Cybersecurity Readiness Model Based on Human Factors

Human error is one of the leading causes of data and security breaches, as cybersecurity attackers prey on psychological manipulations to push users into performing unwanted actions or providing information. Humans act as a weak link in cyberattacks, and as a result, organizations are prone to phishing, business email compromise, and malware types of cybersecurity attacks. In this study, we identify the human-centric barriers and success factors that influence an organization's readiness to handle cybersecurity threats. Moreover, we develop a readiness model to help organizations assess and implement security practices for cybersecurity from the human factor perspective. We conducted a multivocal literature review on 120 primary studies to identify human barriers, success factors, and best practices that positively influence cybersecurity. The results show that researchers consider trust, ignorance, and a lack of technological knowledge the significant obstacles, while industry practitioners point to a lack of technological knowledge, negligence, and impulsive or reckless behavior as the primary barriers. On the other hand, knowledge, proactive awareness, and cognitive ability are the most significant success factors from both researchers’ and industry practitioners’ perspectives. We mapped the identified barriers to the CyBOK cybersecurity knowledge areas. Next, we used the identified success factors to develop a cybersecurity readiness model. The readiness model was validated by applying it to a real-world scenario using the case studies approach. This paper provides a knowledge base to develop threat prevention strategies for human factors in cybersecurity and assist organizations in devising approaches to tackle pressing security issues.