Factors Affecting Employees’ Susceptibility to Cyber Attacks

Forthcoming in Journal of Information Systems

66 Pages Posted: 29 Apr 2022

See all articles by J. Efrim Boritz

J. Efrim Boritz

University of Waterloo - School of Accounting and Finance

Chan Ge

University of Waterloo - University of Waterloo, Faculty of Arts, School of Accounting and Finance, Students

Katharine Patterson

WU Vienna University of Economics and Business

Date Written: April 13, 2022

Abstract

We examine factors associated with employees’ susceptibility to phishing attacks in a
professional services firm and a financial services firm (bank). We measure three dimensions of
suspicion (skepticism, suspicion of hostility, and interpersonal trust), and three cognitive traits
(risk taking propensity, cognitive (inhibitory) control, and social cognition), while controlling for
demographic and work context factors. We find that these traits interact in complex ways in
determining individuals’ susceptibility to phishing attacks. Bank employees are more susceptible
to being phished than professional services firm employees, but within the bank, the employees
with professional certificates are less susceptible to phishing attacks than other bank employees.
Also, employees with self-reported responsibility for cybersecurity are less likely to be phished.
These findings could be used to create a screening tool for identifying which employees are
particularly susceptible to phishing attacks, to tailor training or redesign jobs to counter those
susceptibilities and reduce security risk.

Keywords: Cybersecurity, Phishing, Individual vulnerability, Personality traits, Cognitive traits, Risk-taking propensity, Cognitive (inhibitory) control, Social cognition, BART, STROOP, TASITE, Demographic factors, Work context

Suggested Citation

Boritz, Efrim and Ge, Chan and Patterson, Katharine, Factors Affecting Employees’ Susceptibility to Cyber Attacks (April 13, 2022). Forthcoming in Journal of Information Systems, Available at SSRN: https://ssrn.com/abstract=4088873 or http://dx.doi.org/10.2139/ssrn.4088873

Efrim Boritz (Contact Author)

University of Waterloo - School of Accounting and Finance ( email )

200 University Avenue West
Waterloo, Ontario N2L 3G1 N2L 3G1
Canada
519-888-4567 (Phone)
519-888-7562 (Fax)

Chan Ge

University of Waterloo - University of Waterloo, Faculty of Arts, School of Accounting and Finance, Students ( email )

200 University Avenue West
Waterloo, Ontario N2L 3G1
Canada

Katharine Patterson

WU Vienna University of Economics and Business ( email )

Welthandelsplatz 1, Building D1, 3rd Floor
Vienna, 1020
Austria

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
182
Abstract Views
847
Rank
340,692
PlumX Metrics