Analysis of User Susceptibility to Email Phishing

In an organization, most employees tend to be unaware of their weakness in terms of cyber security which can affect the whole organization. The personality traits, general life experiences, and technological experience of each employee can influence his/her behavior towards information security attacks. The aim of this study is to assess the characteristics of email users and their behavioral weaknesses in identifying phishing emails, investigate how a person’s life experience affect his/her behavior and decision-making, and determine how technological experience impact the person’s susceptibility or non-susceptibility towards socially engineered threats. Following the quantitative methods of analysis, the findings for both twenty-five (25) IT and twenty-five (25) non-IT respondents showed non-significant correlation of the five personality traits to the user’s susceptibility to phishing attacks. Among the variables, only the technological experience exhibited significant correlation, in which the results involving IT responses showed =-0.834 and p-value < 0.01 and non-IT responses resulted in =0.440 and p-value < 0.03. The regression analysis for both the IT showed statistical significance on the influence of technological experience, with p-value < 0.03, which may improve or reduce their susceptibility to cyber-attacks. The findings of regression analysis with the responses of non-IT participants showed statistical significance of conscientiousness (p-value = 0.05) and technological experience (p-value < 0.01) to the user’s phishing susceptibility. Future research may include cognitive processing and demographics such as age, gender, and culture to assess how these can either increase or reduce susceptibility to cyber threats.