Article Review #2: Personality, Perceived Risk, and Cybersecurity Compliance: Psychological Drivers in Organizational Behavior
Jayden Hood
School of Cybersecurity, Old Domain University
CYSE 201S: Cybersecurity and Social Science
Professor Diwakar
November 16, 2025
BLUF/Introduction
Technology is often the scapegoat for cybersecurity failures, but in fact, the study indicates that the biggest security risks are due to human behavior. The paper “Perceived Security Risks and Cybersecurity Compliance Attitude: Role of Personality Traits and Cybersecurity Behaviour” will present the argument that personality traits, perceived risks, and compliance attitudes determine whether individuals or organizations follow the established cybersecurity guidelines. The authors assert that to achieve cybersecurity, it is not just sophisticated technology which is needed but rather understanding the human aspect whereby the psychological and social factors are demonstrated to affect the behavior of users towards safe digital practices.
The present research is based on significant concepts of social sciences that study the interaction of the individual’s characteristics, the social environment they live in, and their motivation to behave either securely or otherwise in the digital world. The authors, through the exploration of research questions, variables, and methodologies, seek to explain the reasons behind the behavior where some individuals take all necessary measures to protect their information while others do not even bother to use the most basic security measures. Moreover, this research could contribute to the understanding of how access to cybersecurity training and resources for different marginalized groups is not equal and that this impacts their compliance with organizational standards negatively. At large, this research meets the needs of society by highlighting the fact that the issues concerning cybersecurity are not only of a technical nature but also of a human one, so there is a need for policies and interventions that consider psychology, behavior, and social context.
Relationship to Social Sciences
The present research paper is mainly grounded on psychology theories along with the major personality traits and behavioral sciences, fusing them together with organizational sociology and the theory of risk perception. While examining the impact of Big Five personality traits on attitudes and behavior in cybersecurity, the authors present the individual differences as social-science constructs. Besides this, the moderating effect of perceived security risk makes use of social-psychological theories regarding risk perception and behavior change. The study adopts a behavioral science perspective; to the authors, cybersecurity is not merely a technical problem but a socio-psychological one.
Research Questions, Hypotheses, and Variables
Research Question(s):
In what ways do the Big Five personality traits impact the employees’ attitudes towards compliance with cybersecurity measures?
Can the actual behavior regarding cybersecurity be seen as a mediator between the personality traits and the compliance attitudes?
Is the perceived security and privacy risk a moderator in the relationship between personality and compliance attitudes?
Hypotheses:
All the Big Five traits are going to follow the same pattern: one trait being each by itself has a great impact on the overall behavior regarding cybersecurity—the impact being agreeableness, conscientiousness, and also extraversion/neuroticism, and openness all together each having a significant impact on the behavior regarding cybersecurity.
The Big Five personality traits have a strong influence on the employees’ attitudes towards compliance with cybersecurity measures.
Cybersecurity behavior acts as a mediator between individual traits and compliance attitude.
H4: Perceived security/privacy risk moderates the relationship between personality traits and cybersecurity behavior.
Independent Variables (IVs):
Big five personality traits: agreeableness, conscientiousness, extraversion, neuroticism, and openness.
Perceived security/privacy risk (moderator)
Dependent Variable (DV):
Cybersecurity compliance attitude.
Mediator:
Cybersecurity behavior.
Research Methods
The research design developed is of quantitative type. It implemented standardized scales that have already been validated in prior studies for the assessment of personality traits, behavior, risk perception, and compliance attitude. The analysis of the direct and indirect effects of the variables was done using structural equation modeling.
Data and Analysis
Data:
The total number of employees who participated in the study was 259, they all belonged to different organizational settings. The collection of data was executed with the help of survey questionnaires that utilized standard scales.
Analysis:
In their research paper, the authors used SEM in STATA to analyze their moderated mediation model:
- Direct links between Big Five personality traits and compliance attitude,
- Indirect links through cybersecurity behavior,
- Perceived risk acted as a moderator on the relationships between traits and behavior and/or attitude.
