Title: Estimating cyber attack risk from healthcare employee behaviour using a HEXACO machine learning model

Authors: Kenneth David Strang

Addresses: Plaster School of Business, University of the Cumberlands, 6191 College Station Drive, Williamsburg, KY, 40769, USA; Business Analytics Department, W3-Research, Amalie, VI 00802, USA

Abstract: Cyber attack risk is examined by collecting a sample from healthcare business employees using the previously validated six-factor HEXACO personality theory construct from the psychology discipline. Cybercrime theories and studies are reviewed from sociology, criminology and computer science. The research design involved developing a predictive logistic regression model using machine learning. Control variables were added to capture fixed participant demographics. The result was a significant model with 95% classification accuracy, and a 60% McFadden effect size. Two of the six HEXCACO factors predicted cyber attack risk: humility and openness, while none of the control variables had any impact.

Keywords: HEXACO personality theory; cyber attack; cybersecurity; machine learning; employee attributes; healthcare business; psychology.

DOI: 10.1504/IJBCRM.2025.148357

International Journal of Business Continuity and Risk Management, 2025 Vol.15 No.3, pp.234 - 262

Received: 29 Dec 2023
Accepted: 15 Mar 2024
Published online: 02 Sep 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article