Investigating drivers’ responses to cyber-attacks while conducting non-driving related tasks in highly automated vehicles

As automated vehicles (AVs) advance, understanding human factors in cybersecurity incidents is essential to ensuring driver safety and system resilience. While prior research has explored driver responses to cyber-attacks in partially automated (Level 2–3) vehicles, less is known about how drivers in highly automated vehicles respond. In Level 4 automation, drivers are not required to monitor the roadway continuously but may still need to intervene in unforeseen cyber-attack, making re-engagement dynamics fundamentally different from lower levels of automation. This study examines the impact of non-driving-related task (NDRT) engagement and cyber-attack criticality on situation awareness, visual attention, response time, and workload in Level 4 AVs. To this end, forty-five participants drove in a driving simulator with two types of cyber-attack criticality (non-safety-related, and safety-related as within-subjects) and three non-driving related tasks (NDRTs) engagement levels (no, single and dual as between-subjects). Results indicate that drivers engaged in any level of NDRT (Single or Dual) had significantly reduced situation awareness of road conditions and delayed response time and gaze reallocation to critical information after a cyber-attack, particularly in Dual NDRT conditions. Additionally, safety-related cyber-attacks induced greater cognitive workload, suggesting that drivers exert more mental effort when responding to high-risk threats. These findings highlight the unique re-engagement challenges in Level 4 AVs, where drivers must transition from passive engagement in NDRTs to active situation awareness during cybersecurity incidents. The results emphasize the need for human-centered AV cybersecurity systems that optimize alert delivery, minimize cognitive overload, and facilitate rapid driver response to emerging threats in highly automated driving environments.