The authors further provided model fit indices to support their claim that the proposed framework was a good fit, meaning that the measurement and structural model had been correctly specified.
Connection to Concepts from Class PowerPoints
Behavior as a mediator: It was pointed out in the lecture that usually the behaviors are the ones that link the traits or attitudes and results; in this case, cybersecurity behavior mediates the effect of personality traits on attitudes to compliance—which is precisely the behavioral layer we talked about in social-science models.
Perceived risk and decision-making: The theory of risk perception that we were presented with in the class pointed out that the people’s risk attitudes affect their choices. The perceived risk which is the moderating variable of this paper supports this statement: the personality’s influence is different according to people’s perception of the cybersecurity environment’s riskiness.
Personality frameworks: The Big Five personality model was one of the topics discussed in our class; the authors apply it to account for disparity among security behavior and attitudes. This is an easy and straightforward way to apply that psychological theory to the field of cybersecurity.
Relevance to Marginalized Groups and Inequality
Marginalized perspectives:
This paper entails that even though the article does not primarily deal with demographic disparities like those stemming from race, gender, or social class, its conclusions regarding security programs are diversity and inclusion related. For instance, if personality traits were to map out in a different way according to the cultural or social background, then the universal cybersecurity training may not be equally effective across the different demographics.
Challenges:
In case of non-recognition of personality traits, companies unintentionally create an environment in which certain groups get the rewards or the penalties during the implementation of the security compliance programs. For instance, employees who are extroverts or those who perceive the risk to be low might resist the normal measures more, and this could have a disproportionate impact on the engagement or discipline of the particular group.
Contributions:
By aligning personality traits with cyber-security awareness and compliance training, cyber-security organizations may guarantee a more inclusive program. Each employee may be trained according to their specific personality; thus the security message will be adapted to the personality-driven risk perception and behavior of individuals from different social or cultural backgrounds.
Contributions to Society
The present study does a service to society by establishing a link between psychological theory and practical cybersecurity management. The knowledge of personality influencing compliance can lead organizations to come up with more effective and specific security training and interventions.
Moreover, it allows resource distribution in a more efficient manner: rather than going for the one-size-fits-all approach of awareness programs, companies can come up with initiatives tailored to the individuals’ differences, thus, at the same time, maximizing compliance and minimizing human error.
On the whole, this inquiry backs up the idea that cybersecurity is not solely an issue of technology but also one of people. Consequently, it will be easier to deal with the matter via more comprehensive approaches in terms of policy, education, and organizational culture.
Conclusion
To conclude, the research of Ghaleb and Sattarov has been very enlightening regarding the psychological factors behind the compliance of cybersecurity regulations. By demonstrating that personality traits, through their behavioral manifestations, and moderated by risk perception, form negative or positive attitudes towards the following of security rules, the researchers have highlighted that individual differences are playing a crucial role. This situation has very important consequences for the design of more effective and fair cybersecurity programs. Organizations that will manage to incorporate these findings may not only witness a better compliance but also a more sophisticated and humanized approach to the handling of cybersecurity risks.
References
Burch, G. F., Batchelor, J. H., Reid, R., Fezzey, T., & Kelley, C. (2021). The influence of employee personality on information security. ISACA Journal.
Graeff, L., & Ulbrich, F. (2020). Personality profiles that put users at risk of perceiving technostress. Business & Information Systems Engineering, 62(6), 553–570. https://doi.org/10.1007/s12599-020-00668-7
Kennison, S. M., & Chan-Tin, E. (2020). Taking risks with cybersecurity: Using knowledge and personal characteristics to predict self-reported cybersecurity behaviors. Frontiers in Psychology, 11, 546546. https://doi.org/10.3389/fpsyg.2020.546546
Kelley, D. (2018). Investigation of attitudes towards security behaviors. McNair Research Journal, 14(1). https://scholarworks.sjsu.edu/mcnair/vol14/iss1/10