Human Vulnerability Assessment in Cybersecurity: A Systematic Literature Review of Methods, Models, and Instruments
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel 2026-06-30 16:47 UTCgrok-4.3pith:76BJUH2Zrecord.jsonopen to challenge →
The pith
No methods, models or instruments dynamically assess the full spectrum of human vulnerabilities in cybersecurity.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
The review finds gaps and limitations in current proposed solutions and identifies no methods, models, or instruments that address the entire spectrum of human vulnerabilities dynamically, including both unintentional and intentional dimensions.
What carries the argument
A PRISMA-guided systematic literature review that searches and analyzes published work on conceptual and practical assessment tools for human vulnerabilities.
If this is right
- Research must shift toward holistic tools that evaluate vulnerabilities across multiple dimensions at once rather than in isolation.
- Assessment frameworks need to incorporate dynamic monitoring instead of relying on one-time or static snapshots.
- Future work should examine how human vulnerabilities spread between individuals and across technical systems.
- Development efforts should address both unintentional factors like cognitive biases and intentional ones like insider actions within the same instrument.
Where Pith is reading between the lines
- Combining human vulnerability metrics with traditional technical vulnerability scans could produce integrated security dashboards that update in real time.
- Organizations adopting dynamic human assessments might reduce reliance on periodic training by identifying context-specific risks as they emerge.
- Extending the review's scope to include pre-2017 foundational studies could test whether the identified gaps are recent or longstanding.
Load-bearing premise
The PRISMA-guided search of literature from 2017 to 2025 captures a representative sample of all relevant work on human vulnerability assessment without major omissions or bias in study selection.
What would settle it
Publication or identification of even one method, model, or instrument from 2017 to 2025 that simultaneously and dynamically evaluates the full range of unintentional and intentional human vulnerabilities would falsify the central finding.
Figures
read the original abstract
In cybersecurity, vulnerability assessment has typically focused on identifying and measuring vulnerabilities within digital assets and technical infrastructures. However, there is growing recognition that this approach alone is inadequate without a structured examination of the human factor, which is becoming more frequently targeted and manipulated by cyber adversaries. Human vulnerabilities extend beyond individual susceptibility to cyber threats, encompassing a wide array of psychological, cognitive, behavioral, social, and contextual factors that can, whether unintentionally or intentionally, jeopardize the security and integrity of systems and data. Despite this recognition, human vulnerability assessment remains fragmented, often addressed from a static rather than a dynamic perspective, and with limited focus on the ways it propagates across individuals and systems; a growing body of literature has explored specific facets of the issue, including one-time assessments of security behavior, user awareness, and, to a degree, intentional insider threats and their detection. This research offers a systematic literature review (SLR) of Human Vulnerability Assessment (HVA) in cybersecurity, including methods, models, and instruments proposed for the conceptual or practical assessment of human vulnerabilities across various dimensions. Following the PRISMA framework, this review gathers relevant studies published from 2017 to 2025, aiming to investigate whether any assessment methods, models, or instruments exist that address the entire spectrum of human vulnerabilities dynamically. The findings highlight gaps and limitations in current proposed solutions and identify areas for further investigation regarding holistic assessment that simultaneously and dynamically considers the entire spectrum of both the unintentional and intentional dimensions of human vulnerability.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper presents a PRISMA-guided systematic literature review of methods, models, and instruments for Human Vulnerability Assessment (HVA) in cybersecurity, covering publications from 2017 to 2025. It concludes that existing approaches remain fragmented and predominantly static, with no identified solutions that dynamically address the full spectrum of human vulnerabilities (psychological, cognitive, behavioral, social, and contextual factors, encompassing both unintentional and intentional dimensions), and highlights resulting gaps for future research.
Significance. If the literature search proves exhaustive, the review would usefully map gaps in holistic, dynamic HVA approaches and could steer development of integrated assessment frameworks in cybersecurity human factors. Explicit adherence to the PRISMA framework is a methodological strength that supports reproducibility of the synthesis process.
major comments (2)
- [Methods] Methods section: The manuscript states that it follows the PRISMA framework but provides no explicit search strings, database list, screening counts, PRISMA flow diagram numbers, or inter-rater reliability statistics. These details are required to evaluate whether the 2017–2025 sample is representative and to substantiate the central negative claim that no dynamic holistic HVA methods were found.
