Does security attitude really predict susceptibility to persuasion tactics in social engineering attempts?

Purpose This study aims to investigate whether an individual’s security attitude (SA) predicts susceptibility to persuasion in social engineering (SE) attempts. Design/methodology/approach This paper examined susceptibility to Cialdini’s six principles of persuasion in SE contexts. Three hundred twenty-three participants from the United Kingdom and 329 from Arab Gulf Cooperation Council (GCC) countries were surveyed. Participants were presented with 12 scenarios involving a request to download an app from a member of a social media group, six persuasive scenarios and six neutral counterparts. The six-item security attitude scale (SA-6) measured participants’ attitudes towards security practices. Findings Some positive correlations were found between SA and vulnerability to specific persuasion principles. Regression analyses indicated that SA was a significant predictor of vulnerability. Notably, higher SA was associated with slightly increased vulnerability in all significant models. Practical implications These findings highlight the need for effective strategies to resist SE attacks involving immunity to persuasion tactics. Individuals with higher SAs may be overconfident and underestimating risks. Originality/value The effect of persuasion was uniquely distilled and measured by the difference between the impact of the persuasion scenario and its neutral version, representing a method novelty. Furthermore, it includes a sample from the Arab GCC, an often-neglected population in research. The paper is the first to compare SA, related to security knowledge-seeking and following security recommendations, with psychological immunity to persuasion in a security context.

• Publication year

  2025

• Venue

  Information & Computer Security

• Publication date

  2025-04-01

• Fields of study

  Not labeled

• Identifiers
  DOI 10.1108/ics-11-2024-0280
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Psychological inoculation against problematic social media use among adolescents: An experimental study

  2025cited by this paper
• Do Cialdini's Persuasion Principles Still Influence Trust and Risk-Taking When Social Engineering is Knowingly Possible?

  2024cited by this paper
• Interaction between overconfidence effects and training formats in nurses’ education in hand hygiene

  2024cited by this paper
• It is not only about having good attitudes: factor exploration of the attitudes toward security recommendations

  2024cited by this paper
• Applying attitude theory to determine user security approaches

  2024cited by this paper
• The security mindset: characteristics, development, and consequences

  2023cited by this paper
• Explainability as a Psychological Inoculation: Building Resistance to Digital Persuasion in Online Gambling through Explainable Interfaces

  2023cited by this paper
• Regression and Effect Size

  2023cited by this paper
• Using contextual factors to predict information security overconfidence: A machine learning approach

  2022cited by this paper
• A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

  2022cited by this paper
• It Won’t Happen to Me: Surveying SME Attitudes to Cyber-security

  2022cited by this paper
• Understanding of Human Factors in Cybersecurity: A Systematic Literature Review

  2021cited by this paper
• Response to a phishing attack: persuasion and protection motivation in an organizational context

  2021cited by this paper
• Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods

  2021cited by this paper
• The effects of virtual human's verbal persuasion strategies on user intention and behavior

  2021cited by this paper
• The Susceptibility to Persuasion Strategies Among Arab Muslims: The Role of Culture and Acculturation

  2021cited by this paper
• The effect of persuasive messages on hospital visitors' hand hygiene behavior.

  2020cited by this paper
• How social engineers use persuasion principles during vishing attacks

  2020cited by this paper
• Persuasive Communication of Parents to Establishment Social Intelligence for the Children

  2020cited by this paper
• The relationship between personality traits and susceptibility to social influence

  2019cited by this paper
• A Review of Methods for Evaluating Security Awareness Initiatives

  2019cited by this paper
• A Self-Report Measure of End-User Security Attitudes (SA-6)

  2019cited by this paper
• Introduction to Correlation and Linear Regression Analysis

  2019cited by this paper
• Usefulness of Correlation Analysis

  2019cited by this paper
• Personality profiles and persuasion: An exploratory study investigating the role of the Big-5, Type D personality and the Dark Triad on susceptibility to persuasion

  2019cited by this paper
• The neuroscience of persuasion: A review with an emphasis on issues and opportunities

  2018cited by this paper
• Towards an Automated Recognition System for Chat-based Social Engineering Attacks in Enterprise Environments

  2018cited by this paper
• PERSUASION BASED RECOMMENDATION SYSTEM

  2017cited by this paper
• Social engineering as an attack vector for ransomware

  2017cited by this paper
• Measuring attitude towards personal data for adaptive cybersecurity

  2017cited by this paper
• Implicit Political Attitudes

  2017cited by this paper
• Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes

  2016cited by this paper
• Cultural and psychological factors in cyber-security

  2016cited by this paper
• Reciprocity in Computer–Human Interaction: Source-Based, Norm-Based, and Affect-Based Explanations

  2015cited by this paper
• Implicit Political Attitudes: When, How, Why, With What Effects?

  2014cited by this paper
• Overconfidence, risk perception and the risk-taking behavior of finance professionals

  2014cited by this paper
• Social Psychology: Fourth Edition

  2014cited by this paper
• Assessment of Cybersecurity Knowledge and Behavior: An Anti-phishing Scenario

  2013cited by this paper
• Persuasion in Society

  2011cited by this paper
• Why I am less persuaded than you: People's intuitive understanding of the psychology of persuasion

  2010cited by this paper
• Testing the Value of Customization: When Do Customers Really Prefer Products Tailored to Their Preferences?

  2009cited by this paper
• Assessing the security perceptions of personal Internet users

  2007cited by this paper
• Behavioral response to phishing risk

  2007cited by this paper
• Persuasion online or on paper: a new take on an old issue

  2003cited by this paper
• Dispelling the illusion of invulnerability: the motivations and mechanisms of resistance to persuasion.

  2002cited by this paper
• The Art of Deception: Controlling the Human Element of Security

  2001cited by this paper
• Attitude

  2001cited by this paper
• The Science of PERSUASION.

  2001cited by this paper
• SPSS for Windows Step by Step: A Simple Guide and Reference

  1998cited by this paper
• Measurement Error in Psychological Research: Lessons From 26 Research Scenarios

  1996cited by this paper
• How to Design and Evaluate Research in Education (2nd ed.).

  1993cited by this paper
• Culture and the self: Implications for cognition, emotion, and motivation.

  1991cited by this paper
• The theory of planned behavior

  1991cited by this paper
• The Elaboration Likelihood Model of Persuasion

  1986cited by this paper
• Robustness of the Pearson Correlation against Violations of Assumptions

  1976cited by this paper
• Back-Translation for Cross-Cultural Research

  1970cited by this paper
• Do Personality Traits Really Impact Susceptibility to Persuasion in Social Engineering? A Study Among UK and Arab Samples

  year unknowncited by this paper

• Psychology of Phishing Emails: Quantifying Persuasion Principles and Simulating Detection with Large Language Models

  2026cites this paper
• Cybersecurity in the Arab World: Technological and Socio-Political Dimensions

  2025cites this paper
• Debiasing the Influence of Demographic and Appearance Cues in Social Engineering via Role-Taking: Negative Results

  2025cites this paper