 Human behavior in cybersecurity: an opportunity for risk researchThierry Schaltegger, Benjamin Ambuehl, Noah Bosshart, Angela Bearth and Nico Ebert Journal of Risk Research, 2025, vol. 28, issue 8, 843-854 Abstract: In cybersecurity, many serious incidents can be traced back to human behavior, either on the attacker’s or victim’s side. Ransomware attacks are a prime example of a highly effective approach relying on an attacker’s deliberate exploitation of a single human error. Despite decades of research on risk perception and behavior, little has been done to transfer existing insights on human factors to secure individuals and organizations in the digital space. Many foundational concepts central to our research community, such as uncertainty, risk compensation, and risk as affect are still underrepresented in the current cybersecurity discourse. Thus, we shed light on concepts that can address today’s challenges to increase cyber resilience, such as the use of heuristics to detect incidents or mental models to enable target group-oriented risk communication. As a starting point, we formulate research questions that aim to transfer risk frameworks and methodologies to cybersecurity to pave the way for new approaches to cyber risk management, better security tools, and effective security policies. Date: 2025 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:taf:jriskr:v:28:y:2025:i:8:p:843-854 Ordering information: This journal article can be ordered from DOI: 10.1080/13669877.2025.2539109 Access Statistics for this article Journal of Risk Research is currently edited by Bryan MacGregor More articles in Journal of Risk Research from Taylor & Francis Journals |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.