Human Factors and Cybersecurity examines the intricate interplay between human behaviour and digital security, offering a comprehensive exploration of how psychological, dispositional, and situational factors influence cybersecurity practices. Bringing together information that is both research-informed and practical in nature, the book highlights how human behaviour and decisions can impact cybersecurity infrastructure. It covers a wide range of topics, including the foundations of cybersecurity, the risks posed by insider threats, and the importance of a human-centered approach. It examines the cognitive pitfalls and decision-making processes that can lead to security breaches and provides strategies for reducing human error. The book also includes case studies and real-world examples of cybersecurity breaches, and practical strategies and guidance for enhancing cybersecurity at an individual and organisational level. Presenting state-of-the-art thinking related to the human factor in the context of cybersecurity, this book offers a clear grounding for researchers, professionals and students alike, and valuable insights for anyone looking to protect against threats in the digital world.

Table of Contents:
Preface. 7 1 Chapter 1: The Foundations of Cybersecurity. 11 1.0 Abstract 11 1.1 Misplacing information is not something new! 11 1.2 The Development of modern Information Security. 12 1.3 What is this thing you humans call ‘Information Security?’ 13 1.3.2 Is the CIA model still relevant?. 15 1.4 The Origins of Cybersecurity. 16 1.4.1 Defining Cybersecurity. 16 1.5 Cyber-harm.. 19 1.6 Consolidating Cyber and Information Security. 21 1.7 Summary. 23 2 The Insider Threat: Understanding the Risks Within. 24 Abstract 24 2.1 Introduction. 24 2.2 What is an Insider Threat?. 25 2.3 The Accidental or Unintentional Insider Threat 26 2.4 Taxonomical approaches to The Malicious Insider Threat 27 2.5 Psychological Precursors for Malicious Insider Threat 31 2.6 Mitigating the Insider Threat 41 2.7 Summary. 43 3 3. A Human-Centred Approach. 45 Abstract 45 3.1 Examples from the Past 45 3.2 Why Work on Human Factors in Cybersecurity?. 46 3.3 Introducing the Human Factors Approach. 47 3.4 Cybersecurity as a Complex System.. 48 3.5 Applying the Human Factors Approach. 49 3.6 Previous work on Human Factors and Cybersecurity. 52 3.7 Summary. 57 4 The Role of Context and Individual Differences. 59 4.1 Abstract 59 4.2 Introduction. 59 4.3 Psychological Factors. 59 4.3.1 Human Attention. 60 4.3.2 Limits on Attentional Capacity. 61 4.3.3 Memory. 61 4.3.4 Decision Making. 63 4.3.5 Emotion. 65 4.4 Dispositional Factors. 66 4.4.1 Personality. 66 4.4.2 Risk Perception and Risk Taking. 67 4.4.3 Locus of Control 68 4.5 Demographic Factors. 68 4.5.1 Age. 68 4.5.2 Gender 69 4.5.3 Culture. 70 4.6 Fatigue. 71 4.7 Summary. 72 5 When Mistakes Happen. 74 Abstract 74 5.1 Introduction. 74 5.2 What is an Error?. 75 5.3 Understanding the types of Human Error. 76 5.4 The Role of Prior Intent in Errors; Did we really mean to do that?! 77 5.5 Non-Intentional Voluntary Actions. 78 5.6 The Types of Errors that can emerge. 79 5.6.1 Slips. 79 5.6.2 Lapses. 79 5.6.3 Mistakes. 79 5.7 Active versus Latent errors. 81 5.8 Situational Awareness. 82 5.8.1 Endsley’s Three Tier Model for SA. 82 5.8.2 Application to Cybersecurity. 84 5.9 Enhancing SA for Cybersecurity Awareness. 85 5.10 Summary. 87 6 Cognitive Pitfalls and Cybersecurity. 90 Abstract 90 6.1 Introduction. 90 6.2 Type 1: Heuristic or Inductive Processing. 91 6.3 Type 2: Systematic, Deductive Processing. 92 6.4 Heuristics and Biases. 93 6.4.1 Representativeness. 93 6.4.2 Availability Heuristic. 95 6.4.3 Anchoring and Adjustment 96 6.4.4 Recognition. 97 6.4.5 Affect Heuristic. 97 6.5 Cognitive Biases. 98 6.5.1 Optimism Bias. 98 6.5.2 Confirmation Bias. 99 6.5.3 Framing Effect 100 6.5.4 Status Quo Bias. 101 6.5.5 Illusion of Control 102 6.6 How do we deal with Cognitive Biases?. 103 6.7 Summary. 104 7 Decision Making Under Pressure. 106 Abstract 106 7.1 Introduction. 106 7.2 The Theory of Planned Behaviour (TPB, Ajzen, 1985; 1991) 107 7.2.1 Theory of Planned Behaviour and Cybersecurity. 108 7.3 Protection Motivation Theory (PMT) 109 7.3.1 Threat Appraisal 110 7.3.2 Coping Appraisals. 110 7.3.3 PMT and Cybersecurity. 110 7.4 Technology Theat Avoidance Theory (TTAT) 112 7.4.1 TTAT and Cybersecurity. 113 7.5 General Deterrence Theory. 113 7.5.1 GDT and Cybersecurity Awareness. 114 7.6 Neutralisation Theory. 115 7.6.1 Neutralisation theory and Cybersecurity. 117 7.7 Which theory is best?. 118 7.8 Summary. 122 8 Assessing Cybersecurity Awareness. 123 Abstract 123 8.1 Introduction. 123 8.2 Self-report measures. 124 8.2.1 The Security Behaviour Intentions Scale (SeBIS) 126 8.2.2 Summary of self-report methods. 130 8.3 Qualitative methods. 131 8.3.1 Interviews and focus groups. 132 8.4 Other methods – simulations and games. 134 8.5 Summary. 137 9 Personality and Workplace Cybersecurity. 138 Abstract 138 9.1 Introduction. 138 9.2 Personality Traits. 139 9.2.1 Openness to Experience. 139 9.2.2 Neuroticism.. 140 9.2.3 Agreeableness. 141 9.2.4 Conscientiousness. 141 9.2.5 Extraversion. 141 9.3 Personality and Counterproductive work behaviours. 142 9.4 Dark Triad and Cybersecurity. 143 9.4.1 Machiavellianism.. 143 9.4.2 Narcissism.. 144 9.4.3 Psychopathy. 144 9.5 The Dark Triad and Counterproductive Work Behaviours. 145 9.6 How Relevant are Personality factors in Cybersecurity?. 145 9.6.1 Additional Considerations. 146 9.7 Summary. 147 10 Cultural Influences on Cybersecurity Practices. 148 Abstract 148 10.1 Introduction. 148 10.2 National Culture. 148 10.3 National Culture and Trust 152 10.4 National Culture and Risk Perception. 153 10.5 Culture and Information Security Awareness. 157 10.6 Organisational Culture. 159 10.7 Defining Cybersecurity Culture. 161 10.8 Summary. 165 11 Counterproductive Work Behaviour and Cybersecurity. 167 11.1 Introduction. 167 11.2 Counterproductive Work Behaviours. 167 11.3 Cyber-Counterproductive Work Behaviours (C-CWB). 168 11.4 Predictors for Counterproductive Work Behaviours. 170 11.4.1 Boredom.. 170 11.4.2 Workplace stress. 172 11.4.3 Job Attitudes. 174 11.4.4 Social Norms. 174 11.4.5 Moral Disengagement 175 11.5 Work Locus of Control 178 11.6 Strategies for Dealing with Counterproductive Work Behaviours. 179 11.7 Summary. 180 12 The Dark Side of Technology in the Workplace: Implications for Cybersecurity. 181 Abstract 181 12.1 Introduction. 181 12.2 Technostress. 182 12.2.1 Technostress and Cybersecurity Fatigue. 184 12.2.2 Mitigating Technostress and Cybersecurity Fatigue. 186 12.3 Multitasking. 187 12.3.1 Multitasking and Cybersecurity. 188 12.4 Interruptions. 189 12.4.1 Interruptions and Cybersecurity. 190 12.5 Internet Addiction. 191 12.6 The Social Media Paradox and the Fear of Missing Out (FoMO) 192 12.7 Cyberloafing. 193 12.7.1 Cyberloafing – Surely it does not impact Cybersecurity. 194 12.7.2 Mitigation strategies for Cyberloafing. 195 12.8 Summary. 196 13 The Psychology of Cybercrime. 198 13.1 Abstract 198 13.2 Introduction. 198 13.3 The Psychological Foundations of Cybercrime. 198 13.4 Cognitive Biases and Heuristics in Cybercrime. 199 13.5 Influence and Persuasion. 200 13.5.1 Authority. 200 13.5.2 Social proof. 202 13.5.3 Conformity and Social Proof. 203 13.5.4 Liking/similarity. 204 13.5.5 Commitment and consistency. 205 13.5.6 Scarcity. 206 13.5.7 Reciprocation. 207 13.6 Social Engineering. 207 13.7 Marking your Target 208 13.8 Mitigation Strategies. 209 13.9 Summary. 210 14 The Final Frontier. 212 Abstract 212 14.1 Introduction. 212 14.2 Training. 213 14.3 Gamification. 214 14.3.1 Gamification Mechanics. 215 14.3.2 Gamification and Cybersecurity. 215 14.3.3 Barriers to implementation of Gamification. 216 14.4 Behavioural Nudges. 216 14.5 On the Effectiveness of Nudges. 219 14.6 Social and Peer Led learning. 220 14.7 Cybersecurity Awareness Campaigns. 222 14.8 Cybersecurity Judgement and Decision Making. 224 14.9 Summary. 224 15 Index. 226