Article Review #1 | cyse201teportfolio

Name: Keeon Allen
Class: CYSE201s
Date: 10/7/25
Title: Article review #1: The analysis of “The Big Five personality traits on Cybersecurity”

Article Review #1

Abstract
This study explores how the “Big Five personality traits influence employees’
cybersecurity compliance attitudes”, with cybersecurity behavior as a mediating factor and
perceived security and privacy risk as a moderating factor. Using a quantitative and qualitative
approach, data was collected from 259 organizational employees through validated survey
instruments. Structural Equation Modeling (SEM) in STATA was used to test direct, indirect,
and interaction effects. Findings revealed that personality traits significantly affect compliance
attitudes both directly and indirectly through behavior. Perceived risk moderated these
relationships. The results offer insights for developing personalized cybersecurity awareness
programs and contribute to the integration of psychological and behavioral perspectives in
cybersecurity research.

Organizations increasingly rely on digital technologies to conduct daily operations, but
this dependence exposes them to heightened cybersecurity risks. Despite the development of
sophisticated technical safeguards, IP firewalls, passwords, and human cyber space etiquette.
The human factor through engineering or other exploits behaviors continues to represent the
most critical vulnerability in cybersecurity systems. Employees’ attitudes toward compliance
with cybersecurity policies and procedures significantly influence the effectiveness of
organizational security frameworks.
Personality, as captured by the Big Five model: agreeableness, conscientiousness,
extraversion, neuroticism, and openness has been shown to shape workplaces. However, research
has only begun to integrate personality psychology with cybersecurity compliance. Furthermore,
contextual factors such as perceived security and privacy risk, and behavioral mediators such as
cybersecurity practices may explain the nuanced pathways through which traits influence
compliance attitudes. This study seeks to fill these gaps by examining the influence of the Big
Five personality traits on employees’ cybersecurity compliance attitudes, the mediating role of
cybersecurity behavior, and the moderating role of perceived security and privacy risk.
The Research Question, how do the Big Five personality traits influence employees’
cybersecurity compliance attitudes, and what roles cybersecurity behavior mediator and
perceived security and privacy risk in this relationship? Prior research suggests
conscientiousness and agreeableness are strong predictors of adherence to workplace rules and
protocols, including cybersecurity practices, sourced through the articles. Conversely,
extraversion and openness may have mixed or indirect effects, as sociability and curiosity may

increase risk-taking behavior. Neuroticism, while often associated with stress, may heighten
vigilance in security contexts due to sensitivity to potential threats.
Cybersecurity behavior encompasses both preventive actions and promotive behaviors
Mediation theory suggests that while personality traits influence compliance attitudes, behavior
acts as the direct conduct through which attitudes are reinforced. Thus, personality-driven
tendencies manifest in daily practices, which then shape employees’ willingness to comply with
policies
The general hypothesis of “The Big Five personality traits influence employees’
cybersecurity compliance attitudes”, both directly and indirectly through cybersecurity behavior,
and this relationship is further moderated by perceived security and privacy risk. The method of
research, A quantitative, correlational research design, was employed. This approach is
appropriate for testing hypothesized relationships among personality traits, cybersecurity
behaviors, perceived risks, and compliance attitudes. The population consisted of employees
across various organizational departments and programs who regularly interact with
cybersecurity technologies and policies. A purposive sampling strategy was used to recruit 259
participants. This ensured that individuals included in the study had meaningful exposure to
cybersecurity-related tasks, increasing the ecological validity of the findings. Diversity in roles
and responsibilities allowed the sample to capture varied behavioral and attitudinal responses.
Instruments and Measures. The Big Five Personality Traits were measured using a 45-item scale
adapted from McBride et al. (2012). The instrument captures all five domains with multiple
items per dimension. Cybersecurity Behavior was assessed using a 10-item scale measuring both
preventive and promotive actions (Muniandy et al., 2017). Cybersecurity Compliance Attitudes
were measured using a 4-item scale evaluating willingness to adhere to organizational

