictors to adjust for potential between-person selectivity.Mikkola, Kaakinen, Savela, Oksa, Savolainen and Oksanen, Advance access (2024) 10
In line with our first hypothesis, we found that individuals who use social media more often than others at work were at higher risk of cybercrime victimization (OR = 1.34, p < 0.001).Also, individuals scoring high points for compulsive internet use (OR = 1.40, p = 0.002) were more often at risk of victimization than others.Sending aggressive messages over the internet had a significant impact on an increased risk of cybervictimization (OR = 9.64, p < 0.001).
In the second hypothesis (H2a), we assumed conscientious individuals to have a lower risk of victimization and individuals scoring higher points for openness (H2b) to have a higher risk of victimization.According to the results, participants who had a higher score for openness (OR = 1.62, p = 0.012) were likelier to be victimized.We found no statistically significant difference in conscientiousness (OR = 0.90, p = 0.494).
In line with the third hypothesis (H3), younger individuals were at a higher risk of cybercrime victimization than older individuals, as the risk decreased with age (OR = 0.97, p = .049).However, contrary to H4, gender was not related to victimization (OR = 1.16, p = 0.665).
Additional robustness checks were conducted with compulsive internet use, social media use at work and aggressive internet communication.According to the results of the fixed effects analysis, compulsive internet use was no longer significant (OR = 1.02, p = 0.879), whereas both social media use at work (OR = 1.26, p = 0.023) and aggressive internet communication (OR = 3.94, p < 0.001) remained significant.

Discussion
This study utilized RAT to examine how social media use at work, compulsive internet use, online aggression and personality traits are related to an increased risk of cybercrime victimization.In our longitudinal study of the Finnish adult workforce, the focus was on how online crime targets' exposure to, and suitability for, online offenders' effects on individuals' victimization risk while the workforce was going through major changes in the concepts of work.
The findings of the study support our first hypothesis that exposure to online offenders is related to cybercrime victimization.The more individuals use social media services and the more aggressively they behave, the higher the risk of victimization.According to the results, compulsive internet use was not associated with an increased risk of victimization after accounting for interpersonal differences.It could be that mere extensive time spent on the internet does not increase the victimization risk, but the quality of activities remains the key factor.
Regarding Hypothesis 2, the results of our analyses revealed openness to be related to victimization (H2b), but no statistically significant difference was found for conscientiousness (H2b).Open individuals are likelier to be victimized online, similar to prior research (van de Weijer & Leukfeldt, 2017).Our results for conscientiousness are in line with other research, suggesting no direct connection (Wilcox et al., 2014).Even though openness is related to cybercrime victimization, we do not believe it to be deterministic, as there are other factors, such as situational factors, which play a role in determining whether one is victimized online.
Our third hypothesis, the result regarding age, is somewhat expected, as juveniles, adolescents, and young adults have been found to be at higher risk of victimization (Kokkinos & Antoniadou, 2019;Oksanen & Keipi, 2013).In our fourth hypothesis, we expected men to be more prone to being victimized online.Men and women face different types of threats online, but in our study, we looked at multiple types of threats with respect to victimization, which could be a reason why we did not find differences between genders.
Along with the rest of the world, Finnish society went through a rapid change during the COVID-19 pandemic in how we work from our homes and use a mix of general social media tools with enterprise social media platforms for work-related tasks and to stay in touch with our friends or seek new meaningful relationships with previously unknown people online (e.g., Buil-Gil et al., 2021;Oksa et al., 2020).Evidently, working from home has both positive and negative impacts on employees and employers, such as fewer interruptions while working at home, reduced social contacts, blurring boundaries between work and one's own private life and more work-related stress (Ayyagari et al., 2011;Hahne, 2021;Oksa et al., 2020).However, according to RAT, crime follows the routine patterns and practices of individuals in social life (Cohen & Felson, 1979).Thus, during major societal changes when routines change, criminals are likeliest to change their ways of searching for suitable targets and choosing when and how to launch their attack.According to the results of our study, it is plausible to assume that online perpetrators have changed their methods of conducting criminal activities, as the number of victims is on the rise.
This study provides new information on cybervictimization, which continues to be a critical issue as the prevalence and sophistication of cybercrimes increase.The practical implications that corporations, organizations and governments should rethink are their approaches to any future situation where the workforce must undergo rapid changes in how they work and where they work from because malicious actors on the internet will follow the change to their advantage.In addition, the protection of the workforce from cyberattacks cannot be entrusted only to technology, as it cannot stop or filter all possible cyberattacks.
We have adapted RAT, along with the traits of conscientiousness and openness from the Big Five personality traits, to our study to explain cybervictimization.Even though RAT is a situational theory, it is beneficial to combine situational theory with theories on personality traits because personality can increase or decrease individuals' risk of being victimized online.Like all other studies, this study also had limitations.First, as our study utilized observational data, no causal inferences could be made based on our findings.Issues related to potential between-person selectivity were addressed with additional fixed-effects analyses.The data of the study were also collected in Finland and targeted only working-age individuals.Thus, there might be some limitations in generalizing our findings to other national contexts.The response rate (28.31%) and sample size of participants who answered all our study questions (N = 650) might also raise questions on external validity and statistical power.However, the data sample generally matches the working population in Finland, and no major biases were found.Finally, the study was based on self-reported measures of cybercrime victimization.However, the measures used for this study comprehensively examined the topic.Although our study did not focus on the impact of the COVID-19 pandemic, we considered the pandemic in the interpretation of our results.Additionally, we did not examine different types of cybercrime separately, which warrant distinct hypotheses due to their unique characteristics.Future research should incorporate more specific hypotheses to address different types of cybercrime individually.

Conclusions
Situational criminological theories like RAT are useful when explaining cybercrime victimization.However, even if the situation is right, crime does not necessarily happen.This could be because of a potential target's personality or another crime-preventing factor.This study demonstrates how personality is associated with the risk of victimization.It also demonstrates the need to expand and continue testing established criminological theories during and after times of rapid societal change, as cybercrime and cybercrime victimization are evolving, complicated phenomena of the internet and networked societies.Clearly, online victimization cannot be totally prevented by using cybersecurity tools that remove or filter malicious content from email, instant messaging, social media applications or internet browsing, as criminals and other malefactors of the internet can always bypass some of the defensive tools (Ho & Luong, 2022).Therefore, individuals' personalities play a vital role as one of the factors associated with the risk of cybervictimization.
We found that open individuals do not avoid situations in which they are exposed to criminals.Although we found that the personality trait of openness is positively related to cybercrime victimization and conscientiousness is not, we cannot say that the traits are deterministic, as other factors, not only situational, can have a role in determining the individual's actual risk of cybervictimization.This is vital to realize when creating new cybercrime prevention education and awareness programs.We argue that experimental studies and more longitudinal research on openness and conscientiousness are required to understand how and in which situations these personality traits are associated with the odds of cybercrime victimization.Compulsive internet use should also be studied further, as it does not alone explain victimization when considering between-person differences.

Table 1
Descriptive Statistics of the Study Variables

Table 3
Multilevel mixed-effects logistic regression model predicting cybercrime victimization: RAT variables

Table 4
Fixed effects regression model predicting cybercrime victimization: RAT and background variables