Role of Human Factors in Cyber Security Awareness: A Systematic Literature Review
Keywords:
Human factors, cybersecurity awareness, user behavior, security training, social engineering, systematic literature reviewAbstract
Cybersecurity is often perceived solely as a technical issue, whereas human factors play a crucial role in determining both vulnerability and resilience to digital threats. This study conducts a Systematic Literature Review (SLR) to explore the relationship between user behavior, cybersecurity awareness, and the effectiveness of training in shaping adaptive defensive behavior. The findings indicate that factors such as self-efficacy, prior experience, and decision-making styles influence an individual's ability to recognize and respond to threats such as phishing and social engineering. Theoretical frameworks such as Protection Motivation Theory (PMT), Technology Threat Avoidance Theory (TTAT), and the Heuristic-Systematic Model (HSM) are employed to understand the cognitive processes underlying security behavior. However, gaps remain, including the underrepresentation of specific user groups, the lack of contextualized training approaches, and the insufficient integration of behavioral aspects in information security standards such as ISO/IEC 27001:2022. This review emphasizes the need for a holistic approach that combines technology, education, and a deep understanding of human factors as a foundation for building a resilient and sustainable cybersecurity ecosystem.
References
K. Khadka and A. B. Ullah, "Human factors in cybersecurity: an interdisciplinary review and framework proposal," International Journal of Information Security, vol. 24, no. 119, 2025.
R. A. M. Lahcen, B. Caulkins, R. Mohapatra, and M. Kumar, "Review and insight on the behavioral aspects of cybersecurity," Cybersecurity, vol. 3, no. 10, 2020.
M. de Bruin, "Individual and Contextual Variables of Cyber Security Behaviour: An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour," Master's thesis, University of London, 2022.
A. A. Moustafa, A. Bello, and A. Maurushat, "The Role of User Behaviour in Improving Cyber Security Management," Frontiers in Psychology, vol. 12, no. 561011, 2021.
D. Sturman, J. C. Auton, and B. W. Morrison, "Security awareness, decision style, knowledge, and phishing email detection: Moderated mediation analyses," Computers & Security, vol. 148, p. 104129, 2025.
M. Bada, A. M. Sasse, and J. R. C. Nurse, "Cyber Security Awareness Campaigns: Why do they fail to change behaviour?," n.d.
A. Pollini et al., "Leveraging human factors in cybersecurity: an integrated methodological approach," Cognition, Technology & Work, vol. 24, pp. 371–390, 2022.
J. K. Canfil, "The illogic of plausible deniability: why proxy conflict in cyberspace may no longer pay," Journal of Cybersecurity, vol. 8, no. 1, pp. 1–16, 2022.
Z. Przymus, K. Małagocka, and K. Przybyszewski, "The human factor in cybersecurity: from risk profiles to resilience," Procedia Computer Science, vol. 246, pp. 1437–1445, 2024.
A. Almansoori, M. Al-Emran, and K. Shaalan, "Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories," Applied Sciences, vol. 13, no. 5700, 2023.
H. Qalby, G. Y. Hariyanto, D. T. Utomo, and R. Kartono, "The Influence of Cybersecurity Protection Behavior: Employees of Big Four Account Firm Companies," Jurnal Impresi Indonesia (JII), 2025.
S. Kuraku, D. Kalla, N. Smith, and F. Samaah, "Exploring How User Behavior Shapes Cybersecurity Awareness in the Face of Phishing Attacks," International Journal of Computer Trends and Technology, vol. 71, no. 11, pp. 74–79, 2023.
C. Mouwers-Singh and T. B. Musikavanhu, "A Narrative Review on Enhancing Cybersecurity in Higher Education Institutions: The Role of Continuous Training and Awareness," Expert Journal of Business and Management, vol. 12, no. 2, pp. 67–73, 2024.
H. Taherdoost, "A Critical Review on Cybersecurity Awareness Frameworks and Training Models," Procedia Computer Science, vol. 235, pp. 1649–1663, 2024.
N. D. Chandrashekar, A. Lee, M. Azab, and D. Gracanin, "Understanding User Behavior for Enhancing Cybersecurity Training with Immersive Gamified Platforms," Information, vol. 15, no. 814, 2024.
Nurbojatmiko, M. S. Khatami, N. M. Asnadi, and R. Anisyah, "ISO 27001 as Information Security Solution in Society 5.0 Era: Systematic Literature Review," Sinkron: Jurnal dan Penelitian Teknik Informatika, vol. 9, no. 1, 2025.
S. Nifakos et al., "Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review," Sensors, vol. 21, no. 5119, 2021.
A. N. Farida, A. Bakhtiar, and N. M. Rifat, "Analisis Kesadaran Keamanan Informasi Dan Privasi Pada Pengguna Media Sosial Instagram," Seminar Nasional Teknologi Informasi dan Bisnis (SENATIB) 2024, 2024.
Y. Rahmah, W. H. N. Putra, and A. D. Herlambang, "Evaluasi Tingkat Keamanan Informasi pada Dinas Komunikasi dan Informatika Kabupaten Mojokerto dengan Menggunakan Indeks KAMI," Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 4, no. 3, pp. 840–847, 2020.