Psychologist’s Study Suggests Cybersecurity Training Should be Linked to Personality
A Myers-Briggs chartered psychologist, John Hackston, studied over 500 employees discovering that different personality types could be linked to certain cybersecurity behaviours.
The British Psychological Society (BPS) published an article titled “Businesses can improve cyber security by linking staff training to personality.” It describes Hackston’s findings which he is presenting at the BPS Division of Occupational Psychology annual conference in Stratford-upon-Avon, UK, on January 9.
Personality could define cybersecurity conscientiousness and diligence
Hackston quizzed 560 employees from around the world about their place of work and their experiences of cybersecurity, each respondent completed a personality questionnaire. He analysed the results discovering that personality types are connected to levels of behaviour relating to cybersecurity. For example, how conscientious employees were in following cybersecurity rules or how diligent they were in keeping passwords and devices secure.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Introverts may be more careful with sensitive information
Introverts, as per the BPS article, are more likely than extraverts to a concur that, “no-one should put confidential business information in email, instant messenger (IM) or texts, as they may not be secure”. Employees who have an affinity with practical information and prefer to be organised are more likely to follow cybersecurity rules more closely.
Hackston’s study also discovered 64% of people believes they had been the subject of a cyber attack in the past twelve months and as many as 15% believed they had experienced a cyber attack in the past seven days. Men were more likely to be candid and report experiencing a cyber attack than women. And, US employees were on average the highest performers for “conscientiously follows rules,” when compared with other countries. Hackston says:
“With the rise of cyber security attacks, cyber-savvy employees are crucial in keeping information safe. It’s clear to be really secure one size does not fit all. Organisations would benefit if they considered the personality preferences of their staff when organising training.”
ESET and Myers-Briggs Cyberchology Report Finds Similar Results
Another study published in August 2019, by ESET researchers and Myers-Briggs, “Cyberchology: The Human Factor,” discovered that different kinds of cyber security errors occur more frequently among employees with certain personality preferences.
It found extraverts tended “to be more vulnerable to manipulation, deceit, and persuasion from cybercriminals.” These social engineering attacks “are particularly effective against extraverted types,” who may be more susceptible to social overtures. Though an advantage extroverts have is that they are attuned to outside communication and are faster to pick up external threats.
People with a preference for “sensing,” or observing and remembering details, are able to spot phishing attacks faster but sometimes take cyber risks. “Feeling,” personality types, guided by personal values, and “judging,” types, who are systematic and structured, “could be more likely to fall for social engineering attacks but are more rigorous in following cybersecurity policies.”
The full report by ESET and Myers-Briggs can be found here. It says:
“All personality types have different strengths and blindspots that can impact the outcome of a cybersecurity attack. Identifying where these lie and how they might correspond to your cyber security protocols is a great first step in building a coherent, integrative cyber security programme.”
An ESET survey found 42% of businesses are focusing on delivering compliance training as part of their cybersecurity strategy. But there is “often a lack of team coherence regarding cyber security, despite the fact that every team member in a modern business will have access to and be using vulnerable systems on a regular basis.” Cyber breaches, “could be avoided if a more integrative and business-wide approach to cyber security were adopted.”
Cybersecurity training and security awareness training doesn’t have to be boring or baffling
Whilst there is no major wand to discover every vulnerability, protect against every attack, or be aware of every threat, being aware and prepared can help to identify attacks before they result in a breach and prevent many breaches.
With The Defence Works our training is simple and interactive, providing insights and tools to spot and stop cybercrime. Our classic interactive courses are GCHQ certified and can dramatically improve employee’s awareness. We also have interactive episodes based on real life events to make security awareness training more relevant to daily lives. We have a suit of bite-sized, funny, and relatable comedy sketches to really drive home cybersecurity implications with humour instead of hours in a classroom.
When conducting security awareness training with The Defence Works you can focus in on the content that works best for you and your team. We offer simulated phishing training where you can test employees with fake attacks, assess their responses, and allocate re training if necessary. And, as nobody’s perfect these phishing simulations are conducted in a supportive and empowering manner. If your employees are confident they can identify a potential cyber attack and report it, they will be far more likely to do so.
Want access to the world’s most interactive security awareness training? Sign up for a free demo and find out how we’re already helping organisations just like yours.
Subscribe to the Proofpoint Blog