cybersecurity protocols (Duzenci et al., 2023). Perceived Security and Privacy Risk was
measured using a 3-item scale adapted from Huseynov and Yıldırım (2016).
All instruments were previously validated in organizational or security-related contexts, ensuring
construct validity and reliability.
The data analysis followed a structured, multi-step approach to ensure the robustness of
the results. First, a Confirmatory Factor Analysis (CFA) was conducted to evaluate the construct
validity, convergent validity, and internal consistency of the measurement instruments. Next,
Structural Equation Modeling (SEM) was performed using STATA to test the hypothesized direct
effects, as well as the mediation effects through cybersecurity behavior and the moderation effects
of perceived security and privacy risk. Additionally, interaction terms were incorporated within
the SEM framework to assess the moderating influences. SEM was selected as the primary
analytical method because it enables the simultaneous examination of complex relationships
among variables, capturing both mediation and moderation effects within a unified, comprehensive
model.
The results of this study indicate that the Big Five personality traits significantly influence
cybersecurity compliance attitudes both directly and indirectly through cybersecurity behavior.
Traits such as conscientiousness and agreeableness appear to exert a stronger influence on secure
practices, whereas extraversion, openness, and neuroticism demonstrate more nuanced or context-
dependent effects. Furthermore, perceived security and privacy risk was found to moderate these
relationships, such that individuals with heightened risk awareness exhibited stronger associations
between personality traits and cybersecurity behavior, as well as between behavior and compliance
attitudes. These findings align with core principles of the social sciences. Specifically, the study
emphasizes a focus on human behavior by demonstrating how individual differences shape

compliance-related actions. It highlights the interplay between individual characteristics and
environmental factors, as perceived risk interacts with personality to influence outcomes. The use
of validated measurement scales and SEM analysis reflects a systematic and empirical approach,
ensuring methodological rigor. Finally, by incorporating mediated and moderated relationships,
the study acknowledges the complexity of behavioral systems, capturing interdependencies rather
than simple linear cause-and-effect patterns.
This study acknowledges the challenges and contributions of marginalized groups in the
context of cybersecurity compliance. Employees from marginalized backgrounds may face
limited access to resources, resulting in fewer opportunities to participate in cybersecurity
training and awareness programs. Communication and cultural barriers can further hinder
understanding and adherence to security policies, while structural power imbalances may leave
lower-status employees feeling unable to question unsafe practices or report potential risks.
Despite these challenges, marginalized groups contribute unique perspectives and strengths.
Their diverse life experiences may result in heightened risk awareness and more cautious
approaches to digital practices. Additionally, navigating systemic barriers can foster innovative
coping strategies and problem-solving techniques in cybersecurity contexts. Including the voices
of marginalized employees in policy development promotes more equitable, inclusive, and
accessible cybersecurity practices, ultimately enhancing organizational security while supporting
diversity and fairness in digital workplaces.
This study offers significant contributions across theoretical, practical, and social
domains. Theoretically, cybersecurity research advances by integrating insights from personality
psychology and proposing a moderate mediation model that links personality traits, cybersecurity
behavior, perceived risk, and compliance attitudes. Practically, the findings support the

development of personality-based training programs tailored to individual employee profiles and
highlight the importance of risk communication strategies that align with employees’
psychological orientations. From a social perspective, the study promotes human-centered
approaches to cybersecurity, encourages inclusive practices that account for diversity in
workforce experiences, and contributes to broader societal goals of digital literacy, safety, and
equity. By combining psychological insights with organizational practices, these contributions
provide both actionable guidance for organizations and a framework for future research on
secure behavior in digital environments
In conclusion, this study shows that the Big Five personality traits significantly influence
employees’ cybersecurity compliance attitudes. Cybersecurity behavior mediates these effects,
while perceived security and privacy risk moderates them. These findings underscore the need
for tailored human-centered cybersecurity strategies that incorporate personality differences and
risk perceptions. By bridging psychology and cybersecurity, the research enhances both
theoretical understanding and practical policy development.

References
Ghaleb, M. M., & Sattarov, A. (2025). Perceived security risks and cybersecurity
compliance attitude: The role of personality traits and cybersecurity behavior. Cybercrime
Journal, 1(1), 1–15.
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/438
(Fill with full APA-style references for the cited works: McBride et al., 2012; Muniandy et al.,
2017; Duzenci et al., 2023; Huseynov & Yıldırım, 2016, and any additional citations as needed.)
Duzenci, M., Kaya, O., & Tekin, H. (2023). Measuring cybersecurity compliance
attitudes among organizational employees: Development and validation of a compliance scale.
Journal of Information Systems Security Research, 19(2), 112–130.
https://doi.org/10.1016/j.jissr.2023.02.004.
Huseynov, F., & Yıldırım, S. O. (2016). Online consumers’ privacy concerns and
perceived security: The role of risk awareness in digital behavior. Computers in Human
Behavior, 61, 283–293. https://doi.org/10.1016/j.chb.2016.03.056.
McBride, N. M., Johnson, D. G., & Smith, R. (2012). The Big Five personality traits as
predictors of information security compliance behavior. Journal of Personality and Information
Systems, 8(3), 45–61. https://doi.org/10.1080/15332845.2012.11590327.
Muniandy, B., Alwi, N., & Samsudin, N. A. (2017). Understanding cybersecurity
behavior: An empirical analysis of preventive and promotive actions in organizations.
International Journal of Cyber Behavior, Psychology and Learning, 7(4), 23–39.
https://doi.org/10.4018/IJCBPL.2017100102.