- [Abstract and Discussion] Abstract and Discussion: The claim that 'no methods, models, or instruments exist that address the entire spectrum of human vulnerabilities dynamically' is load-bearing on search completeness. The rationale for the 2017 cutoff, any supplementary searches (e.g., reference list checking), and handling of potential omissions are not described, leaving open the possibility that relevant dynamic models were excluded by keyword choice or date restriction.
minor comments (1)
- [Abstract] The abstract would benefit from a brief quantitative statement (e.g., number of studies included after screening) to give readers an immediate sense of review scope.
Simulated Author's Rebuttal
We thank the referee for the constructive feedback on methodological transparency. We address each major comment below and will revise the manuscript to incorporate the requested details.
read point-by-point responses
-
Referee: [Methods] Methods section: The manuscript states that it follows the PRISMA framework but provides no explicit search strings, database list, screening counts, PRISMA flow diagram numbers, or inter-rater reliability statistics. These details are required to evaluate whether the 2017–2025 sample is representative and to substantiate the central negative claim that no dynamic holistic HVA methods were found.
Authors: We agree that these elements are necessary for reproducibility and to substantiate our findings. The original Methods section was summarized at a high level. In the revised manuscript we will add the complete search strings for each database, the full list of databases, exact screening counts, the PRISMA flow diagram with stage-by-stage numbers, and inter-rater reliability statistics. revision: yes
-
Referee: [Abstract and Discussion] Abstract and Discussion: The claim that 'no methods, models, or instruments exist that address the entire spectrum of human vulnerabilities dynamically' is load-bearing on search completeness. The rationale for the 2017 cutoff, any supplementary searches (e.g., reference list checking), and handling of potential omissions are not described, leaving open the possibility that relevant dynamic models were excluded by keyword choice or date restriction.
Authors: We will explicitly state the rationale for the 2017 cutoff (to capture literature after major shifts in human-factors cybersecurity research) in the Methods section. We will also describe supplementary searches including reference-list checking. A new limitations subsection will address potential omissions due to keyword choice or date bounds. We stand by the conclusion that no dynamic holistic methods were identified within the searched corpus, but the added details will enable independent verification. revision: yes
Circularity Check
No circularity: descriptive SLR with no derivations or self-referential predictions
full rationale
The paper is a PRISMA-guided systematic literature review that summarizes existing methods, models, and instruments for human vulnerability assessment. It contains no equations, fitted parameters, predictions derived from inputs, or derivation chains. The central claim (gaps in holistic dynamic HVA) rests on the completeness of the literature search rather than any self-referential construction. No steps match the enumerated circularity patterns.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption The PRISMA framework provides an appropriate and unbiased structure for identifying and synthesizing literature on human vulnerability assessment.
Reference graph
Works this paper leans on
-
[1]
Leveraging human factors in cybersecurity: an inte- grated methodological approach,
A. Pollini, T. C. Callari, A. Tedeschi, D. Ruscio, L. Save, F. Chiarugi, and D. Guerri, “Leveraging human factors in cybersecurity: an inte- grated methodological approach,”Cognition, Technology and Work, vol. 24, pp. 371–390, 5 2022
work page 2022
-
[2]
Human factors in cybersecurity: A scoping review,
T. Rahman, R. Rohan, D. Pal, and P. Kanthamanon, “Human factors in cybersecurity: A scoping review,” inACM International Conference Proceeding Series. Association for Computing Machinery, 6 2021
work page 2021
