Esdras Diffouo Fopa

Vol. 3,  No. 1, pp. 1-13, Feb.  2026
10.23246/AAIRJ.2026.03.01.01

PDF

This systematic literature review synthesizes existing research on employee susceptibility to social engineering, analyzing psychological, organizational, and professional factors through structured database searches and multi-stage screening. The findings suggest that, within the literature re-viewed, individuals with higher levels of agreeableness, neuroticism, and openness may demon-strate increased vulnerability to phishing. Professionally, employees who lack technical expertise, such as administrative staff and newly hired personnel, appear to be more likely to fall victim to social engineering attacks such as spear phishing. Organizational conditions, including remote work and high workloads, are also associated with reduced social engineering threat awareness, potentially elevating risk. Collectively, these factors indicate that risk may be amplified for indi-viduals in roles like newly hired remote administrative staff who also exhibit traits such as low conscientiousness. The reviewed literature identified remote work, workload, and newcomer status as potential risk amplifiers that interact with personality-based vulnerabilities. In response, we propose a framework for integrating vulnerability assessment into employee onboarding to enable more tailored cybersecurity awareness training aligned with individual and situational risk factors.