Cyber Security

Does our personality type make us more or less susceptible to phishing and online scams?

According to academic research in this area, the short answer is ‘yes’. The majority of research has used The Big 5 Personality Types to identify different types of Cyber Security behaviour. Although research in this area has slightly conflicting results, there are some general findings that are interesting to note. These are outlined briefly below.

Openness to Experiences

Those who have a greater level of this type have a greater ability to adjust their viewpoints and are therefore better able to review information in emails on the merit of the content itself, rather than on preconceived ideas around either the content or the sender. They are, therefore, better able to identify phishing content. However, they are more likely to reveal personal information about themselves on social media and within online communication.


Are a lot more sociable and more likely to share information with others around phishing scams. They are also more likely to share information about themselves with others and are more likely to have been bored during lockdowns, craving social interaction, so potentially more likely to click on links to help alleviate boredom.


Those high in agreeableness traits are more inclined to want to please others, and try avoid people disliking them. They are, therefore, more susceptible to phishing attacks, as they just want to please others. If the email looks like it comes from an internal department or a supplier/customer, they may want to try be helpful and/or ‘fix’ things.


People who have more of this personality type have an inherent need to believe that others are telling the truth. They also don’t like to upset people, so are likely to fall for phishing scams.


Those who display more of this trait are the least likely to fall for phishing scams. They tend to read content more critically and are more likely to follow training guidelines.

Although generic cyber security training and education is vital within any organisation, to help minimise susceptibility to phishing attacks, training should include how each personality type can be affected differently. This may make individual workers more vigilant towards phishing attacks that they are more susceptible to – based on their dominant personality traits.

Take the Big 5 Personality test and a brief explanation of each:

If you want to take the Big 5 Personality Test to find out more about where you fit within each range, you can find a link below.

Take the test.

Read more about The Big 5 personality types.

A few notes about Personality based Psychometric Tests:

  • Although there are a number of psychometric tests available on the market, a large number of them are complicated to decipher and/or are only commercially available. Researchers, therefore, tend to use The Big 5 personality psychometric test as a standard academic for research.
  • Personality tests can indicate a preference for specific behaviour but should not be used to stigmatise people and categorise them into neat boxes. In all things psychological and behavioural, we are all on a spectrum, and display a unique combination of characteristics to a greater or lesser degree.
  • Personality tests are self-completion questionnaires that people fill in based on how they view their own behaviour. We are generally not very good at understanding our own behaviour. This means that they can give us (like any self-completion questionnaires) an indication of different behavioural types, but should be read and interpreted as such.

If you want to know more about what cybersecurity threats you may encounter, you can read ESET’s T2 2021 Cyber Threat Report.