-
[3]
K. Amoresano and B. Yankson, “Human error - a critical contributing factor to the rise in data breaches: A case study of higher education,” HOLISTICA – Journal of Business and Public Administration, vol. 14, pp. 110–132, 6 2023
work page 2023
-
[4]
Understanding insider threat: A framework for characterising attacks,
J. R. Nurse, O. Buckley, P. A. Legg, M. Goldsmith, S. Creese, G. R. Wright, and M. Whitty, “Understanding insider threat: A framework for characterising attacks,” inProceedings - IEEE Symposium on Security and Privacy, vol. 2014-January. Institute of Electrical and Electronics Engineers Inc., 11 2014, pp. 214–228
work page 2014
-
[5]
Characterizing and measuring maliciousness for cybersecurity risk assessment,
Z. M. King, D. S. Henshel, L. Flora, M. G. Cains, B. Hoffman, and C. Sample, “Characterizing and measuring maliciousness for cybersecurity risk assessment,” 2 2018
work page 2018
-
[6]
Visualizing insider threats: An effective interface for security analytics,
B. Haim, E. Menahem, Y . Wolfsthal, and C. Meenan, “Visualizing insider threats: An effective interface for security analytics,” inInter- national Conference on Intelligent User Interfaces, Proceedings IUI. Association for Computing Machinery, 3 2017, pp. 39–42
work page 2017
-
[7]
D. Papatsaroucha, Y . Nikoloudakis, I. Kefaloukos, E. Pallis, and E. K. Markakis, “A survey on human and personality vulnerability assessment in cyber-security: Challenges, approaches, and open issues,” 2021. [Online]. Available: https://arxiv.org/abs/2106.09986
-
[8]
K. Parsons, A. McCormac, M. Butavicius, M. Pattinson, and C. Jer- ram, “Determining employee awareness using the human aspects of information security questionnaire (hais-q),”Computers and Security, vol. 42, pp. 165–176, 2014
work page 2014
-
[9]
Scaling the security wall : Developing a secu- rity behavior intentions scale (sebis),
S. Egelman and E. Peer, “Scaling the security wall : Developing a secu- rity behavior intentions scale (sebis),” inConference on Human Factors in Computing Systems - Proceedings, vol. 2015-April. Association for Computing Machinery, 4 2015, pp. 2873–2882
work page 2015
-
[10]
A human vulnerability assessment methodology,
A. Cullen and L. Armitage, “A human vulnerability assessment methodology,” inProceedings of the 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). IEEE, 2018
work page 2018
-
[11]
A bayesian multi-armed bandit approach for identifying human vulnerabilities,
E. Miehling, B. Xiao, R. Poovendran, and T. Bas ¸ar, “A bayesian multi-armed bandit approach for identifying human vulnerabilities,” in Decision and Game Theory for Security, L. Bushnell, R. Poovendran, and T. Bas ¸ar, Eds. Springer International Publishing, 2018, pp. 521– 539
work page 2018
-
[12]
M. Alohali, N. Clarke, and S. Furnell, “The design and evaluation of a user-centric information security risk assessment and response framework,”International Journal of Advanced Computer Science and Applications (IJACSA), vol. 9, no. 10, 2018. [Online]. Available: www.ijacsa.thesai.org
work page 2018
-
[13]
User behavior pattern -signature based intrusion detection,
Z. S. Malek, B. Trivedi, and A. Shah, “User behavior pattern -signature based intrusion detection,” in2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), 2020, pp. 549–552
work page 2020
-
[14]
Hos-ml: Socio-technical system adl dedicated to human vulnerability identification,
P. Perrotin, N. Belloir, S. Sadou, D. Hairion, and A. Beugnard, “Hos-ml: Socio-technical system adl dedicated to human vulnerability identification,” inProceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS, vol. 2022- March. Institute of Electrical and Electronics Engineers Inc., 2022, pp. 11–16
work page 2022
-
[15]
The prisma 2020 statement: An updated guideline for reporting systematic reviews,
M. J. Page, J. E. McKenzie, P. M. Bossuyt, I. Boutron, T. C. Hoffmann, C. D. Mulrow, L. Shamseer, J. M. Tetzlaff, E. A. Akl, S. E. Brennan, R. Chou, J. Glanville, J. M. Grimshaw, A. Hr ´objartsson, M. M. Lalu, T. Li, E. W. Loder, E. Mayo-Wilson, S. McDonald, L. A. McGuinness, L. A. Stewart, J. Thomas, A. C. Tricco, V . A. Welch, P. Whiting, and D. Moher, ...
