Free standard shipping on all orders
  • Visa
  • Master Card
  • American Express
  • Apple Pay
  • Google Pay
  • JCB

Human Factors and Cybersecurity: The Psychology of Online Safety and Security book cover

1st Edition

Human Factors and Cybersecurity The Psychology of Online Safety and Security

By Lee Hadlington, Chloe Ryding Copyright 2026
306 Pages 6 B/W Illustrations
by Routledge

306 Pages 6 B/W Illustrations
by Routledge

306 Pages 6 B/W Illustrations
by Routledge
Also available as eBook on:
Human Factors and Cybersecurity examines the intricate interplay between human behaviour and digital security, offering a comprehensive exploration of how psychological, dispositional, and situational factors influence cybersecurity practices. Bringing together information that is both research-informed and practical in nature, the book highlights how human behaviour and decisions can impact... Read more

 

Preface. 7

1       Chapter 1: The Foundations of Cybersecurity. 11

1.0        Abstract 11

1.1        Misplacing information is not something new! 11

1.2        The Development of modern Information Security. 12

1.3        What is this thing you humans call ‘Information Security?’ 13

1.3.2     Is the CIA model still relevant?. 15

1.4        The Origins of Cybersecurity. 16

1.4.1     Defining Cybersecurity. 16

1.5        Cyber-harm.. 19

1.6        Consolidating Cyber and Information Security. 21

1.7        Summary. 23

2       The Insider Threat: Understanding the Risks Within. 24

Abstract 24

2.1        Introduction. 24

2.2        What is an Insider Threat?. 25

2.3        The Accidental or Unintentional Insider Threat 26

2.4        Taxonomical approaches to The Malicious Insider Threat 27

2.5        Psychological Precursors for Malicious Insider Threat 31

2.6        Mitigating the Insider Threat 41

2.7        Summary. 43

3       3. A Human-Centred Approach. 45

Abstract 45

3.1        Examples from the Past 45

3.2        Why Work on Human Factors in Cybersecurity?. 46

3.3        Introducing the Human Factors Approach. 47

3.4        Cybersecurity as a Complex System.. 48

3.5        Applying the Human Factors Approach. 49

3.6        Previous work on Human Factors and Cybersecurity. 52

3.7        Summary. 57

4       The Role of Context and Individual Differences. 59

4.1        Abstract 59

4.2        Introduction. 59

4.3        Psychological Factors. 59

4.3.1     Human Attention. 60

4.3.2     Limits on Attentional Capacity. 61

4.3.3     Memory. 61

4.3.4     Decision Making. 63

4.3.5     Emotion. 65

4.4        Dispositional Factors. 66

4.4.1     Personality. 66

4.4.2     Risk Perception and Risk Taking. 67

4.4.3     Locus of Control 68

4.5        Demographic Factors. 68

4.5.1     Age. 68

4.5.2     Gender 69

4.5.3     Culture. 70

4.6        Fatigue. 71

4.7        Summary. 72

5       When Mistakes Happen. 74

Abstract 74

5.1        Introduction. 74

5.2        What is an Error?. 75

5.3        Understanding the types of Human Error. 76

5.4        The Role of Prior Intent in Errors; Did we really mean to do that?! 77

5.5        Non-Intentional Voluntary Actions. 78

5.6        The Types of Errors that can emerge. 79

5.6.1     Slips. 79

5.6.2     Lapses. 79

5.6.3     Mistakes. 79

5.7        Active versus Latent errors. 81

5.8        Situational Awareness. 82

5.8.1     Endsley’s Three Tier Model for SA. 82

5.8.2     Application to Cybersecurity. 84

5.9        Enhancing SA for Cybersecurity Awareness. 85

5.10      Summary. 87

6       Cognitive Pitfalls and Cybersecurity. 90

Abstract 90

6.1        Introduction. 90

6.2        Type 1: Heuristic or Inductive Processing. 91

6.3        Type 2: Systematic, Deductive Processing. 92

6.4        Heuristics and Biases. 93

6.4.1     Representativeness. 93

6.4.2     Availability Heuristic. 95

6.4.3     Anchoring and Adjustment 96

6.4.4     Recognition. 97

6.4.5     Affect Heuristic. 97

6.5        Cognitive Biases. 98

6.5.1     Optimism Bias. 98

6.5.2     Confirmation Bias. 99

6.5.3     Framing Effect 100

6.5.4     Status Quo Bias. 101

6.5.5     Illusion of Control 102

6.6        How do we deal with Cognitive Biases?. 103

6.7        Summary. 104

7       Decision Making Under Pressure. 106

Abstract 106

7.1        Introduction. 106

7.2        The Theory of Planned Behaviour (TPB, Ajzen, 1985; 1991) 107

7.2.1     Theory of Planned Behaviour and Cybersecurity. 108

7.3        Protection Motivation Theory (PMT) 109

7.3.1     Threat Appraisal 110

7.3.2     Coping Appraisals. 110

7.3.3     PMT and Cybersecurity. 110

7.4        Technology Theat Avoidance Theory (TTAT) 112

7.4.1     TTAT and Cybersecurity. 113

7.5        General Deterrence Theory. 113

7.5.1     GDT and Cybersecurity Awareness. 114

