Human factors in cybersecurity: an interdisciplinary review and framework proposal

48Citations
Citations of this article
366Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Cybersecurity has traditionally been viewed as a technological challenge, but growing evidence emphasizes the pivotal role of human factors in shaping both vulnerabilities and resilience. This survey explores the critical intersection of human behaviour, decision-making, and organizational culture in cybersecurity, highlighting the need for strategies that effectively integrate technical and human-centric approaches. Key findings reveal persistent gaps, such as the underrepresentation of underserved communities, limited exploration of non-digital social engineering, and unresolved ethical challenges in Artificial Intelligence (AI)-driven cybersecurity tools. Additionally, existing frameworks often lack a standardized, implementable framework for assessing cybersecurity culture and fail to address generational and cultural diversity. These gaps underline the urgency of adaptive, inclusive solutions that align human behaviour with technical systems. To address these challenges, the proposed Human-Centric Cybersecurity Framework integrates psychological resilience, adaptive training, socio-technical approach, and ethical AI principles. The framework outlines practical strategies, including gamified learning, emotional intelligence training, and decision-support systems, to enhance cybersecurity awareness, reduce vulnerabilities, and promote organizational compliance. This paper advocates for an interdisciplinary approach to cybersecurity, emphasizing the importance of empowering individuals and fostering a culture of security. By bridging the gap between human and technical factors, it offers actionable insights for researchers and practitioners to build resilient and inclusive cybersecurity ecosystems capable of countering evolving threats.

Cite

CITATION STYLE

APA

Khadka, K., & Ullah, A. B. (2025). Human factors in cybersecurity: an interdisciplinary review and framework proposal. International Journal of Information Security, 24(3). https://doi.org/10.1007/s10207-025-01032-0

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free