work page 2020
-
[16]
A systematic literature review of how cybersecurity-related behavior has been assessed,
K. Kannelønning and S. K. Katsikas, “A systematic literature review of how cybersecurity-related behavior has been assessed,” pp. 463–477, 10 2023
work page 2023
-
[17]
A systematic literature review of cybersecurity scales assessing information security awareness,
R. Rohan, D. Pal, J. Hautam ¨aki, S. Funilkul, W. Chutimaskul, and H. Thapliyal, “A systematic literature review of cybersecurity scales assessing information security awareness,”Heliyon, vol. 9, 3 2023
work page 2023
-
[18]
Evaluating the human factor in cybersecurity threats (a systematic literature review),
A. Abuiteiwi and S. Escobar, “Evaluating the human factor in cybersecurity threats (a systematic literature review),” Polytechnic University of Valencia, Tech. Rep., 2025. [Online]. Available: https://ssrn.com/abstract=5465433
work page 2025
-
[19]
Human and cognitive factors involved in phishing detection. a literature review,
D. Ar ´evalo, D. Valarezo, W. Fuertes, M. F. Cazares, R. O. Andrade, and M. MacAs, “Human and cognitive factors involved in phishing detection. a literature review,” inProceedings - 2023 Congress in Computer Science, Computer Engineering, and Applied Computing, CSCE 2023. Institute of Electrical and Electronics Engineers Inc., 2023, pp. 608–614
work page 2023
-
[20]
M. S. Tsauri, “Human vulnerabilities to social engineering attacks: A systematic literature review for building a human firewall,”Journal of Applied Informatics and Computing (JAIC), vol. 9, no. 4, 2025. [Online]. Available: http://jurnal.polibatam.ac.id/index.php/JAIC
work page 2025
-
[21]
R. Jabir, J. Le, and C. Nguyen, “Phishing attacks in the age of gener- ative artificial intelligence: A systematic review of human factors,” 8 2025
work page 2025
-
[22]
Exploring the frontiers of cybersecurity behavior: A systematic review of studies and theories,
A. Almansoori, M. Al-Emran, and K. Shaalan, “Exploring the frontiers of cybersecurity behavior: A systematic review of studies and theories,” 5 2023
work page 2023
-
[23]
A systematic review of multi perspectives on human cybersecurity behavior,
R. A. Alsharida, B. A. S. Al-rimy, M. Al-Emran, and A. Zainal, “A systematic review of multi perspectives on human cybersecurity behavior,”Technology in Society, vol. 73, 5 2023
work page 2023
-
[24]
P. Kuppusamy, G. N. Samy, N. Maarop, B. Shanmugam, and S. Perumal, “Information security policy compliance behavior models, theories, and influencing factors: A systematic literature review,” Journal of Theoretical and Applied Information Technology, vol. 15, p. 2022, 2022. [Online]. Available: www.jatit.org
work page 2022
-
[25]
Self-eficacy and security behavior: Results from a systematic review of research methods,
N. Borgert, L. Jansen, I. B ¨ose, J. Friedauer, M. A. Sasse, and M. Elson, “Self-eficacy and security behavior: Results from a systematic review of research methods,” inConference on Human Factors in Computing Systems - Proceedings. Association for Computing Machinery, 5 2024
work page 2024
-
[26]
A systematic literature review : Human factor as insider threat in organizations,
W. Abdallah, “A systematic literature review : Human factor as insider threat in organizations,” Al Quds Open University, Palestine, Research Article/Report, 2023. [Online]. Available: https: //google.academia.edu/JournalofComputerScience
work page 2023
-
[27]
Integrating human factors into insider threat detection – a systematic review,
N. Pathirana, R. Roberts, H. Kalutarage, and C. D. McDermott, “Integrating human factors into insider threat detection – a systematic review,”ACM Computing Surveys, vol. 58, pp. 1–37, 7 2026. [Online]. Available: https://dl.acm.org/doi/10.1145/3798089
-
[28]
M. Nizamuddin, “Investigating the cybersecurity risks of remote work: a systematic literature review of organizational vulnerabilities and mitigation strategies,”International Journal of Information Security, vol. 24, 8 2025
