Does Security Attitude Really Predict Susceptibility to Persuasion Tactics in Social Engineering Attempts?

Abstract

Purpose – This study investigates whether an individual’s security attitude (SA) predicts susceptibility to persuasion in social engineering (SE) attempts. Design/methodology/approach – We examined susceptibility to Cialdini's six principles of persuasion in SE contexts. 323 participants from the United Kingdom and 329 from Arab Gulf Cooperation Countries (Arab GCC) were surveyed. Participants were presented with 12 scenarios involving a request to download an app from a member of a social media group, six persuasive scenarios and six neutral counterparts. The six-item security attitude scale (SA-6) measured participants' attitudes toward security practices. Findings –Some positive correlations were found between SA and vulnerability to specific persuasion principles. Regression analyses indicated that SA was a significant predictor of vulnerability. Notably, higher SA was associated with slightly increased vulnerability in all significant models. Practical Implications – These findings highlight the need for effective strategies to resist SE attacks involving immunity to persuasion tactics. Individuals with higher security attitudes may be overconfident and underestimating risks. Originality – The effect of persuasion was uniquely distilled and measured by the difference between the impact of the persuasion scenario and its neutral version, representing a method novelty. Furthermore, it includes a sample from the Arab GCC, an often-neglected population in research. The paper is the first to compare SA, related to security knowledge-seeking and following security recommendations, with psychological immunity to persuasion in a security context.