An Interdisciplinary Approach to Tackling the Field of Human Factors in the Cybersecurity of Financial Organizations: Concepts, Strategies and Recommendations
摘要
The paper presents an interdisciplinary approach to tackling cybersecurity related human error in organizations. It follows an interdisciplinary human factor-oriented cybersecurity approach and explores the relevant human behaviour to identify three areas of concern for improving cyber resilience: (1.) human error, (2.) malicious insiders and (3.) legal and ethical threats. Strategies for tackling these areas of concern focus on enhancing knowledge, skills and attitudes on the individual level and shaping relevant (management) contexts at the organizational level. The paper concludes with seven recommendations based on a broad literature review of cybersecurity training (problem-oriented solution behaviour, training customization, multi-channel training regime, building up of motivation to learn, performing skills in trainings, evaluation and assessment mechanisms, integration of management). The conclusion emphasises the value of the interdisciplinary approach to implement ethical considerations and to systematically and measurably address relevant individual and organizational attributes for improved cyber resilience.