How to empower and improve end-users’ cyber security practices

The human element has been found to be a contributing factor in the majority of cyber security incidents, and discussions surrounding human performance in cyber security remain a relevant topic. However, the scientific basis supporting discussion and decision on addressing human sources of risk remains insufficient.

It is also important to acknowledge that human decision-making, situational awareness and flexibility is fundamental to enhanced cyber security resilience. Though defences may be automated, their reliability is always human-mediated. Cyber security is an explicitly socio-technical problem. Human error remains a leading cause of most malicious attacks in cyber security. Other disciplines, such as healthcare, aviation, and defence, have utilised human factors research to reduce and treat risks. In comparison, the cyber security sector lags behind in leveraging human factors.

Our researchers examine the financial, economic, psychological, and sociological aspects that place individuals at risk of cyber security threats and use empirical research methods to support the detection of mal-actors. Our focus is on developing process, training and education interventions rather than simply raising awareness. We specifically research topics such as scams, terrorism, insider threat, propaganda, and misinformation (fake news).”