The field of cybersecurity is traditionally seen as technical; however, recent reports show that most data breaches stem from human error. This underscores the need for organisations to consider employee behaviour when designing cybersecurity strategies. Off-the-shelf solutions and one-time training initiatives are unlikely to succeed in addressing this issue, and evidence-based approaches are essential to foster meaningful behavioural change.

To improve cybersecurity, van Steen advocates for a strategy based on behavioural cybersecurity, which focuses on applying behavioural sciences to enhance cybersecurity for end-users, organisations, and society. The paper presents a five-step plan that goes beyond traditional awareness campaigns, emphasising technical solutions, nudges, targeted training, behaviour-change campaigns, and feedback loops to strengthen organisational cybersecurity.

• cyber crime
• cybersecurity
• human factors
• organisations

Share on Facebook Share on X Share on LinkedIn Share by WhatsApp Share by Mastodon