work page 2025
-
[29]
Influence of human factors on cyber security within healthcare organisations: A systematic review,
S. Nifakos, K. Chandramouli, C. K. Nikolaou, P. Papachristou, S. Koch, E. Panaousis, and S. Bonacina, “Influence of human factors on cyber security within healthcare organisations: A systematic review,” 8 2021
work page 2021
-
[30]
Analyzing insider cyber threats and human factors within the framework of agriculture 5.0,
K. Bissadu, G. Hossain, L. P. Velagala, and S. Sonko, “Analyzing insider cyber threats and human factors within the framework of agriculture 5.0,” in12th International Symposium on Digital Forensics and Security, ISDFS 2024. Institute of Electrical and Electronics Engineers Inc., 2024
work page 2024
-
[31]
In- trusion detection with deep learning: A literature review,
B. K. Sedraoui, A. Benmachiche, A. Makhlouf, and C. Chemam, “In- trusion detection with deep learning: A literature review,” inPAIS 2024 - Proceedings: 6th International Conference on Pattern Analysis and Intelligent Systems. Institute of Electrical and Electronics Engineers Inc., 2024
work page 2024
-
[32]
Insider threat detection: A review,
P. Manoharan, J. Yin, H. Wang, Y . Zhang, and W. Ye, “Insider threat detection: A review,” inProceedings - 2024 International Conference on Networking and Network Applications, NaNA 2024. Institute of Electrical and Electronics Engineers Inc., 2024, pp. 147–153
work page 2024
-
[33]
A review: Human factor and cyberse- curity,
A. Abzakh and A. Althunibat, “A review: Human factor and cyberse- curity,” in2023 International Conference on Information Technology: Cybersecurity Challenges for Sustainable Cities, ICIT 2023 - Proceed- ing. Institute of Electrical and Electronics Engineers Inc., 2023, pp. 589–592
work page 2023
-
[34]
Understanding of human factors in cybersecurity: A systematic literature review,
R. Rohan, S. Funilkul, D. Pal, and W. Chutimaskul, “Understanding of human factors in cybersecurity: A systematic literature review,” in2021 International Conference on Computational Performance Evaluation, ComPE 2021. Institute of Electrical and Electronics Engineers Inc., 2021, pp. 133–140. 27
work page 2021
-
[35]
F. Masimba, F. Gumbo, and T. Zuva, “Deciphering the influence of human behavior on cybersecurity risks: An in-depth review of amplification and mitigation factors,” in2025 5th International Multidisciplinary Information Technology and Engineering Conference (IMITEC). IEEE, 11 2025, pp. 1–6. [Online]. Available: https: //ieeexplore.ieee.org/document/11410469/
-
[36]
Towards a human factors ontology for cyber security,
A. Oltramari, D. Henshel, M. Cains, and B. Hoffman, “Towards a human factors ontology for cyber security,” inProceedings of the International Workshop on Semantic Technology for Intelligence, Defense, and Security (STIDS), ser. CEUR Workshop Proceedings. CEUR-WS.org, 2015. [Online]. Available: https://ceur-ws.org/
work page 2015
-
[37]
Human factors in cybersecurity: an in- terdisciplinary review and framework proposal,
K. Khadka and A. B. Ullah, “Human factors in cybersecurity: an in- terdisciplinary review and framework proposal,”International Journal of Information Security, vol. 24, 6 2025
work page 2025
-
[38]
Towards an improved understanding of human factors in cybersecurity,
J. Jeong, J. Mihelcic, G. Oliver, and C. Rudolph, “Towards an improved understanding of human factors in cybersecurity,” inProceedings - 2019 IEEE 5th International Conference on Collaboration and Internet Computing, CIC 2019. Institute of Electrical and Electronics Engineers Inc., 12 2019, pp. 338–345
work page 2019
-
[39]
Trust as a human factor in holistic cyber security risk assessment,
D. Henshel, M. G. Cains, B. Hoffman, and T. Kelley, “Trust as a human factor in holistic cyber security risk assessment,” inProcedia Manufacturing, vol. 3. Elsevier B.V ., 2015, pp. 1117–1124
work page 2015
-
[40]
Integrating cultural factors into human factors framework and ontology for cyber attackers,
D. Henshel, C. Sample, M. Cains, and B. Hoffman, “Integrating cultural factors into human factors framework and ontology for cyber attackers,” inAdvances in Intelligent Systems and Computing, vol. 501. Springer Verlag, 2016, pp. 123–136
work page 2016
-
[41]
Passive- and not active-risk tendencies predict cyber security behav- ior,
I. Arend, A. Shabtai, T. Idan, R. Keinan, and Y . Bereby-Meyer, “Passive- and not active-risk tendencies predict cyber security behav- ior,”Computers and Security, vol. 96, 9 2020
work page 2020
-
[42]
Susceptibility to phishing on social network sites: A personality information processing model,
E. D. Frauenstein and S. Flowerday, “Susceptibility to phishing on social network sites: A personality information processing model,” Computers and Security, vol. 94, 7 2020
work page 2020
-
[43]
M. Ovelg ¨onne, T. Dumitras, B. A. Prakash, V . S. Subrahmanian, and B. Wang, “Understanding the relationship between human behavior and susceptibility to cyber attacks: A data-driven approach,”ACM Transactions on Intelligent Systems and Technology, vol. 8, 2 2017
work page 2017
-
[44]
A psychological profile of defender personality traits,
T. Whalen and C. Gates, “A psychological profile of defender personality traits,” inProceedings of the 2007 New Security Paradigms Workshop (NSPW). ACM, 2007. [Online]. Available: https://dl.acm.org/doi/10.1145/1600110.1600125
-
[45]
User characteristics that influence judgment of social engineering attacks in social networks,
S. M. Albladi and G. R. Weir, “User characteristics that influence judgment of social engineering attacks in social networks,”Human- centric Computing and Information Sciences, vol. 8, 12 2018
work page 2018
-
[46]
Z. Yan, T. Robertson, R. Yan, S. Y . Park, S. Bordoff, Q. Chen, and E. Sprissler, “Finding the weakest links in the weakest link: How well do undergraduate students make cybersecurity judgment?”Computers in Human Behavior, vol. 84, pp. 375–382, 7 2018
work page 2018
-
[47]
Gender difference and employees’ cybersecurity behaviors,
M. Anwar, W. He, I. Ash, X. Yuan, L. Li, and L. Xu, “Gender difference and employees’ cybersecurity behaviors,”Computers in Human Behavior, vol. 69, pp. 437–443, 4 2017
work page 2017
-
[48]
Deriving cyber security risks from human and organizational factors – a socio-technical approach,
T. R. McEvoy and S. J. Kowalski, “Deriving cyber security risks from human and organizational factors – a socio-technical approach,” Complex Systems Informatics and Modeling Quarterly, vol. 2019, pp. 47–64, 2019
work page 2019
-
[49]
R. Orji, A. M. Abdullahi, and K. Oyibo, “Personalizing persuasive technologies: Do gender and age affect susceptibility to persuasive strategies?” inUMAP 2018 - Adjunct Publication of the 26th Confer- ence on User Modeling, Adaptation and Personalization. Association for Computing Machinery, Inc, 7 2018, pp. 329–334
work page 2018
-
[50]
The impact of information security threat awareness on privacy-protective behaviors,
S. Mamonov and R. Benbunan-Fich, “The impact of information security threat awareness on privacy-protective behaviors,”Computers in Human Behavior, vol. 83, pp. 32–44, 6 2018
work page 2018
-
[51]
A. Wiley, A. McCormac, and D. Calic, “More than the individual: Examining the relationship between culture and information security awareness,”Computers and Security, vol. 88, 1 2020
work page 2020
-
[52]
Uncovering susceptibility risk to online deception in aging,
N. C. Ebner, D. M. Ellis, T. Lin, H. A. Rocha, H. Yang, S. Dommaraju, A. Soliman, D. L. Woodard, G. R. Turner, R. N. Spreng, and D. S. Oliveira, “Uncovering susceptibility risk to online deception in aging,” Journals of Gerontology - Series B Psychological Sciences and Social Sciences, vol. 75, pp. 522–533, 2 2020
work page 2020
-
[53]
An examination of the effect of recent phishing encounters on phishing susceptibility,
