How psychological type relates to cybersecurity
by John Hackston
It’s very likely that you are reading this article online. Maybe you are at home, maybe you are in an office, maybe you are reading this in a hotel lobby, or a coffee shop or an airport lounge… but how secure are you? How vulnerable are you to cyber-attacks, and in what way does your type relate to your online behaviour? The World Economic Forum has identified data fraud and cyber-attack as major issues facing society, so anything that we can do to avoid becoming a victim should be very useful – not just for ourselves, but for anyone who we connect to online.
With this in mind, The Myers-Briggs Company set out to investigate the links between psychological type and cyber-security attitudes and behaviours. We wanted to develop personality-based guidelines, hints and tips, to help anyone who knew their psychological type to improve their online security. So we sent out a survey, asking people for their best-fit type and also for their answers to questions about cyber-security. We also wanted IT professionals to be aware that people do have differences from each other, and that type is a really useful way of looking at this.
So, what were these results? Well, before I tell you, I’m going to ask you a few questions. Please answer them, just in your head if you like, before you read further:
- Have you experienced phishing or any other cyber-attacks in the last year?
- How about the last month? The last week?
- If you are working for a business, in the public sector or for another organisation, to what extent would you agree with the following statement: “A data breach would be disastrous for my organisation”?
- Do you use a password or passcode to unlock your laptop or tablet?
- Have you occasionally written down a password and left this note next to your computer?
Let’s look at your answers. If you said “no” to the first question, you may be one of the lucky ones. In our survey, two-thirds of respondents said that they had experienced cyber-attacks in the last year. 30% in the last month, and 15% in the last week.
How about “A data breach would be disastrous for my organisation”? If you agreed with that statement, then you were in good company. 82% of our respondents agreed or strongly agreed, with only 8% disagreeing and 10% unsure. In general, our sample showed good security behaviours; almost all used a password or passcode, and very few said that they had occasionally written down a password and left this next to their computer. There were however some common security mistakes; you might want to consider if you do any of the following (until I carried out this research, I certainly did):
- Submitting information to websites without first checking that it will be sent securely
- Assuming that it is safe to access your email on someone else’s computer
- Re-using the same password where you can
- Using the same password at work and at home
- Using the same password for most accounts and apps
- Over-confidence that you won’t be caught out by cyber-attacks
- Assuming that if you have installed all the security updates required by your system administrator, you are 100% safe and don’t need to worry about viruses
- Assuming that if a public network is passworded, it is safe enough to use for sensitive activities (such as online banking)
Although there were some general trends, there were, as we predicted, differences according to type. For example, individuals with preferences for Introversion and Thinking were more likely than others to use their IT knowledge to take care online by checking that sites are secure, checking links before clicking, and verifying attachments before opening, while those with Sensing and Judging preferences were more likely to conscientiously follow IT security rules and processes. Looking at whole type, there were some significant differences in how people with different preferences answered individual questions. For example, most people with ESTJ preferences agreed or strongly agreed with the statement “I have never ignored or contravened any of the security policies of my organisation” but a significant proportion of those with ESTP preferences disagreed or were unsure.
We used these and other findings to put together cyber-security hints and tips for each of the 16 types. For example, many people with my type preferences (INTP) are knowledgeable about cyber-security issues and are well aware that anyone can be caught out by cyber-attacks. However, we do find it difficult to follow security rules and we tend to think we know best, which is not always good news when it comes to cyber-security. You can download the full set of tips, as well as a detailed research report, as PDFs from this page. There is also a copy of the questionnaire, if you want to test yourself!
I hope that this short article has helped you to think a little about your IT security; carrying out the research certainly has made me more careful. Going beyond that, this research is yet another example of how we can apply the lens of type to so many aspects of our everyday lives, and just how useful this framework is. And as we wanted IT professionals to be aware that type is a useful approach to thinking about personalising security advice, it is gratifying that the research has featured in several cyber-security publications and websites.
About the Author
John Hackston is a Chartered Psychologist and Head of Thought Leadership at The Myers-Briggs Company. He has over thirty years of experience in helping clients to use psychometric tests and questionnaires. John carries out research to bring personality assessments, in particular the MBTI, to life, helping practitioners and end users apply the insights they gain both inside and outside work.