People are central to cyber security. Empowered with the right skills and tools, people can protect themselves and their organisations from cyber attack.
But people aren’t all the same. Each of us has our own personality. And studies show links between our personalities and our security behaviour.
If personality influences cyber risk, a one-size-fits-all approach isn’t optimal. A tailored approach would better limit cyber risk.
The Big Five model
Behavioural psychologists use the Big Five model to identify and understand personalities. The model includes five personality traits. These are Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism (OCEAN).
These traits are all continuums. A person can “score” high or low for each trait. Traits are neither negative nor positive. They each have their own strengths and weaknesses.
Openness refers to openness to experience. People who score high on openness are typically adventurous and creative, actively seeking out new experiences. They are also relatively vulnerable to phishing scams. Being curious, they may follow cyber criminals’ demands.
Yet, openness does help people handle unexpected stimuli. More open people can better spot something out of the ordinary. This helps them detect unusual or suspicious emails.
Still, open people might be more likely to challenge authority. Their cyber risk could increase if they challenge rules and regulations.
Conscientious people demonstrate high levels of trustworthiness, organisation, and self-discipline. They are cautious and methodological but strive for achievement.
Still, being achievement-striving can increase risk. A conscientious person might believe a phishing email if it offers success or helps reach their goals. They might believe a scam in the spur of the moment, especially if under pressure.
The extraversion personality trait describes those who enjoy others’ company. Extroverted people are optimistic, assertive, energetic, and warm.
People with high extraversion scores respond to awards and social attention. Cybercriminals exploit such characteristics in social engineering attacks.
However, extroverts’ willingness to communicate could help build a security-oriented culture. Taking the initiative to report breaches contributes to organisational security.
Agreeable people are trusting, compassionate, cooperative, and modest. Because they are trusting, highly agreeable people are more likely to fall for cyber attacks. Phishing emails asking for help are particularly successful among agreeable people.
But agreeable people are also security conscious. They are generally better at detecting deception. They also tend to display workplace commitment and high security awareness. Their tendency to cooperate encourages agreeable people to report cyber threats.
Neuroticism relates to emotional stability. Those who score highly for neuroticism are impulsive, prone to stress and anxiety, self-conscious, and sceptical.
Although often portrayed in a negative light, individuals scoring highly for neuroticism can have lower susceptibility to phishing. They are often effective in distinguishing between genuine emails and fake emails.
Yet, highly neurotic people can make hasty decisions in stressful situations. Well-crafted scams may be effective against people scoring highly for this trait.
Research shows personality does influence cyber risk. What can we do with this information?
Read our whitepaper in partnership with the NCC. See the benefits of an approach to cyber security that is tailored to different personality types.