Career Paper

Introduction
This review digs into “Perceived Security Risks and Cybersecurity Compliance Attitude:
Role of Personality Traits and Cybersecurity Behavior” by Ghaleb and Sattarov, published in the
International Journal of Cyber Criminology, Volume 19, Issue 1. The main idea here is pretty clear,
who you are (your makeup across the Big Five personality traits) really shapes whether you will
follow cybersecurity rules at work. But it is not just about personality, but perceived security risk
and actual security behavior both play big roles in this equation. That matters a lot because it shifts
the focus in cybersecurity. Instead of just patching technical holes, we have to look at why people
do or do not play by the rules in the first place (Ghaleb and Sattarov 27).

Connection to Social Science Principles
Now, thinking about social science principles, the article stands out for a few reasons. First,
it is all about empiricism. Ghaleb and Sattarov did not just guess or rely on stories; they got hard
numbers from 259 employees and ran stats to prove their points. That is the kind of evidence social
science thrives on.

Determinism is key, too. The researchers’ figure compliance is not random personality,
behavior, and risk perceptions are real drivers. They are basically saying people’s security behavior
follows patterns you can study, not just wild guesses.

Then there’s relativism. Not everyone sees a security threat the same way, and those
differences matter for compliance. That is pretty obvious if you have worked in any organization,
some people worry about risks while others shrug them off. The study also makes sure to stay
objective, using tested scales rather than homemade ones that might skew results. And, honestly,
the article embraces skepticism, it does not take the easy road of blaming “just tech” or “just
awareness.” There is more going on underneath.

Research Question
So, what is the research question? It is straightforward, do the Big Five personality traits
affect employees’ attitudes toward cybersecurity compliance, and how do perceived risks and
behaviors play into that? The authors hypothesize these traits (agreeableness, conscientiousness,
extraversion, neuroticism, openness) directly shape compliance attitudes. Security behavior
mediates that relationship, while perceived risk tweaks how strong the personality effect is (Ghaleb
and Sattarov 30).

In terms of variables, the Big Five traits are the independent variables. The dependent
variable is the compliance attitude, meaning whether employees follow security protocols or not.
Security behavior is the bridge (mediator), while perceived risk is the knob that changes how much
personality matters (moderator). That makes for a pretty sophisticated setup.

Types of Research Methods Used
The researchers went with a quantitative approach. They used structured surveys built from
trusted, previously validated scales. Surveys work well here; they are quick, standardized, and
make comparisons easy. The study is not experimental, nothing was manipulated, just measured.
So we are dealing with real-world personality and risk perceptions, not anything cooked up in a
lab.

Types of Data and Analysis Done
When it comes to data analysis, Structural Equation Modeling (SEM) is center stage, done
with STATA software. SEM is powerful; it lets you look at multiple relationships all at once, like
direct personality effects, mediation via behavior, and moderation through risk. That is exactly
what this study needs. The use of standardized scales probably means the authors checked
reliability in ways researchers always do, like calculating Cronbach’s alpha (Ghaleb and Sattarov
35).

Connections to Course Concepts
Looking back at what we have studied this semester, the article ties closely to Protection
Motivation Theory (PMT). PMT says people react to threats realistically when they believe the
risk is real, and they know their actions can help. In this study, perceived risk works as a moderator,
and people who take threats seriously are more likely to let their personality impact their
compliance.

Social Learning Theory comes into play here. In the workplace, your behavior isn’t just
about your own personality, it really depends on your surroundings. Workers who are more
conscientious or agreeable might start following safe habits just by watching others, or sometimes
they just don’t want to stand out by breaking the rules. And there’s a deterrence to consider. The
threat of getting caught or facing consequences pushes people to comply, right along with how
risky they think the situation is.

Connections to the Concerns
The article doesn’t highlight the marginalized communities directly, but the implications
are there. Employees in lower pay jobs usually do not get much security training. For them,
compliance rests more on personality than knowledge, which really is not fair. Besides that, risk
perceptions and willingness to trust rules often vary across racial, ethnic, and socioeconomic lines,
rooted in history with discrimination or oversight. If risk shapes compliance, but marginalized
groups perceive risk differently, the study misses something by leaving out those demographic
layers. Adding them would have made the research stronger.

Conclusion
Coming to a close, Ghaleb and Sattarov’s study gives cybersecurity research a real boost.
It shows that personality drives compliance, but perceived risk and security behavior matter, too.
That means organizations must look beyond technical fixes; they should factor in the psychology
of their teams when planning security measures. As cyber threats keep growing, understanding
what makes people vulnerable or strong is crucial. This study recommends personalized training
and smart hiring, tuned to individual differences. In the end, the message is clear, cybersecurity is
a people problem just as much as a tech problem, and the tools we need come from social science
as much as IT.

Reference
Ghaleb, M. M. S., & Sattarov, A. (2025). Perceived security risks and cybersecurity compliance
attitude: Role of personality traits and cybersecurity behavior. International Journal of
Cyber Criminology, 19(1), 27–53.
Article Link:
https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/438/124