An exploratory investigation of message-person congruence in information security awareness campaigns

In this study, we sought to answer the question of whether certain information security awareness message themes are more or less effective for different types of individuals based on their personality traits. We considered five message themes (deterrence, morality, regret, feedback, and incentive) as they relate to seven personality traits (the Big Five, Machiavellianism, and social desirability). Our survey analysis of 293 users provides evidence that security awareness message effectiveness does vary based on personality, but not always as one would expect. Depending on certain personality traits, some security messages appear beneficial to security efforts, whereas other personality traits make the individual less receptive to certain message types and therefore security messages may backfire in terms of achieving their intended effect. Our exploratory results can assist practitioners in identifying a best fit between security awareness themes and individual users based on their personality profile.