Abstract
With cybercriminals’ increased attention for human error as attack vector, organisations need to develop strategies to address behavioural risks if they want to keep their organisation secure. The traditional focus on awareness campaigns does not seem suitable for this goal and other avenues of applying the behavioural sciences to this field need to be explored. This paper outlines a five-step approach to developing a behavioural cybersecurity strategy to address this issue. The five steps consist of first deciding whether a solely technical solution is feasible before turning to nudging and affordances, cybersecurity training, and behavioural change campaigns for specific behaviours. The final step is to develop and implement a feedback loop that is used to assess the effectiveness of the strategy and inform organisations about next steps that can be taken. Beyond outlining the five-step approach, a research agenda is discussed aimed at strengthening each of the five steps and helping organisations in becoming more cybersecure by implementing a behavioural cybersecurity strategy.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call