Human behavior in cybersecurity: an opportunity for risk research
Saved in:
| Title: | Human behavior in cybersecurity: an opportunity for risk research |
|---|---|
| Authors: | Schaltegger, Thierry, Ambuehl, Benjamin, Bosshart, Noah, Bearth, Angela, Ebert, Nico |
| Source: | Journal of Risk Research. :1-12 |
| Publisher Information: | Informa UK Limited, 2025. |
| Publication Year: | 2025 |
| Subject Terms: | 150: Psychologie, Cybersecurity, Human behavior, Risk research, Uncertainty, 005: Computerprogrammierung, Programme und Daten |
| Description: | In cybersecurity, many serious incidents can be traced back to human behavior, either on the attacker’s or victim’s side. Ransomware attacks are a prime example of a highly effective approach relying on an attacker’s deliberate exploitation of a single human error. Despite decades of research on risk perception and behavior, little has been done to transfer existing insights on human factors to secure individuals and organizations in the digital space. Many foundational concepts central to our research community, such as uncertainty, risk compensation, and risk as affect are still underrepresented in the current cybersecurity discourse. Thus, we shed light on concepts that can address today’s challenges to increase cyber resilience, such as the use of heuristics to detect incidents or mental models to enable target group-oriented risk communication. As a starting point, we formulate research questions that aim to transfer risk frameworks and methodologies to cybersecurity to pave the way for new approaches to cyber risk management, better security tools, and effective security policies. |
| Document Type: | Article |
| Language: | English |
| ISSN: | 1466-4461 1366-9877 |
| DOI: | 10.1080/13669877.2025.2539109 |
| DOI: | 10.21256/zhaw-34043 |
| Rights: | CC BY |
| Accession Number: | edsair.doi.dedup.....7f986f5336e61f3a72900c2bfa28c50b |
| Database: | OpenAIRE |
Full Text Finder 
Nájsť tento článok vo Web of Science | Abstract: | In cybersecurity, many serious incidents can be traced back to human behavior, either on the attacker’s or victim’s side. Ransomware attacks are a prime example of a highly effective approach relying on an attacker’s deliberate exploitation of a single human error. Despite decades of research on risk perception and behavior, little has been done to transfer existing insights on human factors to secure individuals and organizations in the digital space. Many foundational concepts central to our research community, such as uncertainty, risk compensation, and risk as affect are still underrepresented in the current cybersecurity discourse. Thus, we shed light on concepts that can address today’s challenges to increase cyber resilience, such as the use of heuristics to detect incidents or mental models to enable target group-oriented risk communication. As a starting point, we formulate research questions that aim to transfer risk frameworks and methodologies to cybersecurity to pave the way for new approaches to cyber risk management, better security tools, and effective security policies. |
|---|---|
| ISSN: | 14664461 13669877 |
| DOI: | 10.1080/13669877.2025.2539109 |