Abstract- Organizational Characteristics Associated with Vulnerability to Social Engineering Deception: A Qualitative Analysis of Target Selection and Perceived Susceptibility

Organizations are increasingly dependent on technology to facilitate global business networks, handle finances, as well as collect and manage data. Social engineering, the manipulation and deception of individuals to gain access to otherwise secure systems and information, has become a major vector to compromise the information security of organizations. Little research has explored characteristics associated with organizations vulnerable to social engineering, particularly from the perspective of perpetrators.  To address this gap, the current study uses a qualitative, grounded theory-based approach to analyze interviews with both professional and non-professional social engineers (n=37). Results reveals six themes which address various traits participants associated with organizations vulnerable to social engineering that concern an organization’s value, structural controls, organizational efficacy, openness, size, and purpose. This study concludes by exploring directions for future research and policy implications.