Privacy , security , trust , risk and optimism bias in e-government use : The case of two Southern African Development Community countries

Electronic government (e-government) can provide quality services to citizens when and where needed. E-government is recognised as a fundamental tool to encourage citizen participation in public service delivery matters (United Nations 2016b) and millions of dollars are being invested annually in e-government projects across the world (World Bank 2016). However, e-government adoption by citizens (G2C) remains very low (Shalhoub 2006; World Bank 2016). The established primary reasons for this are security concerns, trust issues, risk factors and privacy issues (Shalhoub 2006; Zafiropoulos, Karavalisis & Vrana 2012). However, there are other factors (Bwalya 2017; Munyoka & Maharaj 2017) affecting the use of e-government by citizens.


Introduction
Electronic government (e-government) can provide quality services to citizens when and where needed.E-government is recognised as a fundamental tool to encourage citizen participation in public service delivery matters (United Nations 2016b) and millions of dollars are being invested annually in e-government projects across the world (World Bank 2016).However, e-government adoption by citizens (G2C) remains very low (Shalhoub 2006;World Bank 2016).The established primary reasons for this are security concerns, trust issues, risk factors and privacy issues (Shalhoub 2006;Zafiropoulos, Karavalisis & Vrana 2012).However, there are other factors (Bwalya 2017;Munyoka & Maharaj 2017) affecting the use of e-government by citizens.
Homeland Security 2014), the extended unified theory of acceptance and use of technology (UTAUT2) (Venkatesh, Thong & Xu 2012) and the affective decision-making theory of optimism bias and risk (Bracha & Brown 2012).A summary of these models and their relevance to this study is now presented.

National Initiative for Cybersecurity Education and Cybersecurity Capability Maturity Model
The US Department of Homeland Security's NICE-CMM model is a toolkit that is widely used at both national and organisational (both public and private) levels in the EU, USA, UK and Canada for establishing cybersecurity policies, strategic planning and providing guidelines for training all stakeholders.The NICE-CMM model is applied mainly at the organisational level to build citizens' trust in G2C.

The National Institute of Standards and Technology Cybersecurity Framework
This framework provides a set of core activities aimed at developing individual cybersecurity skills (National Institute of Standards and Technology 2018:2).This framework provides key construct items for the perceived security construct of the study.

The affective decision-making theory of optimism bias and risk
Affective decision-making (ADM) is a strategic model predicting an individual's rationale for undertaking certain utility choices under risk (Bracha & Brown 2012).The ADM theory asserts that the interaction between the rational and emotional cognitive processes determines an individual's choice regarding the utilisation of a specific service.Optimism bias is the belief that prior experience in using a specific system makes the user less vulnerable to risks compared to an average user (Carlin 2016).Hence, when individuals are confronted with risky choices the rational approach determines one's action and the emotional process informs one's perceptions of risk; combined together, this makes an individual optimistically biased.The ADM theory is pertinent in understanding and defining the perceived risk and optimism bias construct variables for the research model in Figure 1.

The extended unified theory of acceptance and use of technology model
The UTAUT2 model consists of seven constructs (performance expectancy, effort expectancy, social influence, facilitating conditions, hedonic motivation, price value and habit) and three moderating variables (age, gender and education) that influence an individual's decisions for adopting and using a system.The UTAUT2 illustrates how these factors play a pivotal role in informing users' decisions towards adopting any e-system.The UTAUT2 model is adapted to suit the context of this study, in line with cybersecurity considerations in adopting and using e-government systems.
In the context of this study 'use behaviour' (Shareef et al. 2011) refers to a citizen's disposition in accepting and continually using e-government systems as the primary means for accessing government services.This study is guided by the following research questions: • What effect does perceived privacy have on e-government use behaviour?To answer these research questions, several null hypotheses were established for each construct as outlined in the next section.

