September 26, 2025
As digital threats continue to grow more sophisticated, the focus of cybersecurity has traditionally lied with technical means of threat prevention and defense like firewalls and antivirus software. However, a growing consensus is pointing to human error as the weakest link in the security chain, with thousands of data points proving that humans are the cause of almost all cyber disasters. As a result, researchers have decided to study how the behavior of the end user influences the defense matrix of an organization and potentially introduces new vulnerabilities into an otherwise bulletproof system. A study by Ghaleb and Sattarov (2025) delves into this “human factor” by examining a sample of 259 employees from various professional backgrounds to find the role of personality traits in influencing cybersecurity compliance attitudes. This article review will investigate the approach taken by these researchers, analyzing the study’s methodology, its connection to social science principles, and its findings on the role of personality traits in influencing cybersecurity compliance attitudes.
Analyzing the Experiment
The first step to analyzing any experiment is determining the hypothesis, or the question being tested. In this case, the researchers believed that the Big Five personality traits, consciousness, extraversion, neuroticism, agreeableness, and openness, had a major impact on cybersecurity behavior. More specifically, their hypothesis proposed that these traits would moderate the relationship between an employee’s perceived security risk and their attitude toward compliance. Therefore, in this experiment, the independent variable is the end user’s quantified personality traits, and the dependent variable is their attitude towards compliance. The experiment was designed in such a way to leverage the nuances of both variables to explore how personality acts as a filter to determine whether an employee’s awareness of a threat translates into stronger or weaker intention to follow security guidelines.
Data Collection Methodology and Analysis
After defining the experiment, a proper analysis can explore how the researchers collected their data and translated it into actionable results. The study leveraged a quantitative research approach by administering surveys to the diverse group of respondents across various fields. The sampling strategy to gather the group of participants ensured that the participants were familiar with cybersecurity policies, as this experiment tested how well an individual subject would adhere to such requirements. The researchers used a 45-item scale to measure the respondent’s Big Five personality traits, a 10-item scale for cybersecurity behavior, and a 3-item scale for perceived cybersecurity risk. After gathering the data, the researchers leveraged STATA software to perform Structural Equation Modeling (SEM) for analysis. SEM is valuable because it allows researchers to examine intricate models with multiple variables all at once while factoring in the nuance of latent constructs like personality traits.
Experiment Results
After comprehensive data collection and analysis methodology, the data validated the researcher’s hypothesis with high statistical significance, which is crucial considering the experiment relied heavily on latent variables. The findings conclusively demonstrated that the Big Five personality traits have significant influence on both an individual’s cybersecurity behavior and their adherence to cybersecurity guidelines and compliance. Conscientiousness was found to be the most significant indicator, meaning that individuals who are naturally organized, responsible, and disciplined were more likely to engage in cyber best practices and adhere to guidelines. Agreeable individuals were more likely to respect security rules, showing that one’s social orientation impacts their cyberpsychology and decision making. Neuroticism, while generally considered to be a negative personality trait, allowed respondents to be more anxious about potential threats, leading to a heightened sense of awareness. The remaining two of the Big Five personality traits, openness to experience and extraversion, while less prominent, illustrated how a person’s cognitive style and social motivations also contribute to their overall security mindset.
Greater Implications
Social scientists use psychology to understand why people do the things they do. In class, we learned about the concept of cyberpsychology, which links the implications of psychology with cybersecurity. In this case, the study leveraged the Big Five personality traits we learned in class to correlate personality with cybersecurity behavior. This is a clear example of the intersection of two lenses in the interdisciplinary study of cybersecurity, and it proves how the Human Factor is a major topic of discussion within the field; we learned about cyberpsychology in detail in Module 4. In regards to the cultural implications of this study, we now understand the importance of acknowledging the cultural nuances of the diverse American workplace. In particular, we understand that a “one size fits all” approach to cybersecurity often fails because it is designed from a single cultural perspective and does not account for the nuances that can exist across different demographics. A personality based approach, however, is inherently more inclusive and accounts for differences across a diverse range of backgrounds.
Conclusion
In conclusion, the research by Ghaleb and Sattarov provides compelling evidence that cybersecurity is primarily a human issue, not just a technological one. The study successfully proves that innate personality traits are a primary determinant of an individual’s security behavior, confirming the importance of the human factor in securing an organization. Through the application of a social science lens, the study offers solutions for developing informed strategies to secure the human layer of the defense hierarchy. Through the development of a more sophisticated understanding of human nature, we can strengthen our digital defenses.
References
Ghaleb, M. M., & Sattarov, A. (2025, 08 10). Perceived Security Risks and Cybersecurity Compliance Attitude: Role of Personality Traits and Cybersecurity Behavior. International Journal of Cyber Criminology, 19(1), 27-53. https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/438