7.6        Neutralisation Theory. 115

7.6.1     Neutralisation theory and Cybersecurity. 117

7.7        Which theory is best?. 118

7.8        Summary. 122

8       Assessing Cybersecurity Awareness. 123

Abstract 123

8.1        Introduction. 123

8.2        Self-report measures. 124

8.2.1     The Security Behaviour Intentions Scale (SeBIS) 126

8.2.2     Summary of self-report methods. 130

8.3        Qualitative methods. 131

8.3.1     Interviews and focus groups. 132

8.4        Other methods – simulations and games. 134

8.5        Summary. 137

9       Personality and Workplace Cybersecurity. 138

Abstract 138

9.1        Introduction. 138

9.2        Personality Traits. 139

9.2.1     Openness to Experience. 139

9.2.2     Neuroticism.. 140

9.2.3     Agreeableness. 141

9.2.4     Conscientiousness. 141

9.2.5     Extraversion. 141

9.3        Personality and Counterproductive work behaviours. 142

9.4        Dark Triad and Cybersecurity. 143

9.4.1     Machiavellianism.. 143

9.4.2     Narcissism.. 144

9.4.3     Psychopathy. 144

9.5        The Dark Triad and Counterproductive Work Behaviours. 145

9.6        How Relevant are Personality factors in Cybersecurity?. 145

9.6.1     Additional Considerations. 146

9.7        Summary. 147

10         Cultural Influences on Cybersecurity Practices. 148

Abstract 148

10.1      Introduction. 148

10.2      National Culture. 148

10.3      National Culture and Trust 152

10.4      National Culture and Risk Perception. 153

10.5      Culture and Information Security Awareness. 157

10.6      Organisational Culture. 159

10.7      Defining Cybersecurity Culture. 161

10.8      Summary. 165

11         Counterproductive Work Behaviour and Cybersecurity. 167

11.1      Introduction. 167

11.2      Counterproductive Work Behaviours. 167

11.3      Cyber-Counterproductive Work Behaviours (C-CWB). 168

11.4      Predictors for Counterproductive Work Behaviours. 170

11.4.1        Boredom.. 170

11.4.2        Workplace stress. 172

11.4.3        Job Attitudes. 174

11.4.4        Social Norms. 174

11.4.5        Moral Disengagement 175

11.5      Work Locus of Control 178

11.6      Strategies for Dealing with Counterproductive Work Behaviours. 179

11.7      Summary. 180

12         The Dark Side of Technology in the Workplace: Implications for Cybersecurity. 181

Abstract 181

12.1      Introduction. 181

12.2      Technostress. 182

12.2.1        Technostress and Cybersecurity Fatigue. 184

12.2.2        Mitigating Technostress and Cybersecurity Fatigue. 186

12.3      Multitasking. 187

12.3.1        Multitasking and Cybersecurity. 188

12.4      Interruptions. 189

12.4.1        Interruptions and Cybersecurity. 190

12.5      Internet Addiction. 191

12.6      The Social Media Paradox and the Fear of Missing Out (FoMO) 192

12.7      Cyberloafing. 193

12.7.1        Cyberloafing – Surely it does not impact Cybersecurity. 194

12.7.2        Mitigation strategies for Cyberloafing. 195

12.8      Summary. 196

13         The Psychology of Cybercrime. 198

13.1      Abstract 198

13.2      Introduction. 198

13.3      The Psychological Foundations of Cybercrime. 198

13.4      Cognitive Biases and Heuristics in Cybercrime. 199

13.5      Influence and Persuasion. 200

13.5.1        Authority. 200

13.5.2        Social proof. 202

13.5.3        Conformity and Social Proof. 203

13.5.4        Liking/similarity. 204

13.5.5        Commitment and consistency. 205

13.5.6        Scarcity. 206

13.5.7        Reciprocation. 207

13.6      Social Engineering. 207

13.7      Marking your Target 208

13.8      Mitigation Strategies. 209

13.9      Summary. 210

14         The Final Frontier. 212

Abstract 212

14.1      Introduction. 212

14.2      Training. 213

14.3      Gamification. 214

14.3.1        Gamification Mechanics. 215

14.3.2        Gamification and Cybersecurity. 215

14.3.3        Barriers to implementation of Gamification. 216

14.4      Behavioural Nudges. 216

14.5      On the Effectiveness of Nudges. 219

14.6      Social and Peer Led learning. 220

14.7      Cybersecurity Awareness Campaigns. 222

14.8      Cybersecurity Judgement and Decision Making. 224

14.9      Summary. 224

15         Index. 226

 

 

Biography

Lee Hadlington is an Associate Professor in Cyberpsychology at Nottingham Trent University. His research focuses directly on aspects of risk and resilience in Cyberspace, with a particular emphasis on susceptibility to cybercrime, fake news and misinformation, cybersecurity, and information security.

Chloe Ryding is a Senior Lecturer in Psychology at Nottingham Trent „University. Her research focuses on on-line behaviour and well-being, with interests in social media use, misinformation and fake news, and cybersecurity.

Add to Cart