Human factors in cybersecurity: an interdisciplinary review and framework proposal

Cybersecurity has traditionally been viewed as a technological challenge, but growing evidence emphasizes the pivotal role of human factors in shaping both vulnerabilities and resilience. This survey explores the critical intersection of human behaviour, decision-making, and organizational culture in cybersecurity, highlighting the need for strategies that effectively integrate technical and human-centric approaches. Key findings reveal persistent gaps, such as the underrepresentation of underserved communities, limited exploration of non-digital social engineering, and unresolved ethical challenges in Artificial Intelligence (AI)-driven cybersecurity tools. Additionally, existing frameworks often lack a standardized, implementable framework for assessing cybersecurity culture and fail to address generational and cultural diversity. These gaps underline the urgency of adaptive, inclusive solutions that align human behaviour with technical systems. To address these challenges, the proposed Human-Centric Cybersecurity Framework integrates psychological resilience, adaptive training, socio-technical approach, and ethical AI principles. The framework outlines practical strategies, including gamified learning, emotional intelligence training, and decision-support systems, to enhance cybersecurity awareness, reduce vulnerabilities, and promote organizational compliance. This paper advocates for an interdisciplinary approach to cybersecurity, emphasizing the importance of empowering individuals and fostering a culture of security. By bridging the gap between human and technical factors, it offers actionable insights for researchers and practitioners to build resilient and inclusive cybersecurity ecosystems capable of countering evolving threats.