R. Chen, J. Gaia, and H. R. Rao, “An examination of the effect of recent phishing encounters on phishing susceptibility,”Decision Support Systems, vol. 133, 6 2020
work page 2020
-
[54]
A method for taxonomy development and its application in information systems,
R. C. Nickerson, U. Varshney, and J. Muntermann, “A method for taxonomy development and its application in information systems,” European Journal of Information Systems, vol. 22, pp. 336–359, 2013
work page 2013
-
[55]
Social cognitive theory of personality,
A. Bandura, “Social cognitive theory of personality,”The coherence of personality: Social-cognitive bases of consistency, variability, and organization, pp. 185–241, 1999
work page 1999
-
[56]
Digital human in cybersecurity risk assessment,
A. Jurevi ˇcien˙e, A. Brilingait ˙e, and L. Bukauskas, “Digital human in cybersecurity risk assessment,” inAugmented Cognition, D. D. Schmor- row and C. M. Fidopiastis, Eds. Springer International Publishing, 2021, pp. 418–432
work page 2021
-
[57]
Exploring automation bias in human–ai collaboration: a review and implications for explainable ai,
G. Romeo and D. Conti, “Exploring automation bias in human–ai collaboration: a review and implications for explainable ai,”AI and Society, 1 2025
work page 2025
-
[58]
Human-factor vulnerabilities of automation in socs: A mixed-methods multigroup analysis,
J. Tilbury, S. Flowerday, G. Bott, Y . T. Chua, E. Olson, and B. Foltz, “Human-factor vulnerabilities of automation in socs: A mixed-methods multigroup analysis,”Computers and Security, vol. 166, 7 2026
work page 2026
-
[59]
Artificial intelligence, human vulnerability and multi- level resilience,
S. A. Teo, “Artificial intelligence, human vulnerability and multi- level resilience,”Computer Law & Security Review, vol. 57, p. 106134, 2025. [Online]. Available: https://www.sciencedirect.com/ science/article/pii/S2212473X25000070
work page 2025
-
[60]
Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods,
Z. Wang, H. Zhu, and L. Sun, “Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods,”IEEE Access, vol. 9, pp. 11 895–11 910, 2021
work page 2021
-
[61]
Predicting susceptibility to social influence in phishing emails,
K. Parsons, M. Butavicius, P. Delfabbro, and M. Lillie, “Predicting susceptibility to social influence in phishing emails,”International Journal of Human Computer Studies, vol. 128, pp. 17–26, 8 2019
work page 2019
-
[62]
Social engineering and organisational dependencies in phishing at- tacks,
R. Taib, K. Yu, S. Berkovsky, M. Wiggins, and P. Bayl-Smith, “Social engineering and organisational dependencies in phishing at- tacks,” inHuman-Computer Interaction – INTERACT 2019, D. Lamas, F. Loizides, L. Nacke, H. Petrie, M. Winckler, and P. Zaphiris, Eds. Springer International Publishing, 2019, pp. 564–584
work page 2019
-
[63]
Examining factors impacting the effectiveness of anti-phishing trainings,
A. Sumner, X. Yuan, M. Anwar, and M. McBride, “Examining factors impacting the effectiveness of anti-phishing trainings,”Journal of Computer Information Systems, vol. 62, pp. 975–997, 2022
work page 2022
-
[64]
Human risk factors in cybersecurity,
T. Cuchta, B. Blackwood, T. R. Devine, R. J. Niichel, K. M. Daniels, C. H. Lutjens, S. Maibach, and R. J. Stephenson, “Human risk factors in cybersecurity,” inSIGITE 2019 - Proceedings of the 20th Annual Conference on Information Technology Education. Association for Computing Machinery, Inc, 9 2019, pp. 87–92
work page 2019
-
[65]
Human factors in the cybersecurity of autonomous vehicles: Trends in current research,
V . Linkov, P. Z ´amecn´ık, D. Havl ´ıckov´a, and C. W. Pai, “Human factors in the cybersecurity of autonomous vehicles: Trends in current research,” 2019
work page 2019
-
[66]
V . Shakela and H. Jazri, “Assessment of spear phishing user experience and awareness: An evaluation framework model of spear phishing exposure level (spel) in the namibian financial industry,” in2019 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD), 2019, pp. 1–5
