Effect of personality traits on trust and risk to phishing vulnerability: Modeling and analysis

Abstract

In cyberspace, various types of social engineering attacks have made humans in a system more vulnerable than ever. One of the popular social engineering attacks is a phishing attack, exploiting humans' vulnerability in order to obtain individuals' private or credential information. Recent studies have found that the so called `phishing susceptibility' (i.e., the likelihood of being phished) is closely correlated with the individuals' personality traits. In particular, the relations between phishing susceptibility and Big Five personality traits have been analyzed via empirical studies in diverse domains. However, little prior work has proposed a mathematical model investigating the effect of an individual's personality traits on perceived trust or risk and decision performance. This work proposes a probability model using Stochastic Petri Nets in order to examine the effect of an individual human's personality traits on perceived trust and risk, and decision performance. Our results show that agreeableness and neuroticism have significant effect on perceived trust and risk, and decision performance particularly when openness and conscientiousness is very low. The developed mathematical model can be applied to predict what personality profiles in an organization are more exposed to social engineering, suggesting customized security training scenarios.