Phishing remains one of the most prevalent cybersecurity threats, yet behavioral research has relied predominantly on Structural Equation Modeling, a method optimized for population-level explanation but limited for individual-level prediction. This study applies a complementary Machine Learning and Explainable AI framework to predict phishing-related email security behavior among 535 university students. Seven supervised classification algorithms were evaluated within a cross-validation pipeline; Random Forest achieved the strongest performance (accuracy = 0.8505; ROC-AUC = 0.920). Explainability techniques including SHAP, LIME, DiCE counterfactual analysis, and SHAP-value clustering revealed that insecure behavior primarily reflects a failure of behavioral activation rather than awareness deficit. Perceived importance emerged as the dominant behavioral driver, while cluster analysis identified four statistically validated behavioral profiles with distinct intervention requirements. These findings challenge information-deficit assumptions underlying conventional awareness programs and demonstrate how predictive modeling can enable personalized, activation-oriented phishing mitigation strategies.
Gwenhure et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: