Correlating human traits and cyber security behavior intentions

In this paper, we correlate human characteristics with cyber security behavior intentions. While previous papers have identified correlations between certain human traits and specific cyber security behavior intentions, we present a comprehensive study that examines how risk-taking preferences, decision-making styles, demographics, and personality traits influence the security behavior intentions of device securement, password generation, proactive awareness, and updating. To validate and expand the work of Egelman and Peer, we conducted a survey of 369 students, faculty, and staff at a large public university and found that individual differences accounted for 5%–23% of the variance in cyber security behavior intentions. Characteristics such as financial risk-taking, rational decision-making, extraversion, and gender were found to be significant unique predictors of good security behaviors. Our study revealed both validations and contradictions of related work in addition to finding previously unreported correlations. We motivate the importance of studies such as ours by demonstrating how the influence of individual differences on security behavior intentions can be environment-specific. Thus, some security decisions should also depend on the environment.