Individual differences in cyber security behavior using personality-based models to predict susceptibility to sextortion attacks

Purpose: Social engineering attacks rely on compromising users’ confidential information usually using quid pro quo methods. Understanding the psychological reasons underlying the motivation for falling prey is imperative to developing successful defenses. Cybercriminals depend on human vulnerability rather than technology with an overreliance on technical solutions for protection rather than behavioral control models. Cyber sextortion is a type of quid pro quo social engineering that is under-researched. Hence, investigating the individual differences in security behavior and susceptibility to sextortion attacks using personality-based models is crucial. Methodology: Applying a quantitative methodology with online questionnaires, data was collected and analyzed using standard multiple regressions and Spearman's correlations in light of risky cyber security behavior (RCSB) scale correlating positively and negatively with extraversion, openness, agreeableness, neuroticism, and conscientiousness. Findings: The findings indicated the hypothesis of scoring high in the RCSB scale positively correlating negatively with conscientiousness was supported, although the overall regression analysis proved to be statistically significant. Social desirability to not admit risky cyber behaviors was apparent; however, the overall score for RCSB did show slightly risker behavior, indicating participants’ vulnerability to cyber sextortion. Originality/Value: This study supports that risky security behavior could be predicted by the personality of individuals. Developing and incorporating learning materials on how to mitigate the risks of cyber sextortion with organizational security awareness and training programs becomes highly crucial. Understanding the impact of conscientiousness, openness, extraversion, agreeableness, and neuroticism are necessary to safeguard against emerging attacks by means of cyber sextortion.