Agreeable personalities a top target for cybercriminals


Vian Smit | Systems Analyst | IntelliAcc | Master’s Graduate | Socio-Informatics | Stellenbosch University | mail me |

People with an agreeable personality have a higher chance of being manipulated by cybercriminals to share private and sensitive information. The study suggests a striking correlation between personality types and cybersecurity risk.

I surveyed close to 700 people on their personality type and how likely they were to respond to different social engineering attacks – when cybercriminals trick people into giving up private information or passwords or clicking on harmful links. He wanted to assess their susceptibility to these attacks.

Big five personality types

I focused on the so-called big five personality types used in the field of cybersecurity, namely conscientiousness, extraversion, agreeableness, openness, and neuroticism.

The results of my study show that being agreeable makes people most likely to fall victim to social engineering attacks, followed by those who are conscientious (disciplined, motivated, and respecting rules and procedures) and extroverts (outgoing, sociable, thrill-seeking).

Neurotic (emotionally unstable and anxious) and open-minded people (open to new experiences, events, ideas and beliefs) are less likely to be tricked. Extroverts violate cybersecurity policies more frequently because they tend to comply with malicious requests more regularly.

Among the personality traits that I examined, agreeableness emerged as the most vulnerable to social engineering tactics. Individuals with high levels of agreeableness were found to be particularly susceptible to manipulation by cybercriminals. Conversely, neuroticism, marked by emotional instability and anxiety, exhibited the lowest susceptibility to such attacks.

People with an agreeable personality are compassionate, altruistic, friendly, trusting, sympathetic, kind and forgiving. They’re not suspicious and hostile and want to please people. They generally believe in the goodness of humanity and that other people are honest and have good intentions. Their inclination to always be kind and wanting to help others puts them at a disadvantage when they are faced with a social engineering attack.

They are more susceptible to phishing (a person gets duped into opening fake emails, instant messages, or text messages), spear phishing (a specific person is targeted), impersonation (cybercriminal pretends to be someone else), pretexting (creating deceptive scenarios to gain information), watering hole (infecting the website a person views most frequently), QRishing (malicious software or fraudulent websites are hidden in QR codes), and smishing (use of deceptive text messages to get sensitive personal information).

Easy targets

Neurotic personality types are easy targets for fake applications or plug-ins (software that makes computer programmes or websites do new things or work better) attacks, and extroverts for malvertisements (a person is tricked by fake advertisements to install malicious programmes) and Wi-Fi evil twin attacks (a fake Wi-Fi network is used to gain access to a person’s device).

Conscientious people are susceptible to phishing, spear phishing, impersonation, pretexting, watering hole and QRishing attacks, while open-minded individuals are more likely to fall for pretexting, watering hole and Wi-Fi evil twin attacks.

Cybercriminals know that we all have psychological needs such as the desire to be liked, socially accepted, and trusted, among others. They use social engineering tactics to trigger our psychological needs so that we can share private information.

Information about people’s personality types and their susceptibility to social engineering attacks could help cybersecurity teams in businesses and organisations to incorporate effective mitigation strategies for each personality type. Organisations will also know which employees are more susceptible to these attacks by having a better understanding of their personality types.

Roles to be played by organisations

Understanding the personality traits that are most vulnerable to social engineering attacks can help cybersecurity experts develop more effective protection strategies.

Armed with a deeper understanding of the human psyche, organisations can navigate the complexities of cybersecurity with confidence, safeguarding their most valuable assets in an ever-changing threat landscape.

Nowadays cybersecurity measures do not just encompass technological improvements, but also human personality types. Organisations have a far greater challenge now in mitigating the impact of social engineering attacks. They should improve employee awareness and training, particularly for those with agreeable personality traits, to reduce the risk of successful social engineering attacks.

In addition to addressing human vulnerabilities, organisations should also implement robust cybersecurity measures, such as those outlined in the top five strategies for vulnerability mitigation – asset discovery and vulnerability identification, implementing security controls, patch management, and continuous monitoring.



Please enter your comment!
Please enter your name here