Which Individual, Cultural, Organisational And Interventional Factors Explain Phishing Resilience?

We report on the results of an online phishing study, and the factors that predict the ability to resist phishing attacks, which is termed phishing resilience. It is important to understand the factors that predict phishing resilience, because they can be used to develop effective strategies to protect organisational information security. We measured a larger number of individual, cultural, organisational and interventional factors than any previous study. Findings indicate that information security awareness (ISA) is most predictive of phishing resilience, which highlights the importance of security education. Results also suggest that older participants are less susceptible to phishing attacks and individuals who are very influenced by social pressure are more susceptible. When people trusted in the infallibility of technical safeguards, such as spam filters, they had lower phishing resilience, whereas people who preferred using a more rational decision making style had higher phishing resilience. These results suggest that teaching people not only how to behave, but also to stop and think before responding to emails, may ensure that they will have the best chance of resisting phishing attacks.