Can your personality indicate how you’ll react to a cyberthreat?


All of us are as individual as snowflakes in a winter storm … or so we think. Psychologists beg to differ, and in doing so, attribute five main personality types to human beings. 

Personality is a driver for behavior under certain conditions. In other words, what you decide to do is greatly influenced by your personality type. It is this very behavior that cybercriminals attempt to manipulate. Phishing emails, for example, hook into certain known expressions of behavioral traits when confronted by drivers such as trust and fear and so on. How do you react when confronted with an email telling you your account has been compromised?

The question is, can we work out if specific personality types react to cyberattacks differently? And if so, can we make our cyber-awareness campaigns more effective?

The Big Five personality types

The concept of distinct personality types has been in discussion and research for many years. By the late 90s, the idea of the Five-Factor Theory, abbreviated to OCEAN, was proposed by McCrae and Costa. This model attempted to wrap areas such as attitudes, roles, relationships and culture into a framework covering personality and behavior. The result was the “Big Five”:

  • Openness to Experience: Aesthetics, feelings, actions
  • Conscientiousness: Dutiful, disciplined
  • Extroversion: Warm, assertive
  • Agreeableness: Cooperative, compassionate
  • Neuroticism: Anxious, self-conscious

It is worth noting that this list of five was whittled down from literally thousands. However, the big five have had a sixth character, “honesty-humility,” recently added.

The Big Five personality types and cyber-behavior

Research that looks into mapping personality traits onto cybersecurity behavior is ongoing. It also remains controversial, which isn’t too surprising. Personality is plastic. We can all think of circumstances where we are extroverted in some circumstances and neurotic in others. 

OCEAN takes (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: