Skip to main content
Kent Academic Repository

Personality Types and Ransomware Victimisation

Yilmaz, Yagiz, Cetin, Orcun, Grigore, Claudia, Arief, Budi, Hernandez-Castro, Julio (2023) Personality Types and Ransomware Victimisation. Digital Threats: Research and Practice, 4 (4). pp. 1-25. ISSN 2692-1626. E-ISSN 2576-5337. (doi:10.1145/3568994) (KAR id:102123)

Abstract

Ransomware remains one of the most prevalent cyberthreats to individuals and businesses alike. Psychological techniques are often employed by attackers when infecting victims’ devices with ransomware, in an attempt to increase the likelihood of the victims paying the ransom demand. At the same time, cybersecurity researchers are continually putting in effort to find new ways to prevent ransomware infections and victimisation from happening. Since employees and contractors are often considered to be the most frequent and well-known attack vectors, it makes sense to focus on them. Identifying factors to predict the most vulnerable population to cyberattacks can be useful in preventing or mitigating the impact of ransomware attacks. Additionally, understanding victims’ psychological traits can help us devise better solutions to recover from the attack more effectively, while at the same time, encouraging victims not to pay the ransom demand to cybercriminals. In this paper, we investigated the relationship between personality types and ransomware victimisation, in order to understand whether people with certain personality types would be more prone to becoming a ransomware victim or not. We also studied the behavioural and psychological effects of becoming a ransomware victim, in an attempt to see whether such an experience can be used to reinforce positive cybersecurity behaviours in the future. We carried out a survey involving 880 participants, recruited through the Prolific online survey platform. First, these participants were asked to answer a set of standard questions to determine their personality type, using the Big-Five personality trait indicators. They were then asked to answer several follow-up questions regarding victimisation, as well as their feelings and views post-victimisation. We found that 9.55% (n=84) of the participants had been a victim of ransomware. Out of these, 2.38% (n=2) were found to have paid the ransom. We found no compelling evidence to suggest that personality traits would influence ransomware victimisation. In other words, there are no discernible differences regarding potential ransomware victimisation based on people’s personality types alone. Therefore, we should not blame victims for falling prey – in particular, we should not apportion the blame to their personality type. These findings can be used to improve positive cybersecurity behaviours, for example, by encouraging victims to invest more in cybersecurity products and tools. Additionally, our results showed that the aftermath of a ransomware attack could be quite devastating and hard to deal with for many victims. Finally, our research shows that properly dealing with ransomware is a complex socio-technical challenge that requires both technical and psychological support.

Item Type: Article
DOI/Identification number: 10.1145/3568994
Projects: EconoMical, PsycHologicAl and Societal Impact of RanSomware (EMPHASIS)
Additional information: For the purpose of open access, the author has applied a CC BY public copyright licence to any Author Accepted Manuscript version arising from this submission.
Uncontrolled keywords: ransomware, personality types, big-five, victimisation, socio-technical security, user study, cybercrime, cybersecurity behaviours
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Funders: Engineering and Physical Sciences Research Council (https://ror.org/0439y7842)
Depositing User: Budi Arief
Date Deposited: 18 Jul 2023 15:18 UTC
Last Modified: 05 Nov 2024 13:08 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/102123 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.