This research-in-progress project seeks to explain persistent user resistance to security behavior from a biological perspective using the behavioral genetics paradigm. A synthesis of current literature on deception detection, cognitive neuroscience, decision making, and fraud victimization suggests that there may potentially be genetic basis for user susceptibility to security risks such as phishing scams. An ongoing study is being conducted to estimate the heritability of behavioral security by comparing correlation between 143 pairs of monozygotic (MZ) twins and that between 51 pairs of same-sex dyzygotic (DZ) twins. Zygosity of the twin pairs serves as the primary independent variable in the behavioral genetics analysis. Online security settings on the social media site Facebook and behavioral responses to simulated phishing scams are being collected as dependent measures of security behavior. Data have also been collected on potential mediating factors, such as personality traits, risk propensity, information technology usage, and protection motivation. By employing twin design, the classic methodology of behavioral genetics research, this study will be among the first to unpack the genetic versus environmental determinants of individual differences in behavioral security. Implications will be discussed with respect to security research as well as managerial practices.