EXECUTIVE SUMMARY:

Does personality increase the odds of inadvertently succumbing to a threat? Are some people more likely to fall prey to fraudulent cyber schemes than others? The answer is yes.

Certain personality traits and characteristics increase the probability that a given individual will accidentally catalyze a cyber incident, according to Carl Weems, of Iowa State University. After testing 210 participants, Weems concluded that “participants scoring high on aggression, depression, and trait anxiety also scored significantly higher on the insecure [cybersecurity] behaviors scale.”

Similarly, in the UK, a study of 515 participants with certain characteristics, including internet addiction, attentional impulsivity and motor impulsivity showed a higher likelihood of making poor cybersecurity related decisions.

However, the more positively that people felt about cybersecurity in business, the less likely that they were to make poor cybersecurity related decisions. Does this mean that your business can expect a certain level of insulation from risky cyber behavior? Not necessarily.

Especially if you work with extroverts. Evidence suggests that extroverts are more inclined to divulge information to cyber criminals than introverts. The natural desire to engage with others “makes them more susceptible to social engineering attacks,” says Dr. Margaret Cunningham, who has conducted research on the matter.

The big question: Should you account for personality types in planning your business’s cybersecurity awareness initiatives?

The answer is perhaps. While it’s not always feasible to develop training sessions around certain personality traits, you may wish to gently offer feedback to employees regarding their possible weaknesses in relation to potential cyber threats.

For more on the connection between personality and cybersecurity, see Dark Reading.