Research model and hypotheses
Privacy Papadomichelaki and Mentzas (2012:100) define 'privacy' as the 'protection of personal information, not sharing personal information with others, protecting anonymity, secure archiving of personal data, and providing informed consent'.
Prior research indicates that the public required assurance of adequate privacy protection embedded in e-government systems prior to and when using them (ITU 2012; Majdalawi  et al. 2015;Ramli 2017).Moreover, any perception of inadequate privacy tends to increase the perceived risk of using e-government systems, leading to eroded trust and a lack of desire to use such systems (Ewurah 2017).To overcome such privacy worries, the incorporation of a privacy statement on e-government websites addressing all fundamental privacy principles, compensation mechanisms, government regulations and ICT self-regulation for enforcing procedural justice for perpetrators is recommended (Bansal, Zahedi & Gefen 2010;Shalhoub 2006;Xu et al. 2009)

Trust
Trust focuses on the confidence that citizens have in e-government systems concerning freedom from any risk of danger, doubt or fraud during a transaction (Papadomichelaki & Mentzas 2012).Al-Zoubi (2008) suggests that trust is one of the most important catalysts affecting citizens' decisions to adopt and use e-government systems.The importance of trust as a decisive factor in determining the success or failure of e-government has been reiterated in other studies (Fakhoury & Baker 2016;Shalhoub 2006;Zhao & Zhao 2010).
The measure of trust is based on two fundamental aspects: the trust in the Internet and the trust in the e-government system.As in most prior studies on e-commerce and e-government adoption and use, perceived trust is expected to have a positive effect on both behavioural intention to adopt and use behaviour (Al Khattab et al. 2015;Anthopoulos et al. 2016;Colesca 2009) and to reduce perceived risk (Schaupp & Carter 2010).

Security
Security is concerned with administrative and technical procedures, associated with protecting data and information against possible losses, 'unauthorised access, destruction, use, or disclosure' (Shalhoub 2006:272).In the context of e-government, administrative issues are concerned with formulating, implementing and reviewing information and data security policies.These policies are the cornerstone of effective cybersecurity measures needed for building citizens' trust in e-government (Singh & Karaulia 2011).Technical procedures are essential for e-government systems to prevent unauthorised access to databases and transactions, and these include preventing unauthorised access through the use of encryption, limiting access to passwords and securing servers and the network infrastructure.In developing countries where high levels of corruption are reported (Mistry & Jalal 2012;Pathak et al. 2008)

Perceived risk
ICT risks are related to the possibility that a system is inadequately protected from different types of threats (Schaupp & Carter 2010).Similarly, perceived risk is the belief that one will experience some losses whilst interacting with an e-system and that is caused by one's perceptions of the privacy and security of such a system.Almarashdeh and Alsmadi (2017) further assert that once citizens perceive high risk in using an e-government system, there is a general tendency of postponing the transaction and resorting to an alternative medium.Considering the uncertainty that besieges online-based transactions and the vast potential of cyberattacks, this study suggests that perceived risk has a significant impact on one's decisions to adopt and use e-government systems.Several studies (Al Khattab et al. 2015;Schaupp & Carter 2010) established that risk perception has a negative effect on one's use behaviour of e-government systems.
H7 0 : Perceived risk does not have an effect on citizens' use behaviour of e-government systems.H7 a : Perceived risk has an effect on citizens' use behaviour of e-government systems.

Optimism bias
Optimism bias defines 'a systematic error in perception of an individual's own standing relative to group averages, in which negative events are seen as less likely to occur to the individual than average compared with the group, and positive events as more likely to occur than average compared with the group' (Weinstein 1980:809).Prior studies demonstrate that despite high perceptions of risk and reported cases of cyberattacks (Alsaghier et al. 2009 using online services do not believe that they are susceptible to attacks compared to the average user.Therefore, in terms of e-government adoption and utilisation, citizens who regard themselves to be more Internet savvy, compared to the average user, will be less deterred by perceived risks and thus tend to use such systems.Practically, optimism bias is measured by asking participants to compare their capabilities in executing an online task with that of an average user.
H8 0 : Optimism bias does not have an effect on citizens' use behaviour of e-government systems.H8 a : Optimism bias has an effect on citizens' use behaviour of e-government systems.

Research model
Considering the aforementioned corpus of literature and insights from the theoretical underpinnings, this article posits that citizens' use behaviour of e-government systems is affected by their perceptions and lived experiences of the privacy, security and trust in such systems.However, because of the effect of optimism bias, citizens are inclined to pursue the use of e-government systems.Hence, Figure 1 presents the proposed research model for this study.

Research methodology
A quantitative research design (Creswell 2014) and deductive approach (Gelo, Braakmann & Benetka 2008) underpin this study.Data was collected from 550 citizens from the two SADC member states using self-administered semistructured questionnaires.Multistage sampling techniques were used to identify the 550 participants.The questionnaire was comprised of two sections: Section A covered demographicrelated questions, and Section B consisted of 23 five-point Likert scale (ranging from strongly disagree to strongly agree) questions aimed at evaluating the six constructs of the proposed research model in Figure 1.The self-administered questionnaire was designed based on the International Telecommunications Union (ITU) (ITU 2018) and the United Nations E-Government Survey Databases (United Nations 2016a) and adapted to the study in line with the proposed e-government use research model (Figure 1).The questionnaire was piloted with 10 respondents with prior experience in using e-government systems.Feedback from the pilot test was integrated into the final research instrument.
Data collection was administered over 8 weeks, covering Zimbabwe and Zambia.Structural equation modelling (SEM) (Kline 2011) using the IBM SPSS AMOS version 24 was used for validating the proposed model.The SEM allowed comprehensive testing of hypotheses using confirmatory factor analysis (CFA) to establish the significance of the relations among observed variables and latent variables of the proposed model of e-government utilisation as outlined in the following section.

Ethical consideration
An ethical clearance was obtained prior to fieldwork.

Data cleaning and screening procedures
In line with Onwuegbuzie and Combs' (2011) suggestion, the data were scrutinised to firstly identify missing data, secondly to detect and deal with common method bias, and finally to detect and eliminate any possible outliers and univariate normality that could distort the findings.

Dealing with missing data
The pre-analysis phase of data analysis involved the screening of the survey instruments for item non-response and erroneous completion by the participants (Zhang & Yuan 2016).Out of the 550 distributed questionnaires, only 489 were suitable for the final data analysis.The rest were either incorrectly completed or had sections that were not completed, thus giving an overall response rate of 88.9%, which is considered more than adequate in line with the recommended acceptable response rate of 30% for any survey (Sekaran & Bougie 2010).

Dealing with common methods bias
Common method bias occurs when a measurement instrument (i.e.survey questionnaire) introduces some discrepancies in responses because of the way in which it is designed and phrased as opposed to the real dispositions of respondents (Podsakoff, MacKenzie & Podsakoff 2012).In this study, both the independent and dependent variables were measured using the same questionnaire and the same respondents.As a result, common method bias is possible.Two approaches were used in this study for testing and dealing with this: firstly, Harman's one-factor test to detect common method variance before executing exploratory factor analysis and, secondly, CFA using convergent and discriminant marker variables to detect common method variance.The rule of thumb for Harman's single-factor test is that the first major component's eigenvalue (percentage of variance) should be less than 50% to demonstrate the absence of the common method bias (Mudzana & Maharaj 2017;Podsakoff et al. 2012).The findings showed that when the first major component was extracted, only 17.85% of the variance was explained.This demonstrates that the remaining variance which was not extracted, explains a significant amount of the factors.

Dealing with univariate normality
Prior to conducting any statistical analysis, the data should first be tested for homogeneity to establish the data distribution for all the variables (Alshehri 2012).Here Pearson's first coefficient of skewness parameter test was used to establish univariate normality.However, the assessment of normality is sensitive to sample sizes and as such, Kim (2013)

Descriptive analysis
The majority of the 489 valid responses were male (53%); 33% were aged between 26 and 35 years of age and 29% were between 36 and 45 years.More than half of the respondents (52%) indicated that they used the Internet on a daily basis whilst 42% used it one or more times per week.Forty-eight per cent of the respondents reported having used e-government once or twice per week, whilst 47% used it once or twice per month.

Measurement model analysis
Confirmatory factor analysis was used to establish the measurement model (testing discriminant and convergent validity of the measurement scales) and to determine how the model fits the collected data.As recommended by Hair et al. (2014), three tests (standardised factor loadings, construct reliability and average variance factor) were used to assess convergent validity in this study.The construct reliability results for this study are shown in Table 1.
Standardised loadings show the level of association between scale items and an individual latent variable and only those latent variables above the minimum acceptable value of 0.50 (Hair et al. 2014) were loaded in Table 1.Construct reliability was done to ensure that the latent variables of each construct were internally consistent.Table 1 shows the reliability coefficients of all the constructs, ranging from 0.716 to 0.869, thus suggesting that the constructs were internally consistent because all coefficients were above the widely accepted minimum level of 0.70 (Hair et al. 2014).
The average variance extracted (AVE) was used to establish the convergent validity of the constructs, and all AVE values were above the minimum recommended threshold of 0.50 (Hair et al. 2014); thus reaffirming that the constructs of the proposed model explained more than 50% of variances of their underlying construct items.
Discriminant validity was carried out to establish and ensure that each construct of the study instrument was empirically unique from the rest of the constructs and characterises phenomena of interest in the structural equation model (Hair et al. 2014).AlKhatib (2013:276) suggests a rigorous method for computing discriminant validity in which the 'absolute values of correlations between the constructs' are compared with the square root of the AVE for that specific construct.The rule of thumb according to AlKhatib ( 2013) is that the square root of the AVE for that specific construct should always be greater than the AVE and all the correlations with all the other constructs.As illustrated in Table 2, the square roots (shaded in grey) were greater than the associated correlations for all the other constructs; thus there were no concerns regarding the discriminant validity.Therefore, the results in Tables 1 and 2 suggest that the CFA results provided acceptable discriminant and convergent validity for the construct scales of the questionnaire.

Structural model analysis
Following the validation of the model measurement, testing and validation of the overall fit of the structural model were pursued in this study, using a different set of fit indices.The overall value of the chi-square (χ 2 ) was 459.82 with 230 degrees of freedom and with p-value < 0.05.A significant p-value (<0.05) shows that the absolute fit of the proposed model was not desirable.However, as the chi-square test for absolute model fit is too sensitive to sample size, Hooper, Coughlan and Mullen (2008) suggest the use of a more robust and satisfactory measurement, the chi-square over degrees of freedom.The chi-square over degrees of freedom for the proposed research model of this study was 1.69 and within the recommended 1 and 3 range (Kenny 2015).Along with the above two ratios, several fit indices for the model were reported.Descriptive fit indices are used to compare a specified model with a baseline model (sometimes referred to as an independent model) in order to prove the supremacy of the proposed model.To measure the overall model fit, several indices were used in this study -goodness-of-fit index, normed-fit index and comparative fit index, all of which should be equal to or greater than 0.90 (Albesher 2015).Other indices reported, were the index of fit and Tucker-Lewis index, which should have a value of 0.95 or above (Ugulu 2013).
The adjusted goodness-of-fit index should be at or above 0.80, whilst the root-mean-square error of approximation should be below 0.08 to show good fit or below 0.05 to show excellent fit (Henseler et al. 2015;Steiger & Lind 1980).Table 3 shows that all indices were above the minimum recommended valuesthus demonstrating a good fit of the proposed research model.

Path coefficient and hypothesis testing
Having established the structural model fit for the proposed model, this section examines the path coefficients of the latent variables in the constructs.Following Hair et al.'s (2014) recommendation that the parameter coefficient value be statistically significant (at p < 0.05 level) when its critical ratio (CR)/t-value for a standardised regression weight is greater than 1.96, all eight alternative hypotheses were significant (see Table 4).All critical ratios (CR)/t-value for the standardised regression weights were above the recommended 1.96 level.Figure 2 presents the structural path coefficient test results.
In all of the cases illustrated in Table 4, the null hypotheses were rejected.The following interpretations are presented: H 1a : Users were more likely to use G2C systems if they were confident about the privacy of their transactions.H 2a : A greater level of transactional privacy led to less perceived risk.H 3a : Improved trust in G2C systems leads to less perceived risk.H 4a : The more trust the user has in the system, the more likely he or she is to use it.H 5a : As perceived security increases, perceived risk decreases.H 6a : An increase in perceived security leads to increased use.H 7a : Greater perceived risk leads to decreased use.H 8a : Respondents who felt comfortable using G2C systems (more technically competent) felt less vulnerable using such systems and thus used them more.
Figure 2 shows that 81% of the discrepancies among the five endogenous constructs were explained by the use behaviour   of e-government systems.This shows that the proposed model has good predictive power (Hair et al. 2014) about the use behaviour of e-government systems in Zimbabwe and Zambia.

Discussion
This study investigated the extent to which privacy, security, trust, perceived risks and optimism bias influenced citizens' use behaviour of e-government systems in Zimbabwe and Zambia.To achieve this aim, this study proposed eight hypotheses to test the proposed model.
Some of the transactions performed by citizens (like e-filing of personal tax returns and payment of municipality bills) using e-government systems are sensitive and confidential and have strict deadlines that, if missed, could result in severe penalties.In such cases, citizens who felt that the e-government systems did not guarantee privacy to their transactions and could increase their vulnerability to risks were less motivated to use such systems when interacting with a government agency.In particular, this study found that privacy is a fundamental building block that determines whether e-government initiatives fail or succeed.Consistent with previous studies on e-government utilisation (Al Khattab et al. 2015;Alzahrani, Al-Karaghouli & Weerakkody 2016;Bwalya & Healy 2010;Cai Shuqin et al. 2016), findings of this study show that perceived privacy is negatively linked to perceived risk.The results also revealed that positive perceptions of privacy of personal data and transaction increase the utilisation of e-government systems.This finding concurs with findings of Singh and Sharma (2009), who found that privacy and confidentiality issues pose a huge challenge to the acceptance and use of e-government systems where sensitive information and decisions (as in e-voting and e-medicine) should never be divulged.
This study revealed that when citizens have a high level of trust in e-government systems, their perception of risk associated with the use of such systems tends to decrease.The opposite is equally true, high-risk perception leads to low trust in e-government systems.This was expected, given that the majority of the respondents in this study felt that there were inadequate operative legal structures in place to protect them from possible problems faced whilst transacting on e-government systems.Moreover, a significant number of participants felt that a lot should be done before they could trust e-government systems with their personal and confidential information.This finding is consistent with findings of prior studies (Basu 2004;Schaupp & Carter 2010) but inconsistent with Sharma (2014) and Zhou (2011), who found a positive relationship between trust and perceived risk.Citizens' trust was found to have a positive impact on use behaviour of e-government systems.A plausible explanation could be that when citizens become familiar with using electronic systems without encountering numerous challenges, chances are high that they tend to trust such systems and become motivated to keep on using them.Similarly, if citizens have a low perception of trust associated with the use of e-government systems, they are bound to trust such systems less.This finding concurs with findings of previous studies on e-government use (Al Khattab et al. 2015;Albesher 2015;Santhanamery & Ramayah 2016).
This study established a negative association between perceived security and perceived risk, implying that an increase in security features on e-government systems leads to low risk perceptions and vice versa.Robust security measures on e-government transactions mitigate fears associated with a potential loss by citizens.These findings disagree with results of previous studies (Oktem, Demirhan & Demirhan 2014;Shuqin et al. 2016;Zhao & Zhao 2010), which established a positive relationship between perceived security and risk perception; but they concur with Baganzi and Lau (2017) and Zafiropoulos et al. (2012).A plausible explanation for such differences in findings is that this study focused entirely on e-government users, most of whom could not be security savvy and as such, any security fears tend to raise risk perceptions.Citizens who regarded e-government systems as secure when interacting with a government agency were motivated to use such systems.However, these were not the only findings; Sharma (2015) established a positive correlation between perceived security and e-government adoption.
Perceived risk had a negative effect on use behaviour.
Citizens who perceived e-government systems to be risky were less motivated to use such systems when engaging with government agencies.The results of this study agree with findings of earlier studies (Al Khattab et al. 2015;Almarashdeh & Alsmadi 2017;Schaupp & Carter 2010), which established that citizens who regard e-government systems to be risky tend to shun transacting over such systems and resort to an alternative medium.This implies that in order for e-government systems to gain the trust of citizens and become a major channel for accessing government services in the two countries, any risk issues and perceptions should be comprehensively addressed.
Optimism bias had a positive and significant effect on use behaviour.Despite having negative perceptions of the privacy, security and risk issues of e-government use, citizens who regarded themselves as more competent in using electronic systems compared to average users were more motivated and likely to use such systems.The results of this study are consistent with the empirical results of a study by Carlin (2016).A plausible explanation for these results is that as users become competent and familiar with using e-government systems, they do not regard themselves as susceptible to cybersecurity threats.

Implications for theory and practice
This study contributes to the existing corpus of literature by describing how cybersecurity issues (privacy, security, trust and risk) are affecting citizens' decisions to use e-government systems in Zimbabwe and Zambia.The research has contributed to the body of knowledge on theory building by assimilating and testing four pertinent factors relating to cybersecurity and how optimism bias encourages citizens to keep on using such systems despite perceived risks.The findings draw attention to the fact that whilst citizens may consider the use of e-government systems as risky, trust in both the system and government entities is essential to encourage system utilisation.
Moreover, the proposed model can be used as a springboard for future research direction and integrated with other existing models like the theory of acceptance and use of technology (UTAUT), thus broadening the understanding of factors affecting e-government utilisation.This study has strong implications for practice.It underscores that citizens' utilisation levels of e-government systems are significantly affected by their lived experiences and perceptions of privacy, security and trust in a government agency, the e-system itself and legal structures in place to protect users.Therefore, privacy, security and trust are fundamental ingredients that neutralise perceived risks and dictate the degree of success or failure of e-government systems.Optimism bias works best when citizens have established some level of trust in the government and the privacy and security of e-government systems.This study reveals the pitfalls of e-government adoption and utilisation by citizens if privacy and security concerns are perceived as inadequate.Hence, implications for the design and implementation of e-government systems are that governments should adopt people-driven initiatives in which citizens' and governments' inputs play an equal role towards any new e-government initiative.

Conclusion
This research investigated the effect of the latent variables of privacy, security, trust, perceived risk and optimism bias on the utilisation of e-government systems in Zimbabwe and Zambia.A conceptual model integrating these latent variables into a behavioural-related model to determine their effect on e-government utilisation was developed based on the NICE-CMM, NIST Cybersecurity Framework, UTAUT2 and the ADM theory and was presented.Survey data for testing the proposed model were collected from 489 e-government users in Zimbabwe and Zambia.A key finding was that security concerns for the majority of e-government users are based on sentiment because they are not well versed with the particulars of security.To encourage adoption, the government should work to reduce any uncertainties associated with the use of e-government and build citizens' trust.Perceived privacy, perceived security and perceived trust were found to be negatively associated with perceived risk.Perceived trust, perceived privacy, perceived security and optimism bias were positively associated with use behaviour.Future research work should investigate the direct impact of privacy, security and trust in citizens' intention (focusing on non-users) to adopt e-government systems in Zimbabwe and Zambia.

H3 0 :
Perceived trust has no influence on perceived risk of e-government systems.H3 a : Perceived trust influences perceived risk of e-government systems.H4 0 : Perceived trust has no influence on use behaviour of e-government systems.H4 a : Perceived trust influences use behaviour of e-government systems.
Kim (2013):96).Skewness measures the 'degree to which a statistical distribution is not in balance around the mean'(Čisar & Čisar 2010:97).According toKim (2013), a perfectly skewed graph has a zero kurtosis and skewness values for a normally distributed histogram.
recommends the use of skewness and kurtosis for testing univariate normality for large sample sizes (i.e.n > 300).Kurtosis measures the 'relative peakedness or flatness of a distribution compared with the normal distribution'(Čisar &
PT, perceived trust; PP, perceived privacy; PS, perceived security; OB, optimism bias; USE, use behaviour.*, Correlation is significant at the 0.05 level (two-tailed); **, Correlation is significant at the 0.01 level (two-tailed).†, values show the square roots of average variance extracted for each construct; all values below this diagonal line are correlation estimates for the constructs.

TABLE 4 :
Path coefficient and hypothesis testing.

TABLE 3 :
Structural model fit summary of the proposed model.