Personality as a predictor of cyber security behavior

Personality may better predict cybersecurity behavior relative to an individual’s stated intentions; however, people often behave in ways that are discordant with what they intend. Assuming most people have the intention of complying with safe practices, it is still no surprise that people violate policies and put sensitive data at risk regularly. Previous research has investigated all of the “Big Five” personality factors in relation to cybersecurity behavior, although there is no consensus regarding which factors are most important. In this study, data were collected from 676 undergraduate students who were administered the Employees’ Online Security Behavior and Beliefs questionnaire and the Big Five Inventory–44. Significant correlations were observed between self-reported cybersecurity behaviors and some, but not all, personality constructs. Linear regression was used to examine whether the 5 personality factors were significantly associated with cybersecurity behaviors, and a hierarchical regression examined the personality factors that explained additional variance over-and-above cybersecurity behaviors, specifically perceived barriers, response efficacy, and security self-efficacy. Conscientiousness, agreeableness, and openness were significantly associated with self-reported cybersecurity behaviors. Results suggest that personality plays an important role in understanding cybersecurity behaviors, which is consistent with a growing body of literature highlighting conscientiousness as a strong predictor of cybersecurity behaviors. The present study’s findings suggest that personality structure is associated with cybersecurity behaviors and that conscientiousness and openness may be particularly salient to this relationship.