Cybersecurity knowledge and behaviors: An exploratory study in Brazil with data mainly from northeast and southeast

Marcelo Henrique Oliveira Henklain; Felipe Leite Lobo; Eduardo Luzeiro Feitosa

doi:10.5753/jbcs.2026.5384

Authors

Marcelo Henrique Oliveira Henklain Federal University of Roraima https://orcid.org/0000-0001-9884-8592
Felipe Leite Lobo Federal University of Roraima https://orcid.org/0000-0002-9716-9384
Eduardo Luzeiro Feitosa Federal University of Amazonas https://orcid.org/0000-0001-6401-3992

DOI:

https://doi.org/10.5753/jbcs.2026.5384

Keywords:

Cybersecurity, Human factors, Personality

Abstract

Research about the importance of the human factor in cybersecurity is scarce. Aiming to contribute, we characterized cybersecurity knowledge and behaviors of internet users, assessing their relationship with the Big Five personality traits (openness, conscientiousness, extraversion, agreeableness, and neuroticism); 329 Brazilians, mostly from the North and the Southeast, participated. We observed higher scores in agreeableness and openness, and lower neuroticism. The knowledge level ranged from "moderate to good" and the frequency of cybersecurity behaviors was moderate. We found some weak evidence of an association between personality traits and cybersecurity knowledge and behavior. Future studies are needed to include a more diverse sample and improved instruments.

Downloads

Download data is not yet available.

References

Alanazi, M., Freeman, M., and Tootell, H. (2022). Exploring the factors that influence the cybersecurity behaviors of young adults. Computers in Human Behavior, 136:1-14. DOI: 10.1016/j.chb.2022.107376.

Aljohani, M., Alruqi, M., Alboqomi, O., and Alqahtani, A. (2020). An experimental study to understand how users choose password. In Proceedings of the 4th International Conference on Future Networks and Distributed Systems (ICFNDS '20), pages 1-5, New York. ACM. DOI: 10.1145/3440749.3442643.

Andrade, J. M. (2008). Evidências de Validade do Inventário dos Cinco Grandes Fatores de Personalidade para o Brasil. PhD thesis, Universidade de Brasília. Available at:[link] Tese de doutorado apresentada ao Programa de Pós-graduação em Psicologia Social, do Trabalho e das Organizações.

Banaco, R. A., Vermes, J. S., Zamignani, D. R., Martone, R. C., and Kovac, R. (2012). Personalidade. In Hübner, M. M. C. and Moreira, M. B., editors, Temas clássicos da psicologia sob a ótica da Análise do Comportamento, pages 144-153. Guanabara Koogan. Book.

Bishop, M., Burley, D., Buck, S., Ekstrom, J. J., Futcher, L., Gibson, D., Hawthorne, E. K., Kaza, S., Levy, Y., Mattord, H., and Parrish, A. (2017). Cybersecurity curricular guidelines. In Bishop, M., Futcher, L., Miloslavskaya, N., and Theocharidou, M., editors, Information Security Education for a Global Digital Society, pages 3-13, Cham. Springer International Publishing. DOI: 10.1007/978-3-319-58553-6_1.

Bošnjak, L., Sreš, J., and Brumen, B. (2018). Brute-force and dictionary attack on hashed real-world passwords. In 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pages 1161-1166, Opatija, Croatia. DOI: 10.23919/MIPRO.2018.8400211.

Cain, A. A., Edwards, M. E., and Still, J. D. (2018). An exploratory study of cyber hygiene behaviors and knowledge. Journal of Information Security and Applications, 42:36-45. DOI: 10.1016/j.jisa.2018.08.002.

da Silva, M. B. F. (2023). Cibersegurança: Uma visão panorâmica sobre a segurança da informação na Internet. Freitas Bastos Editora. Book.

Egelman, S. and Peer, E. (2015). Scaling the security wall: Developing a security behavior intentions scale (sebis). In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15), pages 2873-2882, New York. ACM. DOI: 10.1145/2702123.2702249.

Glory, F. Z., Aftab, A. U., Tremblay-Savard, O., and Mohammed, N. (2019). Strong password generation based on user inputs. In IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 416-423. DOI: 10.1109/IEMCON.2019.8936178.

Gouveia, V. V., Guerra, V. M., Sousa, D. M. F., Santos, W. S., and Costa, J. M. (2009). Escala de desejabilidade social de marlowe-crowne: evidências de sua validade fatorial e consistência interna. Avaliação Psicológica, 8(1):87-98. Available at:[link].

Guilherme, L. P., Ferreira, M. F., Fonseca, G. M., and Lazarin, N. M. (2021). Uma breve noção sobre o comportamento dos internautas em relação à segurança na rede. In Anais da VII Escola Regional de Sistemas de Informação do Rio de Janeiro, pages 1-7. SBC. DOI: 10.5753/ersirj.2021.16972.

Hartwig, K. and Reuter, C. (2021). Nudge or restraint: How do people assess nudging in cybersecurity - a representative study in germany. In Proceedings of the 2021 European Symposium on Usable Security (EuroUSEC '21), pages 141-150. ACM. DOI: 10.1145/3481357.3481514.

Hoepers, C. (2024). A importância dos fatores humanos para a cibersegurança. Computação Brasil, 52:61-66. DOI: 10.5753/compbr.2024.52.4604.

Ji, S., Yang, S., Hu, X., Han, W., Li, Z., and Beyah, R. (2017). Zero-sum password cracking game: A large-scale empirical study on the crackability, correlation, and security of passwords. IEEE Transactions on Dependable and Secure Computing, 14(5):550-564. DOI: 10.1109/TDSC.2015.2481884.

Kennison, S. M. and Chan-Tin, E. (2020). Taking risks with cybersecurity: Using knowledge and personal characteristics to predict self-reported cybersecurity behaviors. Frontiers in Psychology, 11. DOI: 10.3389/fpsyg.2020.546546.

Lin, X., Araujo, F., Taylor, T., Jang, J., and Polakis, J. (2023). Fashion faux pas: Implicit stylistic fingerprints for bypassing browsers' anti-fingerprinting defenses. In IEEE Symposium on Security and Privacy (SP), pages 987-1004, San Francisco, CA, USA. DOI: 10.1109/SP46215.2023.10179437.

Lopes, R., Maciel, B., Soares, D., Figueiredo, L., and Carvalho, M. (2023). Análise e reflexões sobre a diferença de gênero na computação: podemos fazer mais? In Anais do XVII WIT, pages 68-79, Porto Alegre. SBC. DOI: 10.5753/wit.2023.230819.

Mansur-Alves, M. and Saldanha-Silva, R. (2019). Teoria dos cinco fatores de personalidade (tcf): Uma introdução teórico-conceitual e aplicada para avaliação. In Baptista, M. N. e. a., editor, Compêndio de Avaliação Psicológica, pages 507-520. Editora Vozes. Book.

McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., and Pattinson, M. (2017). Individual differences and information security awareness. Computers in Human Behavior, 69:151-156. DOI: 10.1016/j.chb.2016.11.065.

Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., and Zwaans, T. (2017). The human aspects of information security questionnaire (hais-q): Two further validation studies. Computers & Security, 66:40-51. DOI: 10.1016/j.cose.2017.01.004.

Rahman, T., Rohan, R., Pal, D., and Kanthamanon, P. (2021). Human factors in cybersecurity: A scoping review. In Proceedings of the 12th International Conference on Advances in Information Technology (IAIT '21), pages 1-11, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3468784.3468789.

Ruoslahti, H., Coburn, J., Trent, A., and Tikanmäki, I. (2021). Cyber skills gaps – a systematic review of the academic literature. Connections: The Quarterly Journal, 20(2):33-45. DOI: 10.11610/Connections.20.2.04.

Schmitt, D. P., Allik, J., McCrae, R. R., and Benet-Martínez, V. (2007). The geographic distribution of big five personality traits: Patterns and profiles of human self-description across 56 nations. Journal of Cross-Cultural Psychology, 38(2):173-212. DOI: 10.1177/0022022106297299.

Soares, H., Araújo, N., and de Souza, P. (2020). Privacidade e segurança digital: Um estudo sobre a percepção e o comportamento dos usuários sob a perspectiva do paradoxo da privacidade. In Anais do I Workshop sobre as Implicações da Computação na Sociedade, pages 97-106, Porto Alegre. SBC. DOI: 10.5753/wics.2020.11040.

Syafitri, W., Shukur, Z., Mokhtar, U. A., Sulaiman, R., and Ibrahim, M. A. (2022). Social engineering attacks prevention: A systematic literature review. IEEE Access, 10:39325-39343. DOI: 10.1109/access.2022.3162594.

Teles, M., Saraiva, L., Freires, M., Rocha, M., and Marques, A. (2023). Mentoria acadêmica como aliada à integração de alunas de computação no ambiente acadêmico. In Anais do XVII WIT, pages 194-204, Porto Alegre. SBC. DOI: 10.5753/wit.2023.230784.

Švábenský, V., Vykopal, J., and Čeleda, P. (2020). What are cybersecurity education papers about? a systematic literature review of sigcse and iticse conferences. In The 51st ACM Technical Symposium on Computer Science Education (SIGCSE '20). DOI: 10.1145/3328778.3366816.