work page 2019
-
[67]
L. Jaeger and A. Eckhardt, “Eyes wide open: The role of situational information security awareness for security-related behaviour,”Infor- mation Systems Journal, vol. 31, pp. 429–472, 5 2021
work page 2021
-
[68]
The social engineering personality frame- work,
S. Uebelacker and S. Quiel, “The social engineering personality frame- work,” inProceedings - 4th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2014 - Co-located with 27th IEEE Computer Security Foundations Symposium, CSF 2014 in the Vienna Summer of Logic 2014. Institute of Electrical and Electronics Engineers Inc., 12 2014, pp. 24–30
work page 2014
-
[69]
Phishing attempts among the dark triad: Patterns of attack and vulnerability,
S. R. Curtis, P. Rajivan, D. N. Jones, and C. Gonzalez, “Phishing attempts among the dark triad: Patterns of attack and vulnerability,” Computers in Human Behavior, vol. 87, pp. 174–182, 10 2018
work page 2018
-
[70]
Effect of personality traits on trust and risk to phishing vulnerability: Modeling and analysis,
J. H. Cho, H. Cam, and A. Oltramari, “Effect of personality traits on trust and risk to phishing vulnerability: Modeling and analysis,” in 2016 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2016. Institute of Electrical and Electronics Engineers Inc., 6 2016, pp. 7–13
work page 2016
-
[71]
Time pressure in human cybersecurity behavior: Theoretical framework and countermea- sures,
N. H. Chowdhury, M. T. Adam, and T. Teubner, “Time pressure in human cybersecurity behavior: Theoretical framework and countermea- sures,”Computers and Security, vol. 97, 10 2020
work page 2020
-
[72]
M. N. AL-Nuaimi, “Human and contextual factors influencing cyber- security in organizations, and implications for higher education insti- tutions: a systematic review,” pp. 1–23, 1 2024
work page 2024
-
[73]
Factors affecting risky cybersecurity behaviors by u.s. workers: An exploratory study,
A. R. Gillam and W. T. Foster, “Factors affecting risky cybersecurity behaviors by u.s. workers: An exploratory study,”Computers in Human Behavior, vol. 108, 7 2020
work page 2020
-
[74]
L. Hadlington, “Human factors in cybersecurity; examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours,”Heliyon, vol. 3, no. 7, p. e00346, 2017
work page 2017
-
[75]
From law to folklore: Work stress and the yerkes-dodson law,
M. Corbett, “From law to folklore: Work stress and the yerkes-dodson law,”Journal of Managerial Psychology, vol. 30, pp. 741–752, 8 2015. 28
work page 2015
-
[76]
Impact of human vulnera- bilities on cybersecurity,
M. Alsharif, S. Mishra, and M. AlShehri, “Impact of human vulnera- bilities on cybersecurity,”Computer Systems Science and Engineering, vol. 40, pp. 1153–1166, 9 2021
work page 2021
-
[77]
B. Hanus, Y . A. Wu, and J. Parrish, “Phish me, phish me not,”Journal of Computer Information Systems, vol. 62, pp. 516–526, 2022
work page 2022
-
[78]
An analysis of phishing emails and how the human vulnerabilities are exploited,
T. Sharma and M. Bashir, “An analysis of phishing emails and how the human vulnerabilities are exploited,” inAdvances in Human Factors in Cybersecurity, I. Corradini, E. Nardelli, and T. Ahram, Eds. Springer International Publishing, 2020, pp. 49–55
work page 2020
-
[79]
A. H. Asfoor, F. A. Rahim, and S. Yussof, “Identifying factors that influence security behaviors relating to phishing attacks susceptibility: A systematic literature review,”Journal of Theoretical and Applied Information Technology, vol. 15, p. 15, 2020. [Online]. Available: www.jatit.org
work page 2020
-
[80]
Short-term and long-term effects of fear appeals in improving compliance with password guide- lines,
F. Mwagwabi, T. McGill, and M. Dixon, “Short-term and long-term effects of fear appeals in improving compliance with password guide- lines,”Communications of the Association for Information Systems, vol. 42, pp. 147–182, 2 2